From Collaborative RCE Tool Library

Jump to: navigation, search

IDCDumpFix

Tool name: IDCDumpFix
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://labs.idefense.com/software/malcode.php
Current version:
Last updated:
Direct D/L link: N/A
License type: Free / Open Source
Description: Aids in quick RE of packed applications (including unclean dumps after OEP), where imports may have been destroyed etc.

What you do is execute the malware, dump the running image with i.e. LordPE, attach to the image with OllyDbg and have Olly search for all intermodular calls. Then you copy the table of intermodular calls into IDCDumpfix and have it produce an IDC file which you can apply to the dumped image disassembly. Many addresses and functions will then be identified in the disassembly.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)