DisSharp Decompiler http://netdecompiler.com/ Декомпилятор .net приложений. Весьма неплохо справляется со своей функцией. А при декомпилировании обфусцированного .net кода порой превосходит reflector, когда тот упирается и отказывается перевести код в нечто более читаемое чем il, выдавая
Olly Debugger 2.0 Pre-alpha 4 http://www.ollydbg.de/version2.html Add: Да, кстати: первое, что попытался запустить в нём вызвало ошибку Обычная стандартная дельфийская GUI прога с добавленной секцией с одним nop'ом и с EP на эту секцию Уже отправил bug report. Вот сам файл: http://clickapic.com/file/2477/Project1-rar.html
Memory Hacking Software http://memoryhacking.com/ Недавно открыл для себя эту замечательную тулзу... Это очень мощный Memory scaner.. В дополнение к стандартному набору особенностей данного вида програм, в MHS присутствуют: 1. RAM Watcher, Hex Viewer 3. Отладчик с возможностью установки Read/Write/Access/Execute Breakpoint'ов 4. Си-подобный скриптовой движок.. Впрочем полное описание возможностей этой утилиты можно найти на сайте Download
AsmPad http://www.geocities.com/asmfreesoft Сегодня просматривал RSS и увидел пополнение на woodmann.com. Author: Rudy Rooroh Universal assembly editor Win32/64 assembler (MASM, GOASM, POASM, FASM, NASM, LZASM, YASM, HLA, TASM, ect..) Dos assembler (GASM, XASM, NBASM, ect..) Simple & Easy to use Syntax highlighting Multi Tabbed Keyword search F1 etc. Очень простая в использовании программа(похожа на Editor Fasm'a) и очень легкая ~44Kb Download
Armadillo Crc Finder V1.4 + AoRE Unpacker 0.4 download http://reversengineering.wordpress.com/2008/05/19/armadillo-crc-finder-v14-aore-unpacker-04/ Aspr2.XX unpacker 1.14 (2008-05-17) by Volx download http://reversengineering.wordpress.com/2008/05/19/aspr2xx-unpacker-114-2008-05-17-by-volx/ TheMida/winlicense unpaker 2 by okdodo http://reversengineering.wordpress.com/2008/05/19/themidawinlicense-unpaker-2-by-okdodo/
hash-генератор и генератор паролей. PasswordZilla поддерживает следующие форматы hash: MD5, MD4, MD2, CRC32, SAH128, SAH256, SAH384, SAH512, GostHash. http://depositfiles.com/files/5607949
Сборник плагов OllyDbg 167 Plugins 2008-05-24 (plus update package) http://reversengineering.wordpress.com/2008/05/24/ollydbg-167-plugins-2008-05-24-plus-update-package/ Сборник скриптов Ollydbg 867 scripts or update 149 scripts http://reversengineering.wordpress.com/2008/05/17/ollydbg-867-scripts-or-update-149-scripts/
Очередной апдейт Олли (24 мая): http://ollydbg.de/version2.html Syser Debugger http://reversengineering.wordpress.com/2008/05/31/syser-debugger-19719001016-2008527/
Poison 0.1 Author website Here is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot. Download Обновление на tuts4you Memory Hacking Software http://memoryhacking.com/ Обновление до версии 4.019 Update (5:13 PM 6/8/2008) Download
CHimpREC: The Cheap Imports Reconstructor 1.0.0.1 32\64-битный ребилдер импорта, представленный публике на конференции ReCon'08 * Первый универсальный 64-битный ребилдер * 32-битная версия также присутствует * Интерфейс схожий с ImpREC * Встроеный 32\64-битный дампер процессов * Автопоиск IAT по ImageBase или OEP * Ручное редактирование импорта Скачать Оригинал: http://reversengineering.wordpress.com/2008/06/24/chimprec-the-cheap-imports-reconstructor-1001/
Апдейт генератора патчей [Uppp V0.5, Patch creator with PNG skins] [Date: July 9, 2008] Download http://reversengineering.wordpress.com/2008/07/09/uppp-v05-patch-creator-with-png-skins/
[Asprotect Unpacking Tools] download http://reversengineering.wordpress.com/2008/08/27/asprotect-unpacking-tools/ [Armadillo Unpacking Tools serie 2] download http://reversengineering.wordpress.com/2008/08/27/armadillo-unpacking-tools-serie-2/
[Kurapica DotNET Dumper] download http://reversengineering.wordpress.com/2008/08/31/kurapica-dotnet-dumper/ [ALL ABOUT .net] Масса инфы по .net в этом сборнике download http://reversengineering.wordpress.com/2008/08/31/all-about-net/
ActiveMARK Viewer v1.1 Description: Tool for getting the ActiveMARK protection version used in a target. Bilingual edition (English/Spanish) When checking an ActiveMARK license file, it shows the Activation Code. Cкачать! Armag3ddon 1.4 + fix some minor bugs + improve import redirection functionality + update Arteam Import Reconstructor v1.2 (Nacho_dj) + add support for Armadillo v6.0.0/v6.0.4 custom builds + new log internal EP/OEP (nanomites) option + add refresh option for processing multiple targets” Скачать! Olly SocketTrace 1.0 About OllySocketTrace is a plugin for OllyDbg (version 1.10) to trace the socket operations being performed by a process. It will record all buffers being sent and received. All parameters as well as return values are recorded and the trace is highlighted with a unique color for each socket being traced. The socket operations currently supported are: WSASocket, WSAAccept, WSAConnect, WSARecv, WSARecvFrom, WSASend, WSASendTo, WSAAsyncSelect, WSAEventSelect, WSACloseEvent, listen, ioctlsocket, connect, bind, accept, socket, closesocket, shutdown, recv, recvfrom, send and sendto. Usage Simply install the plugin and activate OllySocketTrace when you wish to begin tracing socket operations. OllySocketTrace will automatically create the breakpoints needed and record the relevant information when these breakpoints are hit. To view the socket trace select the OllySocketTrace Log. Double clicking on any row in the OllySocketTrace Log window will bring you to the callers location in the OllyDbg disassembly window. The recorded socket trace is highlighted with a unique color for each socket being traced. Right clicking on any row will give you some options such as to view the recorded data trace. You can also filter out unwanted information if you are only concerned with a specific socket. Screenshot Скачать! Registry Trash Keys Finder v.3.8.0 SR2 - Prolongs some software’s trial period - Search for NULL-embedded (”hidden”) Registry keys - Keys’ preview and backup before their deleting - English-German-Korean-French-Dutch-Spanish-Russian interface - Superfast “Jump to Regedit” function - Shell command “Open in Regedit” for REG files Скачать! DotNET Tracer 0.3 This is a simple tool that has a similar functionality to RegMon or FileMon but it’s designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what’s going on in the background. 1- Select the assembly you want to analyze 2- Set the Events Mask, i.e Events you want to catch 3- Click “Start” 1- Enhanced scrolling in Events listview using mouse wheel 2- Ability to save events log to (*.log) files for later analysis 3- Every event has a special icon so that you can understand the list more easily 4- Removed skin to reduce flickering and enhance performance Скачать! IDA Stealth Plugin IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the process. The injected dll actually implements most of the stealth techniques either by hooking system calls or by patching some flags in the remote process. Скачать! Resources Extract v1.03 ResourcesExtract is a small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more…) stored in them into the folder that you specify. You can use ResourcesExtract in user interface mode, or alternatively, you can run ResourcesExtract in command-line mode without displaying any user interface. Скачать! Patch Maker v.1.5.RC2 + src Useful patch making tool, very customizable. Features: * LOGO (320×90) * MIDI/XM music * NFO-file * Main icon * Restore function * CRK import/export support Version history: 1.5 RC2 (21/04/2006) - public: * New design of patch maker utility + Save settings option + XM music support (uncompressed Patch size is increased by 15k) + Output patch compressing + Version history 1.3 RC1 (20/04/2006) - private: + NFO-file looks pretty 1.2 RC1 (01/04/2006) - public: + About box * Bugfix 1.1 (30/03/2006) - private: * New design of patch maker utility * Bugfix 1.0 (01/04/2006) - private, project start: + MIDI music support + LOGO support (320×90) + NFO-file support + Main icon + Restore function + CRK import/export support Скачать! 67 cryptors in one Code: 1337_EXE_Crypter ass-crypter Aver_Cryptor_1.02_beta BIP_0.1 Celsius_Crypt_2.0_XOR-Special_Edition Cigicigi_File_Crypter_1.0 Cryptic_2.1 Daemon_Crypt_2.0 DalKrypt_1.0 DarkAvengard_Crypter DarkCrypt_1.2_Private_Build DeX-Crypt_2.0_Private ExeCrypt_1.0 Falckon_Encrypter_1.0_beta fEaRz_Crypter_1.0_beta_1 FETiOP_3.0.A_Upgrade FFC_1.6 File_Crypter FreeCryptor_0.3b_build_003 GKripto_1.0 h4ck-y0u.org_crypter Hac-Crew_Crypter ICrypt_1.0 iNF_CRYPT_ L0rD_Crypter_1.0 MaskPE_2.0 Minke_1.0.1 Morphnah_beta2 Mortal_Team_Crypter_2.0 N-Code_0.2 NOmeR1 Open_Crypter_2.01.0 p0ke_Scrambler_1.2_Private PEcrypt Perplex_PE_Protector_1.01dev Pohernah_1.0.2 Pohernah_1.0.3 Poly_Crypt_2.8 PowerCrypt_v2.0 PrivateKrypt_beta Protect_-_0.1.5_beta RCryptor_2.0_Private RPolyCrypt_1.4.1 RPolyCrypt_1.4.2 Russian_Cryptor_1.0 S1mb10z_2.1 Scramble-Tool_0.2.3b Silly_Chr_Encrypter_0.5 Simple_Strreverse_Encryption_0.3 SkD_Undetectabler_2_Special_Edition SkD_Undetectabler_3 Snoop_Crypt StrAnGe_CrYpTeR STUD_RC4_1.0 Super_Crypt_1.0 UndergroundCrypter_1.0 UnDo_Crypter unnamed_Scrambler_1.2_D Unnamed_Scrambler_2.1.1 Unnamed_Scrambler_2.1 USC_2.1.1_Partial_Cleaning_Patch Vbs_Encrypter_0.01 Werus_Crypter_1.0 Wind_of_Crypt_1.0 WouThrs_EXE_Crypter_1.0_Beta X-Crypter_1.2 X-Crypter_1.2__S-B_Version_mod Скачать(1 часть) Скачать(часть 2) Circuit’s Cracker Tool Crypto: MD5 Modded (User Input) MD5 MD4 MD4 Modded (User Input) Sha1 Sha256 Sha512 RipeMD-128 RipeMD-160 Tiger Base64 Encoding/Decoding Cesar Cipher Conversion: ASCII To Hex ASCII To Decimal Hex To Decimal Hex To ASCII Misc: String Reversing String Length String Uppercase String Lowercase Calculation: Hex Calculator Dec. Calculator *Div *Mod *Multiplication *Subtraction *Addition *XOR *OR *NOT Скачать! Добавлено через 1 час 3 минуты LAG Loader Generater 1.2 1.2 update + fix boundimport resolve bug + fix load check bug + use advanced thread control + add autosave/autoload config Cкачать! DK Binder v1.0 Options: -unlimited files support -run or not -Choose extract path -Run or not if on VM -RC4 Encryptions for files -Show/Hide option -Parameters support Скачать! Superior Patch Generator 1.1 Here is version 1.1 of my AM 6.x inline generator. This tool uses the Superior Method of Inline Patching for the most reliability in getting a working inline (especially for v6.3). Check it out and tell me what you think. Скачать! LAG Loader Generater 1.0 Single process and multithread dynamic patch technology 2Easyly patch Exe,Dll,Ocx etc. 3Compatible with asm,vb,vc,vfp,pb,pascal etc. 4More convenient and stability for packed program. Скачать! EDB Linux Debugger v 0.9.1 by Evan Teran Features * Intuitive GUI interface * The usual debugging operations (step-into/step-over/run/break) * Conditional breakpoints * Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them. * Basic instruction analysis * View/Dump memory regions * Effective address inspection * The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them. * Importing of symbol maps * Plugins o Search for binary strings o Code Bookmarks o Breakpoint management o Check for updates o Environment variable viewer o Heap block enumeration o Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan) o Open file enumeration o Reference finder o String searching (like strings command in *nix) Скачать! Superior Patch Generator 1.1 Here is version 1.1 of my AM 6.x inline generator. This tool uses the Superior Method of Inline Patching for the most reliability in getting a working inline (especially for v6.3). Check it out and tell me what you think. Cкачать! Exeinfo V.0.0.1.8 G3 Code: Delphi 2007 v11 387. Microsoft Visual C++ v9.0 ( e8 ) www.microsoft.co 388. ActiveMARK 5.x -> Trymedia Systems - www.trymedia.co *ACM 389. (E8) Microsoft Visual C++ 9.0 - Visual Studio 2008 390. Microsoft Visual C# / Basic.NET / MS Visual Basic 2005/2008 391. TTProtect 1.0 - 2007/2008 - www.ttprotect.co (.net/dll) 392. TTProtect 1.0 - 2007/2008 - www.ttprotect.co (exe) 393. MPRESS v1.05 - MATCODE comPRESSor for executables © 2007,2008, MATCODE Software - www.matcode.co 394. MPRESS v1.07 - MATCODE comPRESSor for executables © 2007,2008, MATCODE Software - www.matcode.co 395. EncryptPE V2.2008.6.18 China Cracking Group - www.encryptpe.co 396. Empathy 2.1 Exe password 2007.08 (using : PE-Inject Engine 1.0 by M.Strechovsky ) ( pass decode max.12 char) 397. Microsoft Visual Basic v4.0-6.0 DLL (5A) 398. Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 (4xFF25) 399. Borland C++ Copyright ( No Copyr. sign ) 400. !EPack 1.4 lite final - by 6aHguT / Team-X 2006.08 Скачать! Trial-Reset 3.4 Final Unfortunately I have not much time to dedicate to this project so this is the last version. I thank all those who helped me in the development. What’s new v3.4 Final (Public): -Updated support for WinLicense (Ring-0 Protection) Скачать! ArmaGeddon 1.3 Code: May 2008 - v1.3 + resolve relocations for dll files (Nacho_dj) + added new option to minimize the size of a dumped file (Nacho_dj) Particulary useful for Shockwave Flash + applications that make use of an overlay. Of course this will also rebuild a normal target’s PE structure. + improved import rebuilder v1.1.2 (Nacho_dj) + added new option to “Resolve” nanomite INT3 instructions with their original jmp instructions and patch directly to the dumped target. Requires use of the nanomite “Analyze” + “Log” options. Note: you can also elect to resolve nanomites directly to a target process’s memory if you elect to detach!! + integrated Admiral’s Strategic Code Splicing removal engine into the tool. This is now the (default) behaviour and can be overridden with new option to redirect CS (code splices) instead + new option to dump / decrypt / decompress the .pdata section to a binary file + new option to detach from a process (choose: DebugBlocker or CopyMemII) + resolve problem for ArmAccess dll function:Installkey missing error msg + add support for UPX compressed single process targets + new option to change your Standard / Enhanced Hardware Fingerprint ID + resolve some minor bugs =========================================== March 2008 - v1.2g [gabor edition] + add warning message for OEP call return VA not from Armadillo VM Note: Informational, not usually relevant for dll’s or exe’s with copymem2, but may be useful for troubleshooting invalid OEP’s resulting from custom implementations and/or packing / compressing of a file prior to being protected by Armadillo + fix problem with copymem2 search string error + fix problem with createdump on error =========================================== March 2008 - v1.2 + improved PE section name resolution for internal use (thank’s Ghandi) + improved ARTeam Import Reconstructor v1.2 =========================================== February 2008 - v1.1 + added dll support (dll loader.exe) + added option “Use OpenMutext trick” to force a single process. Use only if normal “debug blocker” processing fails. This would occur when a parent process launches the child process, but doesn’t debug the child process (i.e. use the WaitForDebugEvent API) + improve IAT elimination functionality + includes updated ARTeam Import Reconstructor =========================================== Скачать! Windows Debuging Tools 6.8.4.0 n this release, more components of the debugger are now redistributable. You will find enhancements to the !lmi and !exchain commands and Symsrv support for resource-only binaries. Numerous improvements have been made to components and commands, such as: !analyze, DBGEng reliability, live KD for Windows Vista, context handling for .frame, .dumpdebug for minidump debugging, and breakpoint list commands. Also included are updates and advances in the documentation. For further details, read the RELNOTES.TXT provided in the package. Скачать! MultiExtractor MultiExtractor is an application that allows you to extract multimedia files. With MultiExtractor you can easy extract/recovery multimedia files stored in database files or executables. MultiExtractor has a PE-Scan engine that will allow you to extract icons and bitmaps stored in exe-files (32 bit Portable Executable). MultiExtractor extracts files stored in other files and optionally unstored files (stored on disk but not in file). Скачать! Xenodecode V0.2, Decoder This is a tool to get back all strings, which have been encrypted by the protector Xenocode. Скачать! Advanced Loader Generator 1.31 Скачать! APIScan 2.1 APIScan is a simple tool to gather a list of APIs that a target process uses. You can use this list in an initial analysis to help determine a target’s general operating nature. Also can be used to help determine patch/update changes by doing a WinDif on “before” and “after”. There are similar tools, often more robust (like “Dependency Walker”), but most of these just parse the target IAT (”Import Address Table”) alone. APIScan catches dynamically/delayed loaded modules too; and dumps them as a simple list. Скачать! LordPE Deluxe B Patched Исправленная версия знаменитого дампера и редактора ресурсов от y0da - LordPE. Теперь LordPE Deluxe может отображать больше, чем 60 процессов, за что спасибо ultimategamer’у. Cкачать! HashTab 2.1.1 В этой версии: * Добавлена поддержка drag and drop для сравнения хешей файлов * Обновлены переводы на немецком, японском, итальянском, французском, украинском, испанском, финском и китайском языках * Добавлен французский язык * Исправлена настройка хеш-списка * В контекстное меню добавлено “Copy All”, для копирования всего списка полученных хешей * Добавлены хеши MD2 и MD4 * Обновлены переводы, в связи с добавлением новых элементов интерфейса. Скачать! Armag3ddon 1.4 This Tool can strip Armadillo Protection from protected Exe’s / Dll’s Скачать! ExeInfo PE 0.0.1.9B Скачать! Syser Kernel Debugger 1.98 1. Fixed s command bug. 2. Fixed a BOSD bug on Vista (Bug Check 0×1: APC_INDEX_MISMATCH). 3. Add string reference windows of PE. 4. Enhanced mod command, display TimeDateStamp of PE module. 5. Fixed a BOSD bug of device,driver command. Скачать! Flashback Protector 1.0 build 08.05 beta 1 * Первая публичная бета версия * Создан Help * Улучшена аниотладка * Улучшена защита от распаковки * Почти все опции встроены * Немного изменен интерфейс * Небольшие изменения Скачать! Calc 1.25 Отличный калькулятор от s0larian’а, одного из постояльцев форума cracklab. v1.25 - fixed a bug where calc was creating an empty .ini file. The .ini is now only read, never written. Thanks HandMill. Скачать! LAG Loader Generater 1.0 build 2008.08.01 1. Single process and multithread dynamic patch technology 2. Easyly patch Exe,Dll,Ocx etc. 3. Compatible with asm,vb,vc,vfp,pb,pascal etc. 4. More convenient and stability for packed program. Скачать! WCRPatcher 1.2.12 * Добавленна поддержка изображений в форматах jpg/gif/png. * Удаленна поддержка прозрачных BMP. * Обновлён режим О пррограмме (без изображения). * Исправленны мелкие баги. Скачать! DE Decompiler Lite 2.0 GPcH продолжает радовать нас своими продуктами, не так давно обновился De-Decompiler - декомпилятор программ, написанных на Delphi версий с 4 по 2007. Полная профессиональная версия программы стоит денюшку, где-то 99 зеленых за год на одного человека, но можно попробовать использовать и бесплатную lite версию, которая и доступна на нашем сайте. Последняя версия De-Decompiler’а, претерпела такие изменения: Add: Ignore bad jumps Add: Project name detection Add: Initialize and Finalize functions detection Add: Processing initialization table for API/KOL compiled projects Add: Process DLL Export table Add: Recent files history list in File menu Add: New plugin functions: ClearAllBuffers, GetCompiler, IsPacked, SetStackCheckBoxValue, SetAnalyzerCheckBoxValue Add: If plugin function have error after using method decompiler return information about this or “1″ if all ok Add: BPL functions automatic demangler Add: New DataBase packed format (now supported new and old DataBases) Add: Decompile DateTime, Currency and Int64 data types BugFix: Count try/end blocks BugFix: Parsing error classes don’t stop decompilation Cкачать! ACKiller 1.0 Программа предназначена для автоматической распаковки программ, защищенных протектором ACProtect (в прошлом UltraProtect). Поддерживаются версии ACProtect 1.06, 1.07, 1.09, 1.09c, 1.09e, 1.09g, 1.10, 1.20, 1.21, 1.22, 1.22b, 1.22c, 1.23, 1.30, 1.3b, 1.3с, 1.32, 1.35a, 1.40, 1.41 и 2.0. Новое в этой версии: # Возможность распаковки программ с опцией Har Скачать! ExeInfo PE 0.0.1.6 C овая версия PE сниффера, от всех остальных он отличается тем, что может отображать подсказку, то есть тем можно распаковать тот или иной файл. Cкачать!
Serial Sniffer Creator Cкачать! Source Insight v3.50 ource Insight is a project-oriented program editor and code browser, with built-in analysis for C/C++, C#, and Java programs. Source Insight parses your source code and maintains its own database of symbolic information dynamically while you work, and presents useful contextual information to you automatically. Cкачать! CoolDumpper 1.0 beta6 Скачать! BreakPoint Hex Workshop v5.1.4 Hex Workshop supports drag and drop and is integrated with the Windows operating system so you can quickly and easily hex edit from your most frequently used workspaces. The Data Inspector is perfect for interpreting, viewing, and editing decimal and binary values. Arithmetic, logical, ascii case, and bitwise operations can be used to help manipulation your data in place. Additionally you can goto, find, replace, compare, calculate checksums, add smart Скачать! Kernel Detective v1.0 Kernel Detective is a free tool that help you detect, analyze, manually modify and fix some Windows NT kernel modifications. Kernel Detective gives you the access to the kernel directly so it’s not oriented for newbies. Changing essential kernel-mode objects without enough knowledge will lead you to only one result, BSOD Скачать! IntelliLock 1.1.0.4 IntelliLock is an advanced 100% managed solution for licensing controls and applications. While .NET Reactor offers a licensing system based on native code protection, IntelliLock opts a 100% managed way to apply licensing and protection features. This way single files can be produced without the need of additional files. Its flexible managed concept allows you full licensing integration into any existing system. IntelliLock supports the .NET Framework 1.1, 2.0, 3.0 and 3.5. There is also a comprehensive support for the Compact Framework 2.0 and 3.5. IntelliLock combines strong license security, highly adaptable licensing functionality/schema with reliable assembly protection. Its protection capabilities meet the needs you demand on a secure licensing system. Скачать! Sonne Flash Decompiler v5.0.1.4 Sonne Flash Decompiler is designed for anyone who wants to restore elements used in flash files. It is a powerful flash decompiler with the functionality to convert flash files between swf and exe formats and edit swf movies (dynamic texts, images and more). With Sonne Flash Decompiler, all components including images, sound, action scripts, texts, morphs shapes, frames, morphs, fonts, texts, buttons and sprites can be completely recovered. By using Sonne Flash Decompiler, you can find out almost everything in a Flash movie and get back your FLA. Скачать! EasyHook 2.5 beta This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software Скачать! Smartassembly Enterprise v3.0.3 The powerful and user-friendly solution for .NET assemblies’ efficient merging, pruning, obfuscation, optimization, and automatic exception reporting for easy post-deployment debugging. Скачать! Patch HWID Execryptor 2.4.1 Скачать! MASM Full from v10 Скачать! RadAsm Скачать! General Register Key Generator General EXECryptor registration code generator Final If the shell EXECryptor good use of its SDK, for good or intensity, the interface is simple. Registed calculation also more convenient! Скачать!
Plugins anf script's for OllyDbg IDAFicator v1.2.12 BP-OLLY v0.1 Cкачать! StrongOD v0.15 (bug fixed) 1, enhanced Find function modules (correctly handled peb find the modules, such as ring3 hidden module) 2, OD enhance the document Pe head of analysis (such as Upack shell, etc.) 3, anti anti attach (an extreme form attach) 4, the goal is no longer out of debugging (DebugActiveProcessStop) function, xp system over 5, dll to be injected into the process of debugging a) Remote Thread (using CreateRemoteThread injection) b) Current Thread (shellcode, not to increase threads way into the current thread to be suspended) ////////////////////////////////////////////////// ///////////////////// Tell us about simple function: 1, View module features: Find module is the general search peb, have to deal with the peb, OD support properly, so StrongOD find ways to use the module ZwQueryVirtualMemroy The following plans: This is the hidden module, ProcessExplorer find less than module, and correctly found in the OD 2, the first non-normal PE, OD will not be able to identify, in the data window pe header structure will be an error, StrongOD OD enhanced ability to identify PE head, but also to other plug-in for the information provided to facilitate pe The chart is the main program UPack 3, many procedures to prevent additional OD, hook or a NtContinue DbgUiRemoteBreakin function, StrongOD use of a means to attach extreme attach. (Note: some unconventional means to check the thread StrongOD no special treatment, such as opening a thread TTProtect regularly check, can not be here or attach) 4, DebugActiveProcessStop functions to be debugging process from the debugger 5, dll to be injected into the process of debugging, two kinds of ways, the first thread is the long-range model, the second did not open an additional thread, the current moratorium on the use of the thread to inject. The former can be run in the state, can also suspend the state, while the latter must first suspend a thread can be injected Скачать! Olly SocketTrace 1.0 Скачать! VEH Walker This plugin shows all installed vectored exception hadlers in the program. Copy VEH_Walker_Plugin.dll into OllyDbg plugin directory. Load VEHDemo.exe into OllyDbg. Set breakpoint on ExitProcess. Run program. When you stop on ExitProcess, choose menu item View VEH. Скачать! poison(ollydbg plugin) +src ere is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot. Скачать! Stealth64 1.0 Anti Anti and compatibility plugin for Olly 1.10 running on Vista x64. I made this little plugin to make unpacking on Vista x64 a bit more bearable It has most of the know anti anti and makes an effort to make Olly behave like it should on regular x86 machines. Next to this I implemented my own version of the OllyBone ‘Break On Execute’ making unpacking some simple packers a lot easier. Скачать! OllyMoreMenu 1.1 This plugin added in ollydbg in the menubar more menu´s with your favorite tools for quickstart. - for add new menu entry go in add menu and add you favorite tools if ok add this plugin new menu´s in ollydbg menubar for quickstart Скачать! OllyCallTrace OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing. Скачать! Hidedbg For themida1.9.5 Functions: Code: 1.Hide IsDebuggerPresent 2.Hide NtGlobalFlag 3.Hide ProcessHeapFlag 4.Patch ZwQueryInformationProcess (==patch UnhandledExceptionFilter) 5.Patch ZwSetInformationThread 6.Patch CheckRemoteDebuggerPresent 7.Patch OutputDebugStringA 8.Anti heap-checking (For themida1.9.5.0) Скачать! FullDisasm 1.63 “I propose to you small a plugin for OllyDebugger 1.10 and Immunity Debugger 1.00 which makes it possible to replace the old routine of dismantling of OllyDbg by BeaEngine. With this new plugin, OllyDbg and ImmDbg are capable of débugguer last instructions FPU, MMX, SSE, SSE2, SSE3 and SSSE3, SSE4.1, SSE4.2, VMX. It also makes it possible to choose a syntax parmis 3 (GoAsm, Nasm, Masm). Скачать! Olly Script Editor v2.0 Скачать! Ollydbg 867 scripts or update 149 scripts Скачать!
