ImpREC

Tool name:

ImpREC

Currently4/5
1
2
3
4
5

Rating: 4.0 (3 votes)

Author:

MackT

Website:

http://www.tuts4you.com/forum/index.php?showtopic=6410

Current version:

Official version 1.6 - Unofficial version with misc. fixes 1.7e

Last updated:

October 1, 2010

Direct D/L link:

Locally archived copy

License type:

Free

Description:

The world's most famous IAT rebuilder tool.

NOTE:
The last official version from MackT is still 1.6. The 1.7a update is a third-party patched version of 1.6, which contains the following patches:

- Fixed RestoreLastError API set to SetLastError for WinXP/Vista compatibility (MaRKuS_TH-DJM)
- user32.dll is always read from the system, prevents a crash from corrupted PE of user32.dll (MaRKuS_TH-DJM)
- Latest version of psapi.dll (6.0.6000.16386) included
- Fixed Vista64 crash bug (jstorme)
- GUI modified and improved (based upon Fly's modification)
- Updated/corrected plugins and deleted dups

v. 1.7a added the following fixes:

- Misc
- Fixed Win2K crash, AllocConsole was replaced with ActivateActCtx (jstorme)

The local download here contains the last unofficial patch, 1.7e. In addition to that, it also contains a big bunch of plugins, and also source code for many of these plugins (in all well-known programming languages, which is good for use as templates for new plugins etc).

Changes in Version 1.7b:

- Misc
- Fixed invalid API bug in user32.dll on Windows 98 (jstorme)
- Modified code to improve support for discardable/unreadable sections (jstorme)
- Fixed ImageBase problem with DLL's when "Use PE Header from Disk" is checked (jstorme)
- Added an "ImpREC Classic" looking version

Changes in 1.7c:

- Fixed bug introduced in 1.7b when DLL's have discardable sections (jstorme)

Changes in 1.7d:

- Misc
- Fixed bug introduced in 1.7b which destroys IAT Autosearch feature in some packed targets, like eXpressor 1.8 (Newbie_Cracker).
- Fixed crash introduced in 1.7b when DLL's PE header has "NO Access" flag (Newbie_Cracker).

Changes in Version v1.7e

- Misc
- Fixed a bug which avoids ImpREC to fix JMP DWORD [...] if it is located at the end of code section (Newbie_Cracker)
( Thanks to Nexus6 for report the bug and provide samples)

Related URLs:

Library of good ImpREC extensions:
http://www.woodmann.com/collaborative/tools/index.php/Category:ImpREC_Extensions

Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/ImpREC"

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Parent Categories: IAT Restore Tools | Process Dumpers