The latest version of MackT's Import Reconstructor was released on Tuts 4 You today! It is version 1.7 Final. You will find their listing here:

http://www.tuts4you.com/download.php?view.415

The listing states:

This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).

Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).

Features:

- Imports
- An original tree view
- 2 different methods to find original imports (by IAT and/or API calls)
- A *FULL* complete rebuilder (including a new fresh IAT)

- Loader
- An analyzer and ripper of redirected API code
- An injected loader code to support mix of imports + ripped code in a thunk
- A heuristic relocator

- Tracers
- 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
- A plugin interface to develop your own tracers

- Misc
- Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
- An export renormalizer for Win9x/ME (ala Icedump)
- A built-in coloured disasm/hex-viewer to analyze the redirected code
- A built-in dumper
- Support almost all known antidump tricks


I have updated our CRCETL listing, found here:

http://www.woodmann.com/collaborative/tools/ImpREC

We are maintaining a local copy, which will be available in a few minutes, or you can download the Tool from the Tuts 4 You Website listed above! Available now!



Regards,

Someone has just posted on the Exetools Forum, where I first saw this release notification, the following:

This is just a "complete" version by Teddy Rogers, NOT by MackT, but it contains all the bugfixes (MaRKuS_TH-DJM etc.) since the release of v1.6 and the GUI modification by fly.

dELTA:

Do we want to keep both versions available? I'm making a further note in the CRCETL regarding this version.

Regards,

I have edited the CRCETL entry to contain some more info, and also edited the local copy to contain both the last official version 1.6, and this 1.7 unofficial patch.

Well done! Best of both worlds.

Regards,

Another update to v. 1.7 was released today as v. 1.7a. It now includes additional "bug fixes:"

- Misc
- Fixed Win2K crash, AllocConsole was replaced with ActivateActCtx (jstorme)

I have edited the CRCETL entry and also edited the local copy to contain both the last official version 1.6, and this latest 1.7a unofficial patch.

I removed the previous 1.7 version from our local copy zip file and replaced it with the 1.7a and edited the entry to list and describe the 1.7a version.

Regards,

Version 1.7b released.

Changes in Version 1.7b:



- Misc
- Fixed invalid API bug in user32.dll on Windows 98 (jstorme)
- Modified code to improve support for discardable/unreadable sections (jstorme)
- Fixed ImageBase problem with DLL's when "Use PE Header from Disk" is checked (jstorme)
- Added an "ImpREC Classic" looking version


CRCETL entry updated with notes and local copy of v. 1.7b.

Regards,

version 1.7c Released!

Changes in 1.7c:


Quote:
- Fixed bug introduced in 1.7b when DLL's have discardable sections (jstorme)

CRCETL entry updated with version number, date of last update and local copy of 1.7c.

Regards,