Download: Import table scanner (Find.exe)

The wrapper, tools, and info you need to get games working

Download: Import table scanner (Find.exe)

PostPosted by OldBoy2k » Sun Apr 01, 2012 6:09 pm

Import table scanner:
This is my first post,so i want to share with you one of my programs, it is called "Find".
Yes i am not good at choosing nice names for my programs.
this program simply iterates through some directory in your filesystem and for each executable file encountered ("whose extension was specified in cmdline"),it scans its import table looking for some API call.
Results will be saved to c:\results.txt

its cmdline is as follows

find.exe exe c:\windows\system32 RtlImageNtHeader
it searches for any .exe file in system32 folder which is importing RtlImageNtHeader


What is this really used for

i found two good uses for this simple program
1)once a specific API was found to be vulnerable,and we want to know how many applications are affected by this vulnerability.
assuming the vulnerable function is funcxxx
find will be used like this
find.exe exe c:\windows\system32 funcxxx
2)for API with no or poor documentation and we are in a bad need to know about its arguments and its return type.
all you have to do is using find with this cmdline
find.exe exe c:\windows\system32 NtTerminateProcess
and any debugger or disassembler.

Cons.
APIs exported via GetProcAddress (dynamic linking) will be false negative.
Cuz it is not implemented yet.
and finally here is the source code.


Homepage: Import table scanner
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Return to Tools & Info

Who is online

Users browsing this forum: No registered users and 1 guest

cron