v1.3 ---- - Import Editor - An editbox for entering the name of the API (MSDN-like when using Index) - Loader - Layers Auto Finder (with recursion) - Layers editor (add/modify/remove) - Improved relocations - Multiple modules can cohabit in a same thunk - Direct calls/jumps to any imports in all layers, are rebuilt (for portability) - Tracers - Tracer Level1 - A little stack emulator was implemented (very basic though) - Plugin Tracer - TRACERS LEVEL 2 AND 3 ARE STILL NOT COMPLETE AND THERE JUST FOR EXPERIMENTATION. THEY ARE LAME so use them if YOU ARE BORED AND NOT AFRAID TO CRASH your computer, YOU ARE WARNED. - Misc - Improved IAT scanner + Bug fixed on the invalid IAT size (negative) found by it - DLL's names are now based on their filename and not on their header structure - New ApiHooks and as usual it still is impressive how it gains speed each time! (Thanks to EliCZ again) - Check on overlapped IAT by new imports (when not adding a new section) v1.2 *Final* ------------ - Fixed a little bug when there is only one invalid pointer and loader is activated, the dialogbox for entering interval of ripped data/code didn't appear. - Fixed a bug in showing new import size when it is empty (0x100 instead of 0) - Added error managing in the loader if it can't find a dll or an api. (So its size has grown up a little bit) - Fixed a bug on wrong section table location when loading PE files (YODAAAAA!!!!!! ;-)) (and for all my PE related code too...) - ApiHooks updated again!! Thanks to EliCZ, it's really faster than before... Wow! ;-) - Autotrace (do not expect a miracle from its part). Moreover prepare to crash if you manage to use it because it uses the tracer level2... you are warned!! :-) - Improved Ripper analyzer v1.2 RC1 PRE Release -------------------- - Added a loader against faked APIs in thunks. - Fixed a little bug when loading a tree for the last parameter if it has only one character - Get the invalid pointers in the running process when reloading a tree which contains some - Added a flag for loader in tree text files (still is compatible with v1.2b3 version though) - ApiHooks updated - You can rebuild DLL now by clicking on "Pick DLL" button - I decided to retire my Tracer L3 for the moment because it's too buggy v1.2b3 ------ - Useless but funny, changed icon... thanks to Avl!s :-) - Function is correctly selected when double clicking on it for Editing. - Oops! Where was the and file on previous versions???! :-) - Don't use anymore GetCurrentDirectory for looking for - A little note when launching the first time - TimeOut option for Tracer Level2 and 3 - Fix EP to OEP option when fixing a dump - Options are saved in an INI file - Maintaining "Shift" key for Tracer Level1 shows the Module name in the MessageBox title instead of "huhu" :-) and moreover it shows VA correctly now. - Correct ImageSize in PE Header when adding a new section (Windows 98SE and 2k do it automatically but it is better to do it ourselves though) - Added the old good Dennison's uCF logo (i mean the logo, not you Denni! ;-P) in 'About' dialog box - Replace all "between" by "by the way" in all txt files... :-x - Stastistics are shown regularly (thx to Pal) - 'Show Suspect' button (thx to Pal) - Fixed a GPF when closing the running target and continuing to rebuild it (thx to Pal) - Load & Save Tree in text format. (You can still load old binary ".rec" files) (Pal, you can edit them manually now! :-)) - Fixed a bug in my module loader when the module image base is different to its pe header one (ie when it has been moved by windows). (BIG THX TO PAL! ;-)) - Module loading log is more precise now - First prebeta version of tracer l3 (still is VERY BUGGY! You are WARNED!) v1.2b2 ------ - Argh!!!! Export ordinals were fixed now! Sorry, i have forgotten to add the Base for all ordinals!! Marf! That's why my "Import all by ordinal" option didn't work under NT/2000... It's now reactivated under those systems (even if your exe will not be portable to another system) - Fixed a GPF (oops! :-P) when invalidate some particular APIs - Load and Save Tree Models - Enable and Disable controls (buttons and editboxes) when necessary - Tracer level2 is slower (not under Win2000! ;-)) but less buggy than previous version - "Cut thunk" action in right click popup menu. Thanks to my best beta tester Thigo (normal, he's alone ;-P) for reporting me tELock tricks. (Greetz to tE! by the way) ;-) (Read Tips.txt for further details) - Current directory will be the path of your selected process for browsing files - Statistics after clicking on "Get Import" were fixed - Readme.txt was updated. :-) v1.2b1 ------ - Fixed a lame bug on my original IAT finder (a pb on computing its size... thx Chris ;-)) - Multiple Tree Selection - Right Click on Tree (invalidate functions, delete thunk...) - Tracer Level1 (Disasm) was improved (with magic 'Shift" key... look at Tips.txt) - *New* Tracer Level2 (Hook) uses ApiHooks. And big thanks to Yoda for advising me it ;-) - Import module name is auto updated depending on all its functions v1.1 ---- - I have forgotten to considerate the max recursion of the tracer in the options! Now it's fixed. Shame on me, yeah! ;-) - Give up the method to the start address (image base) bounds of the target too (not reliable). Unreal Tournament has shown me that ;-)... BY THE WAY, WHAT A GAME! :-D - Improved tracer again - Improved Original-IAT Auto Finder - GUI : Tree view for import - Default parameter is 'Add new section' DLL v1.0 -------- - DLL was released for GUW32 (by Christoph/UG2000) with its open source code ;-) v1.0 ---- - Give up the method with the limit address of the target (not reliable). Need to reput it in an option - "Auto-IAT Search" button added - "Ultra Arrange" button added - Modify entry point to given OEP into the dump file when fixing it v0.7 ---- - Reorganized code to export it in a dll v0.6a ----- - Show first (or second) invalid element in the 'Imported Function Found' list if it detects a problem in a thunk array - You can change the module of any import functions with the Import Editor - Disable "Import all by ordinal" under NT/2000... It does definitively not work :-( v0.6 ---- - No more leaked memory... I swear! :-) - Support NT/2K by fixing all forwarding export functions (thanks to +The Owl+ AGAIN! ;-)) (Tested on an ASProtected game with total success under win2000 (i mean portable on another system)) - Icedump v6.0.2.2 was released!!! ImportREC will be able to rebuild a 100% portable executable (or very close) with it. (ONLY UNDER WIN9x BY THE WAY) Icedump tries to solve 4 main windows dll which have export functions which point to the same address... => Check it out NOW!!! -> http://icedump.tsx.org v0.5 ---- - Added 2 buttons "Previous ????" and "Next ????" for looking at unresolved pointers quickly - Improved tracer engine... test it and you will see ;-) - Some errors messages are more comprehensible (for Lutin Noir especially ;-D) - GUI has changed a little bit - 'About' diabogbox finally added v0.4 ---- - A memory bug fixed when freeing export infos - "Add new section" in the dump file for the new import datas v0.3a ----- - Bug fixed on hint value which was always set to 0... erm :-) - Import ASCII name address is now aligned on WORD and not DWORD (more smaller size again) - Little filter on all Editboxes - Getting the size of the memory used by the process for memory bounds testing and the tracer v0.3 ---- - First public release - Tested on win2000 and it can not rebuild correctly because of module which contains some API from kernel32.dll of win95/98! :-( (like RltDeleteCriticalSection, ...). If anyone has a solution, please mail me!!!!! - Added a real tracer engine (from Borg disasm of Cronos) but still need to improve its use - Added a function editor (for fixing Asprotect 'GetProcAddress'-like redirected function by yourself for example) ** Double-click on the function in the "Import Functions Found" list and choose the good API. - Bug fixed : you can fix a dump which does not have RVA=RAW addresses and sizes - Import all by ordinal for smaller import datas v0.2 ---- - Not yet tested on NT/2000 - Fixed a lot of bugs - Added a poor tracer for redirected functions Feb/01/2001 ----------- v0.1 - First release