From Collaborative RCE Tool Library

Jump to: navigation, search

Universal Import Fixer

Tool name: Universal Import Fixer
Rating: 0.0 (0 votes)
Author: Magic_h2001                        
Website: http://magic.shabgard.org
Current version: 1.2
Last updated: July 6, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: Use this tool for fixing Import Elimination, Directly Imports, Shuffled, Disordered, Scattered and Hashed Imports.

So you can use this tool for changing IAT Base Address and Sorting IATs.

Tested on:

Armadillo
ASProtect
Enigma
ExeCryptor
eXPressor
PeSpin
RlPack
TheMida
WinLicense
HyperUnpackMe

and any protector with Import Elimination, Directly Imports and Hashed Imports.

A Flash tutorial for unpacking eXPressor with Universal Import Fixer is included in the local download package.

Use this tool for fixing Import Elimination, Directly Imports and Shuffled, Disordered, Scattered Imports.

So you can use this tool for changing IAT Base Address and Sorting IATs in New (other) Address.

Tested on:

Armadillo
ASProtect
Enigma
ExeCryptor
eXPressor
PeSpin
RlPack
TheMida
WinLicense

and any protector with Import Elimination, Directly Imports and Shuffled, Disordered, Scattered Imports.

Notes:
======
This tool is an Import Fixer (not Import Rebuilder ImpRec etc) and Just work in memory of target process.

Always first use UIF then Dump target process.

UIF can fix actual APIs, dont use it for fixing Emulated/Redirected APIs to protector's stub.you must use UIF After fixing Magic IAT jump (or use any methods) to convert Emulated/Redirected APIs to Actual APIs.

Samples:

Armadillo : Import Elimination
ASProtect : Directly Imports
Enigma : Shuffled, Disordered, Scattered Imports
ExeCryptor : Scattered Imports in Protector Stub
eXPressor : Directly Imports
PeSpin : Directly, Shuffled, Disordered, Scattered Imports
RlPack : Shuffled, Disordered, Scattered Imports
TheMida : Directly Imports
WinLicense : Directly Imports
Related URLs:
More info and how to use:
http://www.exetools.com/forum/showthread.php?t=11381
Direct download of latest version (unreliable, so don't replace the local copy with this link):
http://magic.shabgard.org/UIF.zip


Screenshot:
Screenshot of Universal Import Fixer


RSS feed Feed containing all updates for this tool.

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Universal_Import_Fixer"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (144)
   Categorized by Tool Type  (835)
   Anti Anti Test Tools  (11)
   Assemblers  (14)
   Code Coverage Tools  (11)
   Code Injection Tools  (31)
   Code Ripping Tools  (1)
   Crypto Tools  (3)
   Data Extraction Tools  (15)
   Debuggers  (36)
   Decompilers  (15)
   Deobfuscation Tools  (9)
   Dependency Analyzer Tools  (5)
   Diff Tools  (27)
   Disassemblers  (38)
   Dongle Analysis Tools  (17)
   Exe Analyzers  (23)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (14)
   Hardware Reversing Tools  (17)
   Hex Editors  (11)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (7)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (84)
   Network Tools  (14)
   PE Executable Editors  (74)
   Packers  (12)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (27)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (4)
   Technical PoC Tools  (5)
   Test and Sandbox Environments  (12)
   Tool Extensions  (124)
   Tool Hiding Tools  (4)
   Tool Signatures  (20)
   Tracers  (13)
   Unpacking Tools  (50)
   Automated Unpackers  (23)
   Dump Fixers  (3)
   IAT Restore Tools  (4)
   Memory Dumpers  (15)
   OEP Finders  (4)
   Needs New Category