• XSS.stack #1 – первый литературный журнал от юзеров форума

Специализированный Софт

Отслеживать
Вопрос.
Есть OllyDbg v1.08 (не хочу другую, к этой привык)
Есть 5-ть плагинов (OllyDump, OllyScript, IsDebuggerPresent, HideDebugger, Arma).
Напишите пожалуйста, хоть кто-нибудь, как их установить! Желательно поэтапно.

Заранее Спасибище!
 
Специалисты из DataRescue решили выпустить бесплатную версию IDA Pro, которая по функционалу схожа с 5.x версиями, но имеет ряд ограничений. Изучение программы можно начать с недавно вышедшей книгой "Reverse Engineering Code with IDA Pro", выпущенной Syngress.

:zns5: Скачать|Download
 
Новая версия WinHex - универсального HEX-редактора. Позволяет работать с жесткими дисками, дискетами, CD-ROM, DVD, ZIP, Smart Media, Compact Flash memory cards и прочими носителями, при этом поддерживается FAT12, FAT16, FAT32, NTFS, CDFS.

:zns5: Скачать|Download
 
[Program Name]
MII China Client

[Target URL]
Скачать

[Website]
Автор

[Protection]
ASprotect

[File Size]
908KB

[New$paN]

[Program Name]
LordPE v1.31

[Target URL]
Скачать

[File Size]
155KB

[New$paN]

[Program Name]
ProcDump v1.6.2

[Target URL]
Скачать

[File Size]
161KB

[New$paN]

Armag3ddon v1.5.1

picoh8.jpg


September 2008 - V1.5.1
+ fix removed installer, it was requiring .net framework to install a not .net program.

September 2008 - V1.5
+ minor updates to improve stability
+ fix problem with hardware fingerprints
+ update Arteam Import Reconstructor v1.2.1 (Nacho_dj)
Includes:
+ Sorted imports
+ Fixed bug for UPX targets in the new Armadillo 6 code

Скачать

[New$paN]

xFile 1.4.0.36

xFile 1.4.0.36 Released!

The File Update Module increases the size of a file to the specified value. Just enter the "Desired Size" in bytes and you're all set. Works with all file types, with compressed/packed files also, but files with integrity check are not supported. Also, backup option has been implemented.

The Hide Caption Tool is ideal for hiding the caption of any application. Just build a list with the full/partial captions you want to SPOILER and hit Enable. Changes apply in realtime and checks are made often to SPOILER all instances of the application.

The Junk Cleanup Module is useful for deleting Olly's UDD and BAK files. Also, there is an option to backup files before deletion (ZIP).

NEW! The Resource Fix Module (based on DreamTheatre's engine) comes in handy after unpacking. Just rebuild the resources, so that you can edit them without crashing the program. You can also dump the resources to file.

Additional features:
* Drag and Drop support
* file CRC Calculator
* auto-refresh of UDD folder
* auto-save settings
* Hide Caption works faster (Partial Captions are now supported)
* fixed minor UI bugs

Скачать
 
ActiveMARK Viewer v1.1
Description:
Tool for getting the ActiveMARK protection version used in a target.

Bilingual edition (English/Spanish)

When checking an ActiveMARK license file, it shows the Activation Code.
Cкачать!

Armag3ddon 1.4
+ fix some minor bugs
+ improve import redirection functionality
+ update Arteam Import Reconstructor v1.2 (Nacho_dj)
+ add support for Armadillo v6.0.0/v6.0.4 custom builds
+ new log internal EP/OEP (nanomites) option
+ add refresh option for processing multiple targets”
Скачать!

Olly SocketTrace 1.0
About
OllySocketTrace is a plugin for OllyDbg (version 1.10) to trace the socket operations being performed by a process. It will record all buffers being sent and received. All parameters as well as return values are recorded and the trace is highlighted with a unique color for each socket being traced.
The socket operations currently supported are: WSASocket, WSAAccept, WSAConnect, WSARecv, WSARecvFrom, WSASend, WSASendTo, WSAAsyncSelect, WSAEventSelect, WSACloseEvent, listen, ioctlsocket, connect, bind, accept, socket, closesocket, shutdown, recv, recvfrom, send and sendto.
Usage
Simply install the plugin and activate OllySocketTrace when you wish to begin tracing socket operations. OllySocketTrace will automatically create the breakpoints needed and record the relevant information when these breakpoints are hit. To view the socket trace select the OllySocketTrace Log.
Double clicking on any row in the OllySocketTrace Log window will bring you to the callers location in the OllyDbg disassembly window. The recorded socket trace is highlighted with a unique color for each socket being traced. Right clicking on any row will give you some options such as to view the recorded data trace. You can also filter out unwanted information if you are only concerned with a specific socket.
Screenshot
OllySocketTrace_screen1.gif

Скачать!

Registry Trash Keys Finder v.3.8.0 SR2
- Prolongs some software’s trial period
- Search for NULL-embedded (”hidden”) Registry keys
- Keys’ preview and backup before their deleting
- English-German-Korean-French-Dutch-Spanish-Russian interface
- Superfast “Jump to Regedit” function
- Shell command “Open in Regedit” for REG files
Скачать!

DotNET Tracer 0.3
This is a simple tool that has a similar functionality to RegMon or FileMon but it’s designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what’s going on in the background.
1- Select the assembly you want to analyze
2- Set the Events Mask, i.e Events you want to catch
3- Click “Start”
1- Enhanced scrolling in Events listview using mouse wheel
2- Ability to save events log to (*.log) files for later analysis
3- Every event has a special icon so that you can understand the list more easily
4- Removed skin to reduce flickering and enhance performance
Скачать!

IDA Stealth Plugin
IDA Stealth is a plugin which aims to SPOILER the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll actually implements most of the stealth techniques either by hooking system calls or by patching some flags in the remote process.
idastealth.png

Скачать!

Resources Extract v1.03
ResourcesExtract is a small utility that scans dll/ocx/exe files and extract
all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more…) stored
in them into the folder that you specify.
You can use ResourcesExtract in user interface mode, or alternatively, you can run
ResourcesExtract in command-line mode without displaying any user interface.
Скачать!

Patch Maker v.1.5.RC2 + src
Useful patch making tool, very customizable. Features:

* LOGO (320×90)
* MIDI/XM music
* NFO-file
* Main icon
* Restore function
* CRK import/export support

Version history:

1.5 RC2 (21/04/2006) - public:
* New design of patch maker utility
+ Save settings option
+ XM music support (uncompressed Patch size is increased by 15k)
+ Output patch compressing
+ Version history

1.3 RC1 (20/04/2006) - private:
+ NFO-file looks pretty :)

1.2 RC1 (01/04/2006) - public:
+ About box
* Bugfix

1.1 (30/03/2006) - private:
* New design of patch maker utility
* Bugfix

1.0 (01/04/2006) - private, project start:
+ MIDI music support
+ LOGO support (320×90)
+ NFO-file support
+ Main icon
+ Restore function
+ CRK import/export support
Скачать!

67 cryptors in one
Код: 
1337_EXE_Crypter
ass-crypter
Aver_Cryptor_1.02_beta
BIP_0.1
Celsius_Crypt_2.0_XOR-Special_Edition
Cigicigi_File_Crypter_1.0
Cryptic_2.1
Daemon_Crypt_2.0
DalKrypt_1.0
DarkAvengard_Crypter
DarkCrypt_1.2_Private_Build
DeX-Crypt_2.0_Private
ExeCrypt_1.0
Falckon_Encrypter_1.0_beta
fEaRz_Crypter_1.0_beta_1
FETiOP_3.0.A_Upgrade
FFC_1.6
File_Crypter
FreeCryptor_0.3b_build_003
GKripto_1.0
h4ck-y0u.org_crypter
Hac-Crew_Crypter
ICrypt_1.0
iNF_CRYPT_
L0rD_Crypter_1.0
MaskPE_2.0
Minke_1.0.1
Morphnah_beta2
Mortal_Team_Crypter_2.0
N-Code_0.2
NOmeR1
Open_Crypter_2.01.0
p0ke_Scrambler_1.2_Private
PEcrypt
Perplex_PE_Protector_1.01dev
Pohernah_1.0.2
Pohernah_1.0.3
Poly_Crypt_2.8
PowerCrypt_v2.0
PrivateKrypt_beta
Protect_-_0.1.5_beta
RCryptor_2.0_Private
RPolyCrypt_1.4.1
RPolyCrypt_1.4.2
Russian_Cryptor_1.0
S1mb10z_2.1
Scramble-Tool_0.2.3b
Silly_Chr_Encrypter_0.5
Simple_Strreverse_Encryption_0.3
SkD_Undetectabler_2_Special_Edition
SkD_Undetectabler_3
Snoop_Crypt
StrAnGe_CrYpTeR
STUD_RC4_1.0
Super_Crypt_1.0
UndergroundCrypter_1.0
UnDo_Crypter
unnamed_Scrambler_1.2_D
Unnamed_Scrambler_2.1.1
Unnamed_Scrambler_2.1
USC_2.1.1_Partial_Cleaning_Patch
Vbs_Encrypter_0.01
Werus_Crypter_1.0
Wind_of_Crypt_1.0
WouThrs_EXE_Crypter_1.0_Beta
X-Crypter_1.2
X-Crypter_1.2__S-B_Version_mod
Скачать(1 часть)
Скачать(часть 2)


Circuit’s Cracker Tool
Crypto:
MD5 Modded (User Input)
MD5
MD4
MD4 Modded (User Input)
Sha1
Sha256
Sha512
RipeMD-128
RipeMD-160
Tiger
Base64 Encoding/Decoding
Cesar Cipher

Conversion:
ASCII To Hex
ASCII To Decimal
Hex To Decimal
Hex To ASCII

Misc:
String Reversing
String Length
String Uppercase
String Lowercase

Calculation:
Hex Calculator
Dec. Calculator
*Div
*Mod
*Multiplication
*Subtraction
*Addition
*XOR
*OR
*NOT
Скачать!

Добавлено через 1 час 3 минуты
LAG Loader Generater 1.2
1.2 update
+ fix boundimport resolve bug
+ fix load check bug
+ use advanced thread control
+ add autosave/autoload config
Cкачать!

DK Binder v1.0
Options:
-unlimited files support
-run or not
-Choose extract path
-Run or not if on VM
-RC4 Encryptions for files
-Show/Hide option
-Parameters support
Скачать!

Superior Patch Generator 1.1
Here is version 1.1 of my AM 6.x inline generator. This tool uses the Superior Method of Inline Patching for the most reliability in getting a working inline (especially for v6.3). Check it out and tell me what you think.
Скачать!

LAG Loader Generater 1.0
Single process and multithread dynamic patch technology
2Easyly patch Exe,Dll,Ocx etc.
3Compatible with asm,vb,vc,vfp,pb,pascal etc.
4More convenient and stability for packed program.
Скачать!

EDB Linux Debugger v 0.9.1 by Evan Teran
Features
* Intuitive GUI interface
* The usual debugging operations (step-into/step-over/run/break)
* Conditional breakpoints
* Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them.
* Basic instruction analysis
* View/Dump memory regions
* Effective address inspection
* The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them.
* Importing of symbol maps
* Plugins
o Search for binary strings
o Code Bookmarks
o Breakpoint management
o Check for updates
o Environment variable viewer
o Heap block enumeration
o Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan)
o Open file enumeration
o Reference finder
o String searching (like strings command in *nix)
Скачать!
Добавлено в [time]1223993391[/time]
Superior Patch Generator 1.1
Here is version 1.1 of my AM 6.x inline generator. This tool uses the Superior Method of Inline Patching for the most reliability in getting a working inline (especially for v6.3). Check it out and tell me what you think.
Cкачать!

Exeinfo V.0.0.1.8 G3
Код: 
Delphi 2007 v11
387. Microsoft Visual C++ v9.0 ( e8 ) www.microsoft.co
388. ActiveMARK 5.x -> Trymedia Systems - www.trymedia.co *ACM
389. (E8) Microsoft Visual C++ 9.0 - Visual Studio 2008
390. Microsoft Visual C# / Basic.NET / MS Visual Basic 2005/2008
391. TTProtect 1.0 - 2007/2008 - www.ttprotect.co (.net/dll)
392. TTProtect 1.0 - 2007/2008 - www.ttprotect.co (exe)
393. MPRESS v1.05 - MATCODE comPRESSor for executables © 2007,2008,
MATCODE Software - www.matcode.co
394. MPRESS v1.07 - MATCODE comPRESSor for executables © 2007,2008,
MATCODE Software - www.matcode.co
395. EncryptPE V2.2008.6.18 China Cracking Group - www.encryptpe.co
396. Empathy 2.1 Exe password 2007.08 (using : PE-Inject Engine 1.0 by
M.Strechovsky ) ( pass decode max.12 char)
397. Microsoft Visual Basic v4.0-6.0 DLL (5A)
398. Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 (4xFF25)
399. Borland C++ Copyright ( No Copyr. sign )
400. !EPack 1.4 lite final - by 6aHguT / Team-X 2006.08
Скачать!

Trial-Reset 3.4 Final
Unfortunately I have not much time to dedicate to this project so this is the last version.
I thank all those who helped me in the development.
What’s new v3.4 Final (Public):
-Updated support for WinLicense (Ring-0 Protection)
Скачать!

ArmaGeddon 1.3

Код: 
May 2008 - v1.3
+ resolve relocations for dll files (Nacho_dj)
+ added new option to minimize the size of a dumped file (Nacho_dj)
Particulary useful for Shockwave Flash + applications that make use of an overlay. Of course this will also rebuild a normal target’s PE structure.
+ improved import rebuilder v1.1.2 (Nacho_dj)
+ added new option to “Resolve” nanomite INT3 instructions with their original
jmp instructions and patch directly to the dumped target. Requires use of the nanomite “Analyze” + “Log” options. Note: you can also elect to resolve nanomites directly to a target process’s memory if you elect to detach!!
+ integrated Admiral’s Strategic Code Splicing removal engine into the tool.
This is now the (default) behaviour and can be overridden with new option to
redirect CS (code splices) instead
+ new option to dump / decrypt / decompress the .pdata section to a binary file
+ new option to detach from a process (choose: DebugBlocker or CopyMemII)
+ resolve problem for ArmAccess dll function:Installkey missing error msg
+ add support for UPX compressed single process targets
+ new option to change your Standard / Enhanced Hardware Fingerprint ID
+ resolve some minor bugs
===========================================
March 2008 - v1.2g [gabor edition]
+ add warning message for OEP call return VA not from Armadillo VM
Note: Informational, not usually relevant for dll’s or exe’s with copymem2,
but may be useful for troubleshooting invalid OEP’s resulting
from custom implementations and/or packing / compressing of a file
prior to being protected by Armadillo
+ fix problem with copymem2 search string error
+ fix problem with createdump on error
===========================================
March 2008 - v1.2
+ improved PE section name resolution for internal use (thank’s Ghandi)
+ improved ARTeam Import Reconstructor v1.2
===========================================
February 2008 - v1.1
+ added dll support (dll loader.exe)
+ added option “Use OpenMutext trick” to force a single process. Use only if normal “debug blocker” processing fails. This would occur when a parent process launches the child process, but doesn’t debug the child process (i.e. use the WaitForDebugEvent API)
+ improve IAT elimination functionality
+ includes updated ARTeam Import Reconstructor
===========================================
Скачать!

Windows Debuging Tools 6.8.4.0
n this release, more components of the debugger are now redistributable. You will find enhancements to the !lmi and !exchain commands and Symsrv support for resource-only binaries. Numerous improvements have been made to components and commands, such as: !analyze, DBGEng reliability, live KD for Windows Vista, context handling for .frame, .dumpdebug for minidump debugging, and breakpoint list commands. Also included are updates and advances in the documentation. For further details, read the RELNOTES.TXT provided in the package.
Скачать!

MultiExtractor

MultiExtractor is an application that allows you to extract multimedia files. With MultiExtractor you can easy extract/recovery multimedia files stored in database files or executables.
MultiExtractor has a PE-Scan engine that will allow you to extract icons and bitmaps stored in exe-files (32 bit Portable Executable). MultiExtractor extracts files stored in other files and optionally unstored files (stored on disk but not in file).
Скачать!

Xenodecode V0.2, Decoder

This is a tool to get back all strings, which have been encrypted by the protector Xenocode.
Скачать!

Advanced Loader Generator 1.31
Скачать!

APIScan 2.1
APIScan is a simple tool to gather a list of APIs that a target process uses.
You can use this list in an initial analysis to help determine a target’s
general operating nature. Also can be used to help determine patch/update
changes by doing a WinDif on “before” and “after”.
There are similar tools, often more robust (like “Dependency Walker”), but
most of these just parse the target IAT (”Import Address Table”) alone.
APIScan catches dynamically/delayed loaded modules too; and dumps them as a
simple list.
Скачать!

LordPE Deluxe B Patched
mainformku2.png

Исправленная версия знаменитого дампера и редактора ресурсов от y0da - LordPE. Теперь LordPE Deluxe может отображать больше, чем 60 процессов, за что спасибо ultimategamer’у.
Cкачать!

HashTab 2.1.1
76349148zd3.png

В этой версии:
* Добавлена поддержка drag and drop для сравнения хешей файлов
* Обновлены переводы на немецком, японском, итальянском, французском, украинском, испанском, финском и китайском языках
* Добавлен французский язык
* Исправлена настройка хеш-списка
* В контекстное меню добавлено “Copy All”, для копирования всего списка полученных хешей
* Добавлены хеши MD2 и MD4
* Обновлены переводы, в связи с добавлением новых элементов интерфейса.
Скачать!

Armag3ddon 1.4

94090865og0.png

This Tool can strip Armadillo Protection from protected Exe’s / Dll’s
Скачать!

ExeInfo PE 0.0.1.9B
screenjm5.png

Скачать!

Syser Kernel Debugger 1.98
Syser.jpg

1. Fixed s command bug.
2. Fixed a BOSD bug on Vista (Bug Check 0×1: APC_INDEX_MISMATCH).
3. Add string reference windows of PE.
4. Enhanced mod command, display TimeDateStamp of PE module.
5. Fixed a BOSD bug of device,driver command.
Скачать!

Flashback Protector 1.0 build 08.05 beta 1
fbpmainiz1.gif

* Первая публичная бета версия
* Создан Help
* Улучшена аниотладка
* Улучшена защита от распаковки
* Почти все опции встроены
* Немного изменен интерфейс
* Небольшие изменения
Скачать!

Calc 1.25
sshotil2.png

Отличный калькулятор от s0larian’а, одного из постояльцев форума cracklab.
v1.25
- fixed a bug where calc was creating an empty .ini file. The .ini is now
only read, never written. Thanks HandMill.
Скачать!

LAG Loader Generater 1.0 build 2008.08.01
1. Single process and multithread dynamic patch technology
2. Easyly patch Exe,Dll,Ocx etc.
3. Compatible with asm,vb,vc,vfp,pb,pascal etc.
4. More convenient and stability for packed program.
Скачать!

WCRPatcher 1.2.12
patcher_1212_screen.png

* Добавленна поддержка изображений в форматах jpg/gif/png.
* Удаленна поддержка прозрачных BMP.
* Обновлён режим О пррограмме (без изображения).
* Исправленны мелкие баги.
Скачать!

DE Decompiler Lite 2.0

GPcH продолжает радовать нас своими продуктами, не так давно обновился De-Decompiler - декомпилятор программ, написанных на Delphi версий с 4 по 2007. Полная профессиональная версия программы стоит денюшку, где-то 99 зеленых за год на одного человека, но можно попробовать использовать и бесплатную lite версию, которая и доступна на нашем сайте.

Последняя версия De-Decompiler’а, претерпела такие изменения:
Add: Ignore bad jumps
Add: Project name detection
Add: Initialize and Finalize functions detection
Add: Processing initialization table for API/KOL compiled projects
Add: Process DLL Export table
Add: Recent files history list in File menu
Add: New plugin functions: ClearAllBuffers, GetCompiler, IsPacked,
SetStackCheckBoxValue, SetAnalyzerCheckBoxValue
Add: If plugin function have error after using method
decompiler return information about this or “1″ if all ok
Add: BPL functions automatic demangler
Add: New DataBase packed format (now supported new and old DataBases)
Add: Decompile DateTime, Currency and Int64 data types
BugFix: Count try/end blocks
BugFix: Parsing error classes don’t stop decompilation
Cкачать!

ACKiller 1.0
Программа предназначена для автоматической распаковки программ, защищенных протектором ACProtect (в прошлом UltraProtect).
Поддерживаются версии ACProtect 1.06, 1.07, 1.09, 1.09c, 1.09e, 1.09g, 1.10, 1.20, 1.21, 1.22, 1.22b, 1.22c, 1.23, 1.30, 1.3b, 1.3с, 1.32, 1.35a, 1.40, 1.41 и 2.0.
Новое в этой версии:
# Возможность распаковки программ с опцией Har
Скачать!

ExeInfo PE 0.0.1.6 C
exeinfo_screen.png

овая версия PE сниффера, от всех остальных он отличается тем, что может отображать подсказку, то есть тем можно распаковать тот или иной файл.
Cкачать!


Serial Sniffer Creator
piczd3.jpg

Cкачать!

Source Insight v3.50
ource Insight is a project-oriented program editor and code browser,
with built-in analysis for C/C++, C#, and Java programs. Source Insight parses
your source code and maintains its own database of symbolic information
dynamically while you work, and presents useful contextual information to you
automatically.
Cкачать!

CoolDumpper 1.0 beta6

Скачать!

BreakPoint Hex Workshop v5.1.4
Hex Workshop supports drag and drop and is integrated with the Windows operating system so you can quickly and easily hex edit from your most frequently used workspaces. The Data Inspector is perfect for interpreting, viewing, and editing decimal and binary values. Arithmetic, logical, ascii case, and bitwise operations can be used to help manipulation your data in place.
Additionally you can goto, find, replace, compare, calculate checksums, add smart
Скачать!

Kernel Detective v1.0
Kernel Detective is a free tool that help you detect, analyze, manually modify and fix some Windows NT kernel modifications. Kernel Detective gives you the access to the kernel directly so it’s not oriented for newbies. Changing essential kernel-mode objects without enough knowledge will lead you to only one result, BSOD
Скачать!

IntelliLock 1.1.0.4

IntelliLock is an advanced 100% managed solution for licensing controls
and applications. While .NET Reactor offers a licensing system based on native
code protection, IntelliLock opts a 100% managed way to apply licensing and
protection features. This way single files can be produced without the need of
additional files.
Its flexible managed concept allows you full licensing integration into any existing
system. IntelliLock supports the .NET Framework 1.1, 2.0, 3.0 and 3.5. There is
also a comprehensive support for the Compact Framework 2.0 and 3.5. IntelliLock
combines strong license security, highly adaptable licensing functionality/schema
with reliable assembly protection. Its protection capabilities meet the needs you
demand on a secure licensing system.
Скачать!

Sonne Flash Decompiler v5.0.1.4
Sonne Flash Decompiler is designed for anyone who wants to restore elements used in flash files. It is a powerful flash decompiler with the functionality to convert flash files between swf and exe formats and edit swf movies (dynamic texts, images and more). With Sonne Flash Decompiler, all components including images, sound, action scripts, texts, morphs shapes, frames, morphs, fonts, texts, buttons and sprites can be completely recovered. By using Sonne Flash Decompiler, you can find out almost everything in a Flash movie and get back your FLA.
Скачать!

EasyHook 2.5 beta

This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection SPOILERs hooking from most of the current AV software
Скачать!

Smartassembly Enterprise v3.0.3
The powerful and user-friendly solution for .NET assemblies’
efficient merging, pruning, obfuscation, optimization, and
automatic exception reporting for easy post-deployment
debugging.
Скачать!

Patch HWID Execryptor 2.4.1
Скачать!

MASM Full from v10
Скачать!

RadAsm

Скачать!

General Register Key Generator
General EXECryptor registration code generator Final
If the shell EXECryptor good use of its SDK, for good or intensity, the interface is simple.
Registed calculation also more convenient!
Скачать!

Добавлено через 1 час 1 минуту
IDAFicator v1.2.12
BP-OLLY v0.1
Cкачать!

StrongOD v0.15 (bug fixed)
1, enhanced Find function modules (correctly handled peb find the modules, such as ring3 hidden module)
2, OD enhance the document Pe head of analysis (such as Upack shell, etc.)
3, anti anti attach (an extreme form attach)
4, the goal is no longer out of debugging (DebugActiveProcessStop) function, xp system over
5, dll to be injected into the process of debugging
a) Remote Thread (using CreateRemoteThread injection)
B) Current Thread (shellcode, not to increase threads way into the current thread to be suspended)

////////////////////////////////////////////////// /////////////////////

Tell us about simple function:
1, View module features: Find module is the general search peb, have to deal with the peb, OD support properly, so StrongOD find ways to use the module ZwQueryVirtualMemroy
The following plans: This is the hidden module, ProcessExplorer find less than module, and correctly found in the OD

2, the first non-normal PE, OD will not be able to identify, in the data window pe header structure will be an error, StrongOD OD enhanced ability to identify PE head, but also to other plug-in for the information provided to facilitate pe
The chart is the main program UPack

3, many procedures to prevent additional OD, hook or a NtContinue DbgUiRemoteBreakin function, StrongOD use of a means to attach extreme attach. (Note: some unconventional means to check the thread StrongOD no special treatment, such as opening a thread TTProtect regularly check, can not be here or attach)

4, DebugActiveProcessStop functions to be debugging process from the debugger

5, dll to be injected into the process of debugging, two kinds of ways, the first thread is the long-range model, the second did not open an additional thread, the current moratorium on the use of the thread to inject. The former can be run in the state, can also suspend the state, while the latter must first suspend a thread can be injected
Скачать!

Olly SocketTrace 1.0
Скачать!

VEH Walker
This plugin shows all installed vectored exception hadlers in the program.
Copy VEH_Walker_Plugin.dll into OllyDbg plugin directory.
Load VEHDemo.exe into OllyDbg. Set breakpoint on ExitProcess.
Run program. When you stop on ExitProcess, choose menu item View VEH.
Скачать!

poison(ollydbg plugin) +src
ere is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot.
Скачать!

Stealth64 1.0
Anti Anti and compatibility plugin for Olly 1.10 running on Vista x64.
I made this little plugin to make unpacking on Vista x64 a bit more bearable
It has most of the know anti anti and makes an effort to make Olly behave like it should on regular x86 machines.
Next to this I implemented my own version of the OllyBone ‘Break On Execute’ making unpacking some simple packers a lot easier.
Скачать!

OllyMoreMenu 1.1
This plugin added in ollydbg in the menubar more menu´s with your favorite tools for quickstart.
- for add new menu entry go in add menu and add you favorite tools if ok add this plugin new menu´s in ollydbg menubar for quickstart
Скачать!

OllyCallTrace
OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.
Скачать!

Hidedbg For themida1.9.5
Functions:
Код: 
1.Hide IsDebuggerPresent
2.Hide NtGlobalFlag
3.Hide ProcessHeapFlag
4.Patch ZwQueryInformationProcess (==patch UnhandledExceptionFilter)
5.Patch ZwSetInformationThread
6.Patch CheckRemoteDebuggerPresent
7.Patch OutputDebugStringA
8.Anti heap-checking (For themida1.9.5.0)
Скачать!

FullDisasm 1.63
“I propose to you small a plugin for OllyDebugger 1.10 and Immunity Debugger 1.00 which makes it possible to replace the old routine of dismantling of OllyDbg by BeaEngine. With this new plugin, OllyDbg and ImmDbg are capable of débugguer last instructions FPU, MMX, SSE, SSE2, SSE3 and SSSE3, SSE4.1, SSE4.2, VMX. It also makes it possible to choose a syntax parmis 3 (GoAsm, Nasm, Masm).
Скачать!

Olly Script Editor v2.0
Скачать!

Ollydbg 867 scripts or update 149 scripts
Скачать!

oSpy
oSpy is a tool which aids in reverse-engineering software running on the Windows platform. With the amount of proprietary systems that exist today (synchronization protocols, instant messaging, etc.), the amount of work required to keep up when developing interoperable solutions will quickly become a big burden when limited to traditional techniques. However, when the sniffing is done on the API level it allows a much more fine-grained view of what's going on. Seeing return-addresses for each recv/send call (for example), can prove useful when you want to look at the processing code at that spot in a debugger or static analysis tool. And if an application uses encrypted communication it's easy to intercept these calls as well. oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data. Another neat feature is when wanting to see how an application behaves when in a firewalled environment. Normally you would have to simulate such an environment by configuring firewalls etc., which not only is time-consuming, but might also cripple the rest of the applications you've got running. oSpy solves this problem by a feature called softwalling which allows you to set rules based on the type of function-call, the return-address, local/remote address/port, etc., and lets you choose which error to signal back to the application when the rule matches. This way you can make the application think that for example a connect() timed out, connection was refused, there was no route to host, etc.
Cкачать!

The aim of “Java Decompiler” project is to develop tools to decompile and analyze Java 5, and upper, “.class” files.

Some facts:
The final release of JSR 176, defining the major features of the J2SE 5.0, has been published the september 30, 2004.
The lastest Java version supported by JAD, the famous Java decompiler written by Mr. Pavel Kouznetsov, is 1.3.
Most of Java decompilers downloadable today from Internet, such as “DJ Java Decompiler” or “Cavaj Java Decompiler”, are powered by JAD : they can not display Java 5 sources.

JD-Core is a freeware library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI includes JD-Core library.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.

JD-Core and JD-GUI are free for non-commercial use. This means that JD-Core and JD-GUI shall not be included or embedded into commercial software products. Nevertheless, JD-Core and JD-GUI may be freely used for personal needs in a commercial or non-commercial environments.
screenshot1.png

Main features

* JD-Core and JD-GUI are written in C++. This allows an extremely fast decompilation and a display.
* JD-Core does not require the Java runtime environment for its functioning, therefore no special setup is required.
* JD-Core works with most current compilers including the following:
o jdk1.1.8
o jdk1.3.1
o jdk1.4.2
o jdk1.5.0
o jdk1.6.0
o jikes-1.22
o harmony-jdk-r533500
o Eclipse Java Compiler v_677_R32x, 3.2.1 release
o jrockit90_150_06
* JD-Core supports the following new features of Java 5:
o Annotations
o Generics
o Type “enum”
* JD-GUI supports Drag and Drop.
* JD-GUI supports JAR files.
* JD-GUI displays color coded Java source code.
* JD-GUI allows you to browse the “class” files hierarchy.
* JD-GUI displays “log” files, and allow you to decompile “class” files appearing in Java stack traces.
* JD-Core and JD-GUI use the excellent cross-platform wxWidgets toolkit.

Скачать!

Добавлено через 2 минуты
REALbasic is a rapid application development environment that enables developers to create high-quality, native software for Windows, Mac and Linux.

REALbasic includes:
- an integrated environment designed for developer productivity
- a modern, object oriented programming language
- a cross-platform object framework
- a cross compiler that produces native executables

REALbasic is used to create all types of applications, including database clients, commercial software, custom business solutions, educational products and more. In fact, REALbasic itself is written in REALbasic.


Скачать!
 
OllyDBG v1.10 plugin - StrongOD v0.18 [2008.09.18]

[2008.09.18 v0.18]
1, to repair the Ctrl G calculation rva, offset when a small BUG
2, when the program is not running the state, Detach before running program
3, restoration of the original data OD zone copy BUG
4, repair od after the CPU running very high occupancy rate BUG
5, you can set it to skip some of the exception handling

[2008.09.02 v0.17]
1, to skip some of the improper handling of the abnormal OD
2, correctly handle the instructions int 2d

[2008.08.31 v0.16]
1, joined the drive to protect the process, the hidden window, over most of the anti-debugging
2, driver support for the custom equipment 000 (ollydbg.ini of DeviceName, equipment were not more than 8 characters)
ollydbg.ini of [StrongOD], you can set up their own
HideWindow = 1 to SPOILER the window
HideProcess = 1 to SPOILER the process
ProtectProcess = 1 protection process
DriverKey =- 82693034 and the key driver of communication
DriverName = fengyue0 who drives (not more than 8 characters)

3, OD will be the creation of the parent process into the process explorer.exe (copied from shoooo code)

The increase in the version of the driver, if a blue screen, set up minidump spread to the Forum, thank you
OllyDbg original use as much as possible, and other generally do not need the anti-anti plugin in conjunction with plug-in (including phant0m)

Скачать

Immunity Debugger v1.73
from:http://debugger.immunityinc.com

We have put out the 1.73 release which is a maintenance release that has a few more bugfixes as well as a DLL injection function in the debugger API.

The list of changes are as follows:

- Immunity Debugger API
- Added inject_dll() method to load a DLL into the debuggee

- Bug Fixes
- Fixed pathing issue when updater.exe spawns debugger
- Fixed MemoryPage.getOwner() to return only the module name
- Fixed hang when opening Immlib-> Lib References menu item

You can upgrade your current Immunity Debugger by going to Help/Update
or directly downloading the new installer from
http://www.immunityinc.com/products-immdbg.shtml

Thanks for using Immunity Debugger, and all your patience while we resolved these last few issues.

Sincerely
Team Immunity
http://www.immunityinc.com

PEBrowse Professional Interactive 8.10.2
It is a nice debugger if you want to use an alternative to OllyDbg. I don’t see many topics or posts on the subject but it is worth taking a look at.

Changes since V 8.10.2
- Added restricted operations setting to startup log.
- Fixed “missing” memory dump entries at frame boundaries in stack display.
- Added horizontal scrolling in attach to process dialogbox.
- Removed extra breakpoints perserved in session file after terminating a process - created by runto mode.
- Added debug menu item to create a breakpoint when a specific DLL is initialized.
- Restored commandline, startup directory, and additional environment variables persistence in session file.
- Always display suppressed exceptions in debug log.
- Fixed bug when newly-minted session files were not added to most recent list.
- Suppressing statusbar hints when debugger is not stopped.
- Added support for tracking user-specified values in the registers and memory displays.

Скачать

Zeta Debugger v1.5

Fixed bug: sometimes couldn’t run on Window 98.

Next version

The other thing that we plan to add in the nearest future is the checkpoint monitor. Imagine that you can set a check point at any address of code and then evaluate numeric expressoins valid for this address, and put all these results into a graph. That’s we are talking about. Also maybe we unite this monitor with the animation panel in some elegant way that simplifies the use of both.

There are also many other things we should add or fix. But we promise you that they will not complicate the interface in any degree. We will try to make the debugger’s system as automatic and intelligent as only possible. Keep watching for the new versions and you will know the other details.

скачать
зеркало

ollydbg mod. 4 Execryptor & THEMIDA
ollydbg moded for Execryptor & THEMIDA
Modified Execryptor
Modified THEMIDA
Add the possibility of deleting all points of stopping Remove all breakpoints
auto path UDD & plugin
Reference Search directly from the toolbar
Show offset in status bar
Amendment to show the number of additions to the list
Additions located

1 - advancedolly.dll
2 - analyzethis.dll
3 - API_Break.dll
4 - bookmarks2.dll
5 - cmdbar.dll
6 - HideOD.dll
7 - NonaWrite.dll
8 - ODbgScript.dll
9 - OllyBugfix.dll
10 - OllyDump.dll
11 - OllyMoreMenu.dll
12 - PhantOm.dll
13 - Poison.dll
14 - ustrref.dll

This amendment took me time so there is no difference between them and the original
They accept each others additions modified
Do not forget pray for me and my family

by phpbb3
скачать

MHS v5.002- Debug, Disassemble, Hex Edit, Search, Inject Code/DLLs, Etc.
MHS is a utility for searching, viewing, and modifying the RAM of other processes, and for disassembling and debugging other processes.
MHS sports the fastest and most efficient searches available, an advanced, colorful, and easy-to-use real-time Hex Editor, a Debugger with unique features, a Disassembler, and an extensive scripting language (L. Spiro Script) yielding unlimited potential.
The array of tools offered in MHS can make hacking any game easy.
Here is a compact list of tools and features:

скачать

Syser Debugger 1.98 Released
2008.8.24 Syser Debugger 1.98 Release

1. Fixed s command bug.
2. Fixed a BOSD bug on Vista (Bug Check 0×1: APC_INDEX_MISMATCH)
3. Add string reference windows of PE .
4. Enhanced mod command, display TimeDateStamp of PE module .
5. Fixed a BOSD bug of device,driver command.

скачать

JDebugTool 4.1.1
The JDebugTool® graphical Java™ debugger

JDebugTool descriptionA standalone Java debugger, built on top of the standard JPDA and moreJDebugTool has a standalone Java debugger.
-Built on top of the standard JPDA (Java Platform Debugger Architecture).
-Is itself written in Java.
-Features an intuitive and graphical Java Swing GUI.
-Context sensitive Help Viewer.

description:
Debug Applications, Applets, Servlets and EJBs.
Local and Remote debugging.
Run, Attach and Listen.
User friendly GUI.
Multi-Thread debugging.
Breakpoint Groups.
Data Tool Tips.
Hot Swap classes and Pop stack frames.
Save settings in Projects.
Modify primitive variables.
Display loaded classes.
Display toString() results.
Display Chained Exceptions.
Display Memory Usage and Java System Properties.
Evaluate simple Expressions including Method Calls.
Stop on Thread Start and Death events.
Stop on Class Load and Unload events.
Stop on Method Entry and Exit events.
Stop on Field Watchpoint events.
Launch External Text Editor.

http://www.debugtools.com/download.html

pro by DIGERATI
скачать
зеркало
pass: http://reversengineering.wordpress.com

Obsidian - Non-intrusive Debugger + src
The debugging functions are implemented by using standard Win32-API calls like:
CreateProcess
OpenProcess
OpenThread
CreateToolhelp32Snapshot
SuspendThread / ResumeThread
ReadProcessMemory / WriteProcessMemory
GetThreadContext / SetThreadContext

скачать

EDB Linux Debugger 0.9.4
This time it’s a two version bump to 0.9.4 since I was notified of some x86-64 compilation issues in the last version. Plus I’ve added a few things.

2008-08-12
———-

* Sped up analysis by avoiding redundant function analysis. It still isn’t
blazing fast, but is significantly better.

* Fixed a few previously missed 64-bit portability issues.
(toULong -> toULongLong). They were minor, but all of this type should be
resolved.

* Added a symbol viewer plugin. Double click to see a symbol’s value in the
the current data view. Eventually, I’ll add a context menu to make it
so you can view it in the code view too depending on the type.

2008-08-11
———-

* Continued to make improvements to analyzer. It is more accurate, but also
slower at the moment. I will look into good ways to speed it up.

2008-08-10
———-

* Fixed some compilation issues on x86-64. Thanks to Stephan Hegel for working
with me to make sure that x86-64 users have a functioning EDB.

* Reworked analysis to have a higher initial favoritism towards findings
functions by recursivly tracing known functions
(symbols/main/entry point, etc). This will make the analysis more accurate
though it does have the side effect of making “percentage complete” at lot
less meaningful since while it will always stop, the number of iterations
during analysis is indefinite.

2008-08-09
———-

* Seems that <QtGlobal> needed to be included in QDisassemblyView.cpp for x86-64
targets. Simple fix, but it broke compilation for some platforms so I’m going
to make a release for it.

скачать

VB Debugger [source code] + compiled with VB 6
MCL Debugger and dependency walker
==================================
&copy; 2002-2003 Merrion Computing Ltd
42 Ailesbury Mews
Ballsbridge
Dublin 4
Purpose:
——–
A tool to allow you to attach a debugger to a process and be notified when debug events (such as a thread starting, a dll unloading etc.) occur and optionally to pause that application on such an event.
Demonstrates:
————-
Using the windows API to attach to a process and read it’s memory
Use:
—-
Firstly set the events (if any) that you want the application being debugged to be paused on.
Then select an application to debug - you can either select from the list of already running applications,
or browse for an application to launch under the control of the debugger.
As the debug events occur the details will appear in the bottom pane. If you have selected to freeze the debugee application then you will have to press the “Continue” menu when you want to let it continue.
The modules list in the right hand pane will be filled as modules load. To get extra information about a given module (for exampl,e the imports and exports listing) double click on it and a form will open for each running module.

скачать

MiniDBG with source
скачать

Syser Debugger 1.97.1900.1016 2008.5.27
1. Improve Syser’s video card compatibility.
2. Add 3 Video Display Card Detect Mode:
Auto (If you don’t care)
User Mode (High Compatibility)
Kernel Mode (Support DirectX)

скачать
 
Начет дебаггеров.

Работайте с вирями и троями только с виртуальной машинки!

Множество дебаггеров, при отладке открывают файл.

В нашем случае это может быть оказаться трой.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
IDA Pro Advanced 5.5 with Hex-Rays 1.1 FULL

IDA Pro - это интерактивный дизассемблер и отладчик. Она позволяет превратить бинарный код программы в ассемблерный текст, который может быть применен для анализа работы программы.
Название IDA Pro происходит от английского Interactive Disassembler. IDA используется для анализа вирусов (antivirus companies), исследования защит систем (software security auditing), обратной инженерии (reverse engineering). Хотя IDA и не является декомпилятором (decompiler), она содержит отладчик (debugger) и может анализировать программы на высоком уровне.

http://www.filefactory.com/file/a12b512/n/idapro55.exe
http://www.sendspace.com/file/y2vac4
 
cRARk вер. 3.2d :zns5: Скачать|Download

Описание:
Консольная утилита для подбора паролей к архивам RAR 2.x и RAR 3.x, использует Password Cracking Library 2.0, которая включает в себя специальный язык описания паролей. Имеется русская документация и поддержка русских символов в паролях. Поддерживаются многотомные, саморазворачивающиеся и архивы с зашифрованными заголовками. Специально оптимизирована под новейшие процессоры, имеет поддержку технологии NVIDIA CUDA
 
pvefindaddr.py ImmDbg Plugin
Сегодня вышло аж два минорных обновления этого плагина - 2.0.5/2.0.6
В них исправлен алгоритм определения модулей с safeseh и добавлена возможность самообновления.

Он периодически существенно облегчает некоторые рутинные задачи. К примеру поиск pop/pop/ret :
!pvefindaddr p <reg> [module]
помогает при разработки SEH-based эксплойтов и тд.

http://www.corelan.be:8800/index.php/secur...gger-pycommand/
 
PDF Examiner 1.0
Ребята из malware tracker порадовали онлайн тулзой по типу pdf dissector`a для разбора начинки пдфа. На данный момент имхо, это наиболее удобный вариант, хотя я и недолюбливаю онлайн утилиты:

http://blog.malwaretracker.com/2010/08/pdf...tor-online.html
 
PDFTemplate
Наконец-то ктото выложил темплэйт pdf для 010 Editor. Осталось только написать скрипты для дешифровки сжатых стримов =) Энджой =)

http://blog.didierstevens.com/2010/09/03/pdftemplate/
 
PDF Stream Dumper

Довольно полезная тулза для исследования вредоносных pdf. Парсит пдф, вытаскивает джаву и приводит её к читабельному виду. + Ещё несколько приятных плюшек. Правдо немного кривовата и написана на VB. У меня пару раз падало =)

PDF Stream Dumper
 
не знал ку выложить, поэтому выкладываю сюда:
win32 ShellCode Constructor Engine от отечественного производителя зомбика. Некоторые люди называют этот энджин гавном, но она реально работает и дает хороший результат. В архиве сама дллка, хидер, описание и пример пользования win32 shellcode constructor
pass:123
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх