Scylla Imports Reconstructor
A Windows tool for reconstructing import address tables (IAT) in x64/x86 executables, designed for reverse engineering and unpacking.
What is Scylla Imports Reconstructor?
Scylla is a Windows application for reconstructing the import address table (IAT) of x64 and x86 executables. It is used primarily in reverse engineering to repair unpacked or dumped binaries by rebuilding their import tables, enabling further analysis and execution. The tool addresses limitations in older tools like ImpREC with improved support for modern Windows versions and advanced IAT search algorithms.
Reverse engineers, malware analysts, and security researchers working on Windows binaries who need to unpack protected executables or analyze obfuscated code.
Developers choose Scylla for its robust x64 support, compatibility with Windows 7, and advanced features like direct import scanning and plugin support, making it a more reliable alternative to older reconstruction tools.
Overview
Imports Reconstructor
Use Cases
Best For
- Unpacking protected or encrypted Windows executables
- Repairing import tables in dumped memory regions
- Analyzing malware with obfuscated import calls
- Reverse engineering 64-bit Windows applications
- Fixing scattered IATs in unpacked binaries
- Converting dumped DLLs to executable formats
Not Ideal For
- Teams analyzing .NET or managed code binaries, as Scylla is designed for native Windows executables and only includes a separate .NET tool for export conversion.
- Projects requiring active maintenance and updates, since Scylla's last major release was in 2015 with no recent bug fixes or feature additions.
- Users on non-Windows operating systems, as Scylla is exclusively for reverse engineering Windows PE files and relies on Windows-specific APIs.
- Beginners needing extensive documentation and guided workflows, due to Scylla's niche focus, complex options like IAT search algorithms, and minimal tutorial content in the README.
Pros & Cons
Pros
Designed specifically for Windows 7 x64 and handles both 32-bit and 64-bit executables, filling a gap left by older tools like ImpREC that struggled with modern systems.
Includes intelligent search for scattered import tables and a direct import scanner that detects LEA, MOV, PUSH, CALL, and JMP instructions, improving reconstruction accuracy for obfuscated code.
Maintains compatibility with ImpREC plugins for extended functionality, allowing users to leverage existing tools in the reverse engineering community.
Fully supports Unicode filenames and paths while handling x86 and x64 binaries, making it versatile for various Windows environments and packed executables.
Cons
The project hasn't been updated since 2015 (version 0.9.8), leaving known bugs unfixed, such as API resolution issues on Windows 7 x64 and incompatibilities with newer Windows versions.
Admits to unresolvable bugs on Windows XP x64 where 100% correct imports reconstruction is impossible, and some ImpREC plugins fail on Vista/7 due to DllMain function requirements.
Requires deep knowledge of PE file structures and reverse engineering concepts, with a GUI that lacks modern intuitiveness and minimal guidance for casual users beyond keyboard shortcuts.
Open Source Alternative To
Scylla Imports Reconstructor is an open-source alternative to the following products:
ImpREC (Import Reconstructor) is a tool for analyzing and rebuilding import tables in Windows executable files, commonly used in reverse engineering.
CHimpREC is a Windows memory forensics tool designed for extracting and analyzing hibernation files, crash dumps, and virtual machine memory images during digital investigations.
Frequently Asked Questions
Related Projects
GhidraGhidra is a software reverse engineering (SRE) framework
dnSpy.NET debugger and assembly editor
BinwalkFirmware Analysis Tool
angrA powerful and user-friendly binary analysis platform!
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.