[Immunity Dbg Plugins] 1.IMM-PhantOm.v.1.30 2.IMMHideDebugger.v1.24 3.IMMODbgScript.ENGLISH.1.65 http://reversengineering.wordpress.com/2008/09/11/3-new-plugins-for-immunity-debugger/
PatchDiff Ida 5.2 Plugin Description PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.2). The plugin can perform the following tasks : Display the list of identical functions Display the list of matched functions Display the list of unmatched functions (with the CRC) Display a flow graph for identical and matched functions The main purpose of this plugin is to be fast and give accurate results when working on a security patch or a hotfix. Therefore this tool is not made to find similar functions between two different programs. Patchdiff2 supports all processors that IDA can handle and is available in two versions: 32 bit and a 64 bit. patchdiff2 is freely distributed to the community by Tenable Network Security in the hope it will be useful to you and help research engineers to better analyze different patches. However, Tenable does not provide support for this tool and offers no garantee regarding its use or output. Please read the end-user license agreement before using this program. demo video: http://cgi.tenablesecurity.com/tenable/pdiff2.swf.html download: http://cgi.tenablesecurity.com/tenable/patchdiff.php
Kartoffel 1.4 Kartoffel 1.4 Kartoffel - command-line утилита для проверки драйверов на уязвимости к входным и выходным данным как своих так и сторонних. На официальном сайте, помимо самой программы, есть видео, показывающее принципы и методы работы. Сайт
Плагин для IDA, название говорит само за себя [DePack APLIB-LZMA 0.1] download http://tuts4you.com/download.php?view.2485
dup 2.18 Final replaced WinExec API by ShellExecute for Windows Vista -bugfix in Dialog for editing S&R Pattern Occurrence -added check for skin button IDs -improved window resizing engine -added option “trim to path” for Registry Paths -loader can save now targetfilepath to inifile when its not in same folder -added TitchySID player for .sid file playback -added new option for attached files: overwrite existing file -added support for disabled patch button skin -added multilanguage support -fixed bug with tooltip width. long hexpatterns are displayed now in multiple lines -compiled with new MASM v10 -bugfix when executing attached files -bugfix for resource (skin) updater -strings for patcher.exe can be modifed now inside a skin Download! Syser Debugger 1.99.1900.1095 Syser Debugger is designed for Windows NT Family based on X86 platform. It is a core-level debugger with full-graphical interfaces and supports assembly debugging and source code debugging. Syser Debugger is able to debug Windows applications and Windows drivers. Don’t leech from kopona.netSyser Debugger perfectly combines the functions of IDA Pro, Softice and Ollydbg, which makes operations easier and faster and provides powerful functions. It supports multi-CPU and Intel Hyper-Threaded processors. Features: - Supports color disassembly. - Source code debugging supports syntax coloring. - Source code debugging supports collapsing mapping between source code and assembly instructions. - Supports dynamic loading and unloading. - entire keyboards operations support. (If is doing not have mouse equipment situation all operations all to be allowed to use keyboard to operate) - Full mouse action support (if no keyboard is available, all operations can be performed through mouse commands). - Commands are Softice-compatible - Multi-language support, fully implemented unicode at low level. - Supports plug-ins. - Supports multi-CPU and Intel Hyper-Threaded processors. - Supports startup scripts (similar to batch files). - Supports clipboard function, able to copy data from Ring 3 debugger to Ring 0 debugger. - Fully supports PDB debugging symbol files. - Automatically load drivers to debug. - Supports comments adding when debugging. - Supports bookmark function. - Don’t leech from kopona.net. - Address navigation is supported in disassembly windows and users can browse different functions quickly by double-clicking. - Source code debugging supports quick view of variables and users can view variable types and values by moving cursor over variable names. - Syser is the perfect combination of IDA and Softice functions. - Supports address cross-reference lists. - Supports data reference lists. - Supports the advanced processing modes of pointing devices, such as TouchPad, TrackPoint. - Supports multiple data windows. - Supports multiple code windows to facilitate the browsing of assembly code. - Supports run trace mode for ollydbg. PEiD PEiD is special in some aspects when compared to other identifiers already out there! 1. It has a superb GUI and the interface is really intuitive and simple. 2. Detection rates are amongst the best given by any other identifier. 3. Special scanning modes for *advanced* detections of modified and unknown files. 4. Shell integration, Command line support, Always on top and Drag’n'Drop capabilities. 5. Multiple file and directory scanning with recursion. 6. Task viewer and controller. 7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer. 8. Extra scanning techniques used for even better detections. 9. Heuristic Scanning options. 10. New PE details, Imports, Exports and TLS viewers 11. New built in quick disassembler. 12. New built in hex viewer. 13. External signature interface which can be updated by the user. There are 3 different and unique scanning modes in PEiD. The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do. The *Deep Mode* scans the PE file’s Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files. The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result. The scanner’s inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons! Download!
OllyDbg modified : OllyDbg - BoomBox http://rapidshare.com/files/25394210/request.php_3 OllyDbg - Chinese http://rapidshare.com/files/25394358/request.php_554 OllyDbg - CiM’s http://rapidshare.com/files/25394505/request.php_1206 OllyDbg - Diablo’s http://rapidshare.com/files/25395171/request.php_2 http://letitbit.net/download/6bb575376676/d2k2.ollydbg.public2008-updated.rar.html OllyDbg - ExeCryptor http://rapidshare.com/files/25395311/request.php_553 OllyDbg - Hacnho’s http://rapidshare.com/files/25395639/request.php_4 OllyDbg - OllyICE http://rapidshare.com/files/25395646/request.php_5 ollyice 2007.9.21 http://rapidshare.com/files/60720683/OlyICE2007.9.21.rar bigice 5 http://rapidshare.com/files/26791856/bigice5.zip ollyice 2008.1.1 http://rapidshare.com/files/115550173/OllyICE_2008.1.1.7z http://letitbit.net/download/b2ab7b731783/OllyICE-2008.1.1.rar.html OllyICE v1.10 http://rapidshare.com/files/132790837/odbg110_OllyICE_v1.10_update.rar OllyICE TheMida MOD. By EvOlUtIoN http://letitbit.net/download/90b2a3913809/OllyICE-TheMida-By-EvOlUtIoN.rar.html http://rapidshare.com/files/138149196/OllyICE_TheMida_By_EvOlUtIoN.rar OllyDbg - Shadow http://rapidshare.com/files/25395640/request.php_6 OllyDbg - Unmodified! http://rapidshare.com/files/25395641/request.php_1 OllyDbg-flyODBG http://rapidshare.com/files/26789936/flyjnop790.zip ollydbg - ricardo nar. http://rapidshare.com/files/26791858/ricarcdon.zip OllyDbg_SLV edition http://rapidshare.com/files/26791862/slv.zip OllyDbg -Arabic http://rapidshare.com/files/26791864/ice1_3.zip Ollydbg - xp http://rapidshare.com/files/26771160/ollydbg_110_xp.rar Ollydbg - greenstyle http://rapidshare.com/files/26436069/ollydbg_Green_Style_20by_20jnop790.rar OllyDbg - armadillo http://rapidshare.com/files/34817803/odbg_204_20armadillo_20with_20tools.zip OllyDbg - xp+ dct http://rapidshare.com/files/34821367/ODbg_20xp_20DCT.zip OllyDbg - ADO http://rapidshare.com/files/34821368/ODbgADO.zip OllyDbg - SND http://rapidshare.com/files/34821374/ODbgSnD.zip OllyDbg -D2K2 http://rapidshare.com/files/34821377/ODbgD2k2.zip OllyDbg - DeFixed http://rapidshare.com/files/39044055/DeFixed_Edition.rar OllyDbg - DeFixed v2 (foff) http://rapidshare.com/files/60718378/DeFixed_Edition_v2.rar OllyDbg - ExeCryptor http://rapidshare.com/files/39851301/exec.olly.zip olly bronco (mod. for execryptor ) http://rapidshare.com/files/66345462/OllyDbg_v1.10_Bronco.rar olly YPOGEiOS DOX DiViSiON http://rapidshare.com/files/66345700/YGS-DOX_OllyDBG.v1.10.Mod-YPOGEiOS.rar OllyDbg’ - Snd version all plugins and olly patched : http://rapidshare.com/files/44123914/0_1_1_YDbg_Beta_Full.7z the 0dbg for Themida/WinLicense V1.9.3.0 http://rapidshare.com/files/50611549/The0DBG.exe HanOlly http://rapidshare.com/files/64369450/odbg110__HanOlly_edition_for_themida_1.9.rar ollydbg modified for themida 1.9.5 http://rapidshare.com/files/65716863/O_ll_y_Dbg_modify_for_themida1.9.5.EXE ollydbg modified for themida and execryptor http://letitbit.net/download/d35cd7115999/RAMODBG.rar.html ollydng Sabre Gold http://rapidshare.com/files/98483227/odbg110_Sabre-_Gold.rar DarkOlly http://rapidshare.com/files/137296680/DarkOlly.7z OllyDbg 1.10 - kamal http://letitbit.net/download/9e844d493204/OllyDbg-1.10-by-kamal.rar.html OllyDbg v1.10 LifeODBG v1.4 http://letitbit.net/download/686a95302760/OllyDbg-v1.10-LifeODBG-v1.4.rar.html OllyDBG The_Best_version http://rapidshare.com/files/142544485/OllyDBG_The_Best_version.rar http://letitbit.net/download/ffb745506367/OllyDBG-The-Best-version.rar.html OllyDbg 2 http://rapidshare.com/files/64369705/ollydbg_2a-_20_oct07.exe OllyDbg v2.00 Alpha 4 http://letitbit.net/download/a51bdc740372/OllyDbg-v2.00-Alpha-4.zip.html OllyDbg v2.00 Alpha Sabre-Gold http://letitbit.net/download/357163436792/OllyDbg-v2.00-Alpha-Sabre-Gold.rar.html oLLYdbg 2.00 g http://letitbit.net/download/0768f7669997/odbg200g.zip.html > all patches for OllyDbg 1.x< http://rapidshare.com/files/35977772/OLLYDBG_1.10_all_patches_.rar
OllyDbg 1.10: ---------------------------------------------------------------------- + New look + Modified code for almost perfect hiding + Win32 API help reference + Modified code for expanded windows + Modified code for %s overflow RCE exploit + Modified code to make symbols load properly + OllyDRX Plugin Patcher + Plugin Development Kit & Script Editor v2.0 Tools: ---------------------------------------------------------------------- DUP2.18.3 + DRX Skins LordPE Deluxe b PEiD 0.95 + Database Resource Hacker 3.4.0.79 .NET Reflector 5.1.4.0 DeDe 3.50.02 Build 1619 ASCII-Tabelle (PDF) Universal Extractor 1.6 VB Decompiler Lite 6.0 Import Reconstructor 1.7c Wark 1.3 PE Tools 1.5.400 VeoVeo 3.4 TeLock 0.98 MASM v10 WinASM v5.1.5.0 CrypTool 1.4.21 Hiew 7.26 *removed* W32Dsm 8.93 + BratPatch 3 final + new look *removed* Plugins: ---------------------------------------------------------------------- +BP-OLLY Ver 2.0 beta 4 Olly Advanced 1.25 Master Edition AnalyzeThis! v0.1 Bookmark v1.06 CommandBar 3.20.110 ODbgScript v1.64.3 OllyDump v3.00.110 Olly TBar Manager (Gold) Olly More Menu 1.3b DataRipper 1.3 CleanupEx 1.12.108 Scripts: ---------------------------------------------------------------------- 629 Scripts Unpackers: ---------------------------------------------------------------------- Stripper 2.11 RC2 DilloDIE 1.6 Unpacker Execryptor 1.0 RC1 UnThemida 2.0 Themida/WinLicense Unpacker 2.0 DOWNLOAD LITE: h++p://depositfiles.com/files/ft5n6vn58 h++p://w18.easy-share.com/1702463352.html h++p://www.filefactory.com/file/ac9034/n/OllyDRX-lite_rar h++p://www.megaupload.com/de/?d=U7MRQDMS h++p://www8.zippyshare.com/v/75599538/file.html h++p://rapidshare.com/files/164776142/OllyDRX-lite.rar.html h++p://uploaded.to/?id=1512vy h++p://www.zshare.net/download/51462688fc5d1b2b/ DOWNLOAD FULL : h++p://www.filefactory.com/file/fb07d8/n/OllyDRX-final_rar h++p://www7.zippyshare.com/v/15221987/file.html h++p://rapidshare.com/files/164774793/OllyDRX-final.rar.html h++p://uploaded.to/?id=qo8hz5 h++p://w18.easy-share.com/1702463283.html h++p://www.megaupload.com/de/?d=E149X23L h++p://www.zshare.net/download/514630138c46ce01/ PASSWORD:derox
[c32asm 0.8.8] http://tuts4you.com/download.php?view.1130 скрин http://img370.imageshack.us/my.php?image=sccrch1.jpg в ini только язык на english сменить C32ASM.INI language=0
_DarkOlly Rix 1.0_______________________________________________ Lite version: http://www.mediafire.com/?z0ytzimynyz Full version Download ===>> http://www.mediafire.com/file/m2ni4lca2qz/DarkOlly Rix 1.10.part01.exe http://www.mediafire.com/file/ezbem2jzmj0/DarkOlly Rix 1.10.part02.rar http://www.mediafire.com/file/yqnlwumyjzy/DarkOlly Rix 1.10.part03.rar http://www.mediafire.com/file/n5jyynyomzw/DarkOlly Rix 1.10.part04.rar http://www.mediafire.com/file/mymzyzefwxm/DarkOlly Rix 1.10.part05.rar OR : http://www.mediafire.com/?m2ni4lca2qz http://www.mediafire.com/?ezbem2jzmj0 http://www.mediafire.com/?yqnlwumyjzy http://www.mediafire.com/?n5jyynyomzw http://www.mediafire.com/?mymzyzefwxm
занимательные вещицы нашел DataRipper 1.3 Code: Author Ziggy website http://forum.tuts4you.com Description Data Ripper is an easy way to rip any kind of data from an app being debugged using Ollydbg. The ripped data can be formatted and “declared” in the syntax of the popular programming languages MASM, C/C++ and Delphi. Data Ripper is useful whenever you need to rip data, tables etc out of an app so the data can be used in another compiled program. Скачать! FastScanner v2.0 Code: [U]Description:[/U] FastScanner is a Detector for most packers , cryptors and compilers for PE Files Programmed in ASM and designed for fast access to most needed plugins. 1- Arabic interface now available. 2- New Skin for both the scanner and the PE-Editor. 3- Bug Fixed in the scanning algorithm. Now, it’s more powerful. 4- Updated signature file to detect most compilers, packers and protectors. 5- Add a TotalScan button in the scanner. 6- Add a Disasm button in the scanner. 7- Add a sections viewer button in the scanner’s main window. 8- Display the signature file date in the scanner’s main window. 9- Add a new plugin to detect and save overlay. 10- Add a new plugin => Signs-Imitator. 11- Bug fixed in the Add-Sig plugin. 12- Big update in the PE-Editor plugin: a- section viewer and editor ( add section - delete section - edit section header). b- new buttons to view exports and imports table. c- new tab to view and edit the PE’s directory table. d- new tab to view and dump any process from memory. e- make a backup copy of the modified files. Скачать! RDG Packer Detector v0.6.6 Code: -Detection improved for Fast and Powerful Mode! -Signatures Database Up-to-date! -Heuristic Detection of Binders -Overlay Detection and Extraction! -Automatic Check and Update! -MD5 Hash Detection Very Fast! -Multiple Support for Plug-ins, for RDG Packer Detector and for other detectors! -Multiple Detection of formatted MPG,GIF,RAR,ZIP,MP3 etc. -Detection and extraction of associated Скачать! Kernel Detective v1.1 Скрин-h*tp://img526.imageshack.us/img526/1615/handlesyd8.png Code: new version 1.1 -Added : Hidden Handles Detection, show every handle’s object name and address + ability to close the handle. -Improved : Processes Detection, new undocumented algorithms implemented. -Improved : Drivers Detection, undocumented algorithms implemented. -Improved : SSDT Hooks Detection, detection algorithm improved to bypass KeServiceDescriptorTable EAT/IAT hooks (read more). -Improved : User-space memory reader/writer and symbols decoder. -Improved : Application GUI. -Fixed : BSoD while driver initializing and most known bugs in version 1.0. Скачать!
Tola Patching Engine Great little patcher. h++p://depositfiles.com/files/ta2v79tcv _________________________________________ dUP: diablo2oo2 Version: 2.19 beta 4 Features: -multiple file patcher -create Offset and Search&Replace patch/loader -compare files (RawOffset and VirtualAddress) with different filesize -registry patcher, also for loaders -attach files to patcher -get filepaths from registry -usage of CRC32 and filesize checks -patching packed files -compress patcher with your favorite packer -saving projects -use custom skin in your patcher -add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher -and many more... h++p://diablo2oo2.di.funpic.de/stuff/dup2.beta.rar
На первой странице обновила первый пост, ибо там все ссылки уже умерли с 2006 года. сгуппировала самое основное и сделала линки нормальные. имхо так удобней будет ориентироваться. Правда не все еще пересмотрела, сегодня ночью мб или завтра доделаю. Если есть какие-то предложения по структуре темы - пишите мне в пм.
PROTECTiON iD v6.1.3 faster, more accurate, still better and no more beta - xmas release #2 Core Code changes: - new: width-RESIZEABLE main window - new: user can now choose what protection scans to skip - new: added in new configuration item allowing the user to specify if iso, ccd, mds etc modules are to be treated as discs (and therby subject to a sector scan) - new: ability to scan inside microsoft cab files has been implimented - update: we are now v0.6.1.3 - update: faster scanning core - update: configuration window has a new look - update: better 64 bit file handling support added - update: appended data detection tweaked a little - update: now if pid is running and an exe is scanned from the context menu, the main window will change to the log window (looks better.. suggested by loki) - update: lnk file resolving is now complete, if user has selected to resolve links, the system handles this all automatically - update: window position is now centred if a previous window location was not recorded - update: adjusted ia64/x64 vs. machine check portion of code (thx to teddy rogers) - update: configuration - windows product key showing is now a configuration item - update: configuration - now 'themes' and 'flat mode' can not be selected at the same time, this is how it should be as themes override flatmode etc... so now only one can be selected, and the other is 'auto unselected' (suggested by syk0) - update: configuration - addedin code to enable/disable the 'protection report bubble' after a scan is completed - update: Memory Optimiser - the progress bar should get to the start again when user clicked on Optimize and Purge was successful - update: Memory Optimiser - code heavily updated, to work in chunks (if largest size requested is not available), so, end result - more reliable, faster and optimised - update: misc tools - added in quick uninstall tab - update: misc tools - added in CD/DVD Filter Driver scanner tab - update: misc tools - added in Windows Error Code Resolver tab - update: misc tools - added in CPU Info tab - update: misc tools - added in windows directory in the system info output - update: misc tools - added in Folder Locations scanner - update: misc tools - system information window now reports graphic device names (geforce, etc), username & computername and terminal services availability also reported - update: misc tools - windows install date (from registry) is now reported in the misc tools 'system info part', windows install date (from folder) is now also reported. - update: misc tools - tweaked x64 os detection code, so its a lot more reliable - update: misc tools - windows product key reporting now also handles x64 systems - update: nfo viewer - extra checking now added - zip, rar and mz executables will NOT be displayed, instead, a warning message is displayed - update: process view - added in check for terminate, dump, priority change.. if selected process is pid, the menu items are disabled (for safety and security) - update: svf checking now reports current offset on the line when processing - update: sfv processing now works with quoted filenames - update: winspy - process name is now also reported (if we could obtain it.. ) - update: log window in cd/dvd operations now has a context menu, allowing for... clear log copy selection to clipboard copy log to clipboard save selection (txt) save selection (csv) save log (txt) save log (csv) - bugfix: admin reflection / reporting was incorrect on 9x/ME systems - bugfix: 'admin shield' icon is now moved, it looked out of place if the other progress bars showing cpu usage etc were turned off.. (reported by loki) - bugfix: Export as .txt doesn't work properly, only the first file does get saved - bugfix: event bug fixed, which sometimes resulted in pid sticking at about 35% cpu - bugfix: pause/resume in the queue window was sometimes wrong for the text (reported by r!co) - bugfix: Fixed SFV bug - Click on make, don't select any files and press abort. You can't use the complete SFV feature as it's all greyed out (reported by Blazkowicz) - bugfix: sfv output for large files (mb, gb etc) was VERY wrong, its since corrected - bugfix: fixed 'disappearing window' problem - bugfix: 'large icons' issue fixed in 9x - bugfix: sfv - abort now works - bugfix: sfv - output issue should be 110% fixed now (new buffering system used) - bugfix: task manager -> potential stack bug fixed - bugfix: configuration - shortcut creation was broken - bugfix: nfo viewer - fixed potential memory leak on drag/drop - bugfix: bug in the code checking for digital signatures (found by blazi) code now performs a sanity check on accessed memory areas detection additions / changes - new: check_activemark.asm - added version detection for v6.3.562 - new: check_alawar.asm - added Alawar Try & Buy Activation detection - new: check_hexalock.asm - added HexaLock Copy Protection detection - new: check_protectdisc.asm - added more Protect DiSC v8 subversions - new: check_securom.asm - added in detection for sll modules + SecuROM Matroschka Package - new: check_acprotect.asm - added ACProtect v2.1, v2.1.1 and v2.1.2 detection - new: check_angelscrypter.asm - added Angel's Crypteur v0.2 detection - new: check_antidote.asm - added AntiDote v1.4 SE detection - new: check_armadillo.asm - added version detection v6.00 or newer - new: check_atreprotector.asm - added AT4RE Protector v1.0 detection - new: check_avlock.asm - added AVLock detection - new: check_budcrypter.asm - added BUD Crypter detection - new: check_coolcrypt.asm - added COOLcryptor 0.9 detection - new: check_cryptwoz.asm - added CryptWOZ v1.0 detection - new: check_darkcrypt.asm - added DarkCrypt v1.2 (Private Version) detection - new: check_dcrypt.asm - added DCrypt Private v0.9b detection - new: check_dotfixniceprotect.asm - added DotFix NiceProtect v1.0 detection - new: check_dotnetreactor.asm - added dotNet Reactor v3.3 (or newer) detection - new: check_enigmaprotector.asm - added version grabber for Enigma Protector - new: check_execrypt.asm - added ExeCRyPT v1.0 [ReBirth] detection - new: check_exefog.asm - added EXEFog v1.1 detection - new: check_exewrapper.asm - added ExeWrapper v3.0 (533Soft) detection - new: check_expressor.asm - added ExPressor v1.6 detection - new: check_fakuscrypter.asm - added Fakus Crypter detection - new: check_fastfilecrypt.asm - added FastFileCrypt v1.6 Public detection - new: check_fatalzcrypt.asm - added Fatalz Crypt v2.14a detection - new: check_flashbackprot.asm - added Flashback Protector v1.0 detection - new: check_gieprotector.asm - added Gie Protector v0.2 detection - new: check_imppacker.asm - added IMP-Packer v1.0 detection - new: check_kcryptor.asm - added K!Cryptor v0.11 detection - new: check_kgbcrypter.asm - added KGB Cypter v1.0a detection - new: check_leetcryptor.asm - added 1337 Cryptor v2 detection - new: check_lilithcrypter.asm - added Lilith Crypter detection - new: check_maxtocode.asm - added MaxtoCode .Net Encryption detection - new: check_minke.asm - added Minke v1.0.1 Executable Crypter detection - new: check_moneycrypter.asm - added Money Crypter detection - new: check_morphna.asm - added Morphna Beta 2 detection - new: check_mortalteamcrypter.asm - added Mortal Team Crypter v2 detection - new: check_mpress.asm - added MPRESS NET compressor detection - new: check_mushroomcrypter.asm - added Mu$hr00M CryPtOR v1.0 detection - new: check_nme.asm - added NME Executable Crypter v1.1 detection - new: check_npack.asm - added nPack v1.1.500.2008 Beta detections - new: check_obfuscatornet.asm - added Macrobject Obfuscator.NET detection - new: check_privateexe.asm - added version detection for v2.00 - v2.25 and v2.30 - v2.70 - new: check_puricrypt.asm - added Puri Crypt v1.2 detection - new: check_quickpacknt.asm - added QuickPack NT v0.1 detection - new: check_rcryptor.asm - added RCryptor v1.6d detection - new: check_rdgpack.asm - added RDG Pack Lite Edition v0.2 detection - new: check_rdgtejoncrypter.asm - added RDG Tejon Crypter v0.3 detection - new: check_rlp.asm - added ReversingLabs Protector v0.7.4 beta detection - new: check_rlpack.asm - added RLPack v1.20 detection - new: check_roguepack.asm - added RoguePack v3.3 detection - new: check_russiancryptor.asm - added Russian Cryptor v1.0 detection - new: check_securepe.asm - added SecurePE v1.5 detection - new: check_secureshade.asm - added Secure Shade v1.8 detection - new: check_snoopcrypt.asm - added SnoopCrypt detection - new: check_thinstall.asm - added THInstall detection - new: check_tstcrypter.asm - added TsT Crypter detection - new: check_undergroundcrypter.asm - added UndergroundCrypter v1.0 detection - new: check_unlimitedcrypter.asm - added UnLimited Crypter v1.0 detection - new: check_unopix.asm - added UnoPiX v0.94 detection - new: check_upxlock.asm - added UPX Lock v1.01 - v1.02 detection - new: check_weruscrypter.asm - added Werus Crypter v1.0 detection - new: check_wildtangent.asm - added Wild Tangent v2.1 Activation detection - new: check_windofcrypt.asm - added WindOfCrypt detection - new: check_wingscrypt.asm - added Wingscrypt v2.0 detection - new: check_winutilitiesexeprot.asm - added WinUtilities EXE Protector v2.1 detection - new: check_wlcrypt.asm - added WL-Crypt v1.0 detection - new: check_xenocode.asm - added XenoCode .NET protector detection - new: check_xenocode.asm - added XenoCode Postbuild 2007 + 2008 for .NET detection - new: check_xhackercryptor.asm - added xHacker Cryptor detection - new: check_xshell.asm - added XShell v1.5 detection - new: check_zprotect.asm - added ZProtect v1.4.3 detection - new: check_zylomwrapper.asm - added Zylom Wrapper Crypted Game.exe detection - new: license_nalpeiron_scan.asm - added Nalpeiron Licensing Service detection - new: installer_install4y.asm - added Install4j Wizard Module detection - new: installer_installshield.asm - added InstallShield v12 BETA Version detection - new: installer_squeezesfx.asm - added Squeeze Self Extractor Module detection - new: installer_trymediadownload.asm - added Trymedia Systems Download Manager detection - new: msi and 7zip file type reporting is now done to the log window (similar to the .rar, zip etc reporting) - new: added in quick detection for starforce protected pdf file - update: check_aspack.asm - added additional check for ASPack 2.x to avoid a false positive when scanning a file wrapped by FlashBack with ASPack entrypoint signature - update: check_codelok.asm - improved detection - update: check_dotnetreactor.asm - some parts recoded to be more generic & faster - update: check_execryptor2.asm - improved detection with heuristic checks - update: check_laserlok.asm - updated to handle older (v3) versions of laserlok - update: check_passlock2000.asm - improved detection - update: check_reflexivearcade.asm - executables builds are now reported (if found) - update: check_safedisc.asm - updated to detect safedisc lite - update: check_securom.asm - updated to handle VERY old versions & updated to detect a modified paul.dll - update: check_solidshield.asm - minor modifications, but results in better reporting - update: check_starforce.asm - updated to handle the new variant (v5.5) and also report bitness of the exe - update: check_sysiphus.asm - optimized detection - update: check_themida.asm - updated to handle dll protected Themida files - update: check_vmprotect.asm - added new generic detection code (catches now dlls we missed before) - update: check_upx.asm - improved to be 'more generic' - update: check_vob.asm.asm - updated to handle older version (4 or less) - update: dongle_guardant.asm - added reporting of old Guardant Dongle Protections - update: dongle_hasphlenvelope.asm - improved detection - update: license_sentinellm - improved for better detection - update: installer_7zip.asm - improved detection - bugfix: check_telock.asm - fixed v1.0 detection - bugfix: check_yzpack.asm - fixed bug resulting in non detections - bugfix: installer_installshield.asm - fixed possible non detections CD/DVD/Image file/sector scan - new: b6i image added into the supported file list - new: added in 'Extract Boot Sector', now the boot sector from the cd/dvd can be 'extracted' to a file.. for use with something else maybe - new: cddvd_cactus.scan.asm - Cactus Audio detection added to file scan in cddvd module - new: cddvd_protectdisc.scan.asm - added in sector scan module for protectdisc / protectcd - update: if a disk is detected as being protected when making the iso, the user will be prompted to continue or not - update: sector stuff - updated handler to handle udf format disks (BEA01 header instead of CD001) - update: sector scan - tweaked sector scan for tages a little - update: sector scan - tweaked the safedisc detection code - update: sector scan - updated to now NOT stop if a sector 16 read failure happened - update: sector scan - securom scan updated to handle version 4.x (and probably lower), which used a different 'fingerprint' and some minor tweaks / fixes - update: sector scan - starforce + starforce keyless scan was heavily updated.. reducing probability of false positives as well as catching some we missed before - bugfix: sector scan - codelok scan fixed Download here: h++p://pid.gamecopyworld.com/ProtectionID_v6.1.3_2k8_xmas.rar
MagicHideOllyDbg 1.01 - erases debug-heap padding - erases BeingDebugged flag in the PEB - erases NtGlobalFag in the PEB - adjusts heap flags to default values - disables kernel32!OutputDebugStringA() function - forces kernel32!CheckRemoteDebuggerPresent() to always return an error - forces kernel32!UnhandledExceptionFilter() to ignore debugger presence - forces kernel32!Process32NextW() to return immediately - forces ntdll!NtSetInformationThread() to ignore HideThreadFromDebugger class - forces ntdll!NtQueryInformationProcess() function to ignore ProcessDebugPort class - intercepts ntdll!NtQuerySystemInformation() function but does nothing with it - randomises “CPU - ” text in OllyDbg Download
Dotnet Tracer 0.4 Dotnet Tracer 0.4 by Kurapica 1 - Minor bugs fixed. 2 - "Reset" function added to reset the tracer if the process exits upnormally. 3 - Custom font can be selected for listview to handle unicode characters in obfuscated assemblies. 4 - Drag and drop assembly file for lazy people. Download
Analyzers A-Ray Scanner 2.0.2.3 --- Сканер для определения защиты на лицензионных и пиратских дисках с игрушками. http://depositfiles.com/files/01qts83ok ARiD 0.06 --- Идентификатор архивов, определяет 179 типов простых и 22 самораспаковывающихся (SFX) архивов. Также есть несколько полезных функций, таких как встраивание в контекстное меню и поиск архиватора в интернете. http://depositfiles.com/files/n5ilh9mkh Armadillo Find Protected 1.6 --- Определяет настройки защиты армадиллы. Работает под ХР . Опытным она мало чем поможет, а для начинающих, понять с чем придется бороться, в самый раз. http://depositfiles.com/files/e2plz9sq5 ASProtect detector 0.14 --- Плугин для DIE and PEiD для точного определения версии ASProtect http://depositfiles.com/files/a70u26qvm DiE 0.64 --- Анализатор DiE предназначен для определения типа пакера/протектора/компилятора у ЕХЕ файлов. Т.е. позволяет узнать, чем же пожат файл, что необходимо для дальнейшей распаковки. Также программа имеет ряд полезных функций - просмотр импорта - просмотр секций - просмотр hex - дизасм файла - просмотр основных характеристик PE - получение хеша md5 - получение CRC-32 - поддержка плагинов (PDK можно скачать с сайта) - копирование содержимого по 2-ому клику http://depositfiles.com/files/8iow1e0r3 Flashback Best Analisator 1.2.5 --- Новый анализатор EXE файлов. Позволяет увидеть секции файла, а также даёт советы по выбору автораспаковщика. Имеется специализированный метод детека. http://depositfiles.com/files/utrlv23kq GetType2 0.35a --- - определяет 91 формат архивов - просматривает 74 формата архивов - определяет15 форматов образов дисков - определяет 404 DOS EXE модификаторов - определяет 144 PE EXE модификаторов - скоростная технология - поддерживает длинные имена файлов http://philip.helger.com/gt/ http://depositfiles.com/files/1kshfk4j8 OverSaver Plugin 1.0 --- Это плагин для PEiD, PETools 1.5, QUnpack 1.0 для работы с оверлеем программы. http://depositfiles.com/files/bczogvkik PE Verify 1.0 --- Маленький чекер на валидность PE-файла. Проверяется валидность директории импорта, немного проверяются секции. В целом - может оказаться полезным для того, чтобы разобраться - а почему дамп не хочет загружаться. http://depositfiles.com/files/slpzof54j PEiD 2008 --- Один из самых популярных анализаторов исполняемых файлов, часто обновляется, хорошо определяет многие упаковщики и протекторы. Есть три уровня глубины сканирования, возможномсть сканирования в памяти и по всем вложенным папкам. http://www.peid.tk Официальный релиз PEiD 0.94 от 10 мая 2006 + вся самая свежая база внешних сигнатур и плагинов + PEiD Plugin To Exe 1.01 PEiDSO 1.3 - Signature Organizer PEiD Plugin Delphi SDK http://depositfiles.com/files/4v0pdlqdd PEiD and PE Tools Plugin Loader 1.0 Утилита для загрузки плагинов, созданных под PEiD 0.92/PE Tools 1.50. С помощью этой утилиты можно загружать плагины путем прямой загрузки плагина, загрузки при помощи командной строки, drag-n-drop способом. Также в архиве плагин к PEiD/PE Tools позволяющий грузить плагины этих программ в любой из них. Подерживаются параметры командной строки (в т.ч. для автоматической загрузки плагина через контекстное меню). http://depositfiles.com/files/an8hjxwuo PEiD Plugins Full Collection --- Целая куча плагинов к известному анализатору Win32 PE файлов. 20 плагинов. http://depositfiles.com/files/ssu6n516t Sleuth Kit 2.06r2 --- Опенсорсный проект для анализа дисков и файловых систем Microsoft и UNIX. http://depositfiles.com/files/voxykuwr4 TrID 2.02 Plus --- TrID 2.02 + TrID Scan + TrIDdefspack+ 2877 DB Анализатор типов файлов, очень удобно сделанный на основе XML, анализирует не только исполняемые файлы, но и любые другие. Вы сами можете добавлять свои типы файлов при помощи TrID Scan и упаковывать полученные XML файлы в единую базу TRD используя TrIDdefspack. В итоге программа отрабатывает примерно вот так: C:\trid_w32>trid.exe trid.exe TrID/32 - File Identifier v2.02 - (C) 2003-06 By M.Pontello Definitions found: 2877 Analyzing... Collecting data from file: trid.exe 42.6% (.EXE) UPX compressed Win32 Executable (30569/9/7) 37.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 14.6% (.EXE) Win32 Executable Generic (10527/13/4) 2.7% (.EXE) Generic Win/DOS Executable (2002/3) 2.7% (.EXE) DOS Executable Generic (2000/1) C:\trid_w32>pause Для продолжения нажмите любую клавишу . . . http://mark0.net/soft-trid-e.html http://depositfiles.com/files/gx1fbvu00 TrIDNet 1.80 + XML 2877 Base --- Анализатор типов файлов, очень удобно сделанный на основе XML, анализирует не только исполняемые файлы, но и любые другие. Вы сами можете добавлять свои типы файлов. На базе .NET ядра XML-сигнатуры надо взять из вложенного архива http://depositfiles.com/files/9rfr1jb2h UPXAnal 1.0 + SRC --- Анализатор файлов, запакованных UPX'ом http://depositfiles.com/files/0a874ir1f
