From Collaborative RCE Tool Library

Jump to: navigation, search

ImpREC

Tool name: ImpREC
Rating: 3.5 (2 votes)
Author: MackT                        
Website: http://www.tuts4you.com/forum/index.php?showtopic=6410
Current version: Official version 1.6 - Unofficial version with misc. fixes 1.7c
Last updated: March 10, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: The world's most famous IAT rebuilder tool.

NOTE:
The last official version from MackT is still 1.6. The 1.7a update is a third-party patched version of 1.6, which contains the following patches:

- Fixed RestoreLastError API set to SetLastError for WinXP/Vista compatibility (MaRKuS_TH-DJM)
- user32.dll is always read from the system, prevents a crash from corrupted PE of user32.dll (MaRKuS_TH-DJM)
- Latest version of psapi.dll (6.0.6000.16386) included
- Fixed Vista64 crash bug (jstorme)
- GUI modified and improved (based upon Fly's modification)
- Updated/corrected plugins and deleted dups

v. 1.7a added the following fixes:

- Misc
- Fixed Win2K crash, AllocConsole was replaced with ActivateActCtx (jstorme)

Because of this, the local download here contains both the last official version 1.6, and the last unofficial patch, 1.7a. In addition to that, it also contains a big bunch of plugins, and also source code for many of these plugins (in all well-known programming languages, which is good for use as templates for new plugins etc).

Changes in Version 1.7b:

- Misc
- Fixed invalid API bug in user32.dll on Windows 98 (jstorme)
- Modified code to improve support for discardable/unreadable sections (jstorme)
- Fixed ImageBase problem with DLL's when "Use PE Header from Disk" is checked (jstorme)
- Added an "ImpREC Classic" looking version

Changes in 1.7c:

- Fixed bug introduced in 1.7b when DLL's have discardable sections (jstorme)
Related URLs:
Library of good ImpREC extensions:
http://www.woodmann.com/collaborative/tools/index.php/Category:ImpREC_Extensions


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/ImpREC"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (172)
   Categorized by Tool Type  (933)
   Anti Anti Test Tools  (14)
   Assemblers  (15)
   Code Coverage Tools  (11)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (4)
   Data Extraction Tools  (18)
   Debuggers  (41)
   Decompilers  (15)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (28)
   Disassemblers  (45)
   Dongle Analysis Tools  (19)
   Exe Analyzers  (30)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (14)
   Hardware Reversing Tools  (19)
   Hex Editors  (11)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (11)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (101)
   Network Tools  (15)
   PE Executable Editors  (77)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (132)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (16)
   Unpacking Tools  (57)
   Automated Unpackers  (27)
   Dump Fixers  (3)
   IAT Restore Tools  (4)
   Memory Dumpers  (16)
   .NET MSIL Dumpers  (1)
   Process Dumpers  (6)
   OEP Finders  (5)
   Needs New Category  (1)