Import REConstructor

This tool is designed to rebuild imports for protected/packed Win32 executables. It reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII module and function names. It can also inject into your output executable, a loader which is able to fill the IAT with real pointers to API or a ripped code from the protector/packer (very useful against emulated API in a thunk).

Sorry but this tool is not designed for newbies, you should be familiar a bit with manual unpacking first (some tutorials are easy to find on internet).

Features:

• Imports
• An original tree view
• 2 different methods to find original imports (by IAT and/or API calls)

• A FULL complete rebuilder (including a new fresh IAT)

• Loader

• An analyzer and ripper of redirected API code
• An injected loader code to support mix of imports + ripped code in a thunk

• A heuristic relocator

• Tracers

• 3 default tracers (disasm, hook & ring3) to find APIs in redirected code

• A plugin interface to develop your own tracers

• Misc

• Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
• An export renormalizer for Win9x/ME (ala Icedump)
• A built-in coloured disasm/hex-viewer to analyze the redirected code
• A built-in dumper
• Support almost all known antidump tricks