.http://code.google.com/p/healiat/
It recovers packer's IAT Redirection.
not code redirection or stolen byte.
works well against Themida... I guess.
of course works against simpler packers/protectors
the source is kinda mess...
I had to add deobfuscation codes every time "new obfuscation method is revealed by prior deobfuscation".
You know what I mean. :)
any opinions are welcome.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}