see u soon August 22, 2007
Posted by reversengineering in NEWS.add a comment
hi my friends
i will see u soon here 
so have nice dayz
Easy Screen Capture 1.1.7 August 22, 2007
Posted by reversengineering in OTHER, TOOLS.add a comment
hi
this is new update from my friend IMPosTOR
Easy tool for take windows screen capture ,plugin for OllyDBG ,PEiD & QUnpack
snapshot:
http://impostor-76171.persiangig.com/Screen%20Shot/Easy_Screen_Capture_1_1_7.JPG
link:
http://impostor-76171.persiangig.com/IMPosTOR%20Programs/Easy%20Screen%201.1.7_by_IMPosTOR.zip
SRC:http://www.impostor.blogfa.com
The0DBG + hidetoolz :) August 22, 2007
Posted by reversengineering in DEBUGGER, TOOLS.1 comment so far
Xenodecode V0.2, Decoder August 22, 2007
Posted by reversengineering in OTHER, TOOLS.1 comment so far
This is a tool to get back all strings, which have been encrypted by the protector Xenocode.
Notes:
======
Open or drag&drop a file. File means IL file or executable !
So first disassemble your target with M$ ILdasm or let xenoDEcode do the job.
Checking ‘UnMix IL’ will create a new IL file with all strings decoded.
… if you wanna do the rest manually or whatnot.
Checking ‘Try to ILasm new EXE’ will try to assemble a new executable
with all strings decoded. ‘Try’ means, that it might fail because of
ILasm (no, not because of me ;P). In such a case the edit box at the
bottom will show you the error message. Open the unmixed IL file in a
text editor, try to fix it and drag it again into xenoDEcode…
If you succeed, the new exe’s ready to be patched or fingered by Reflector.
Press the ‘Abort’ button, if you realize, that it’s decoding ****.
The ‘Key’ column shows you the unique hash value, which is seen for
example in Reflector (right after the encoded string). Get the ‘Code Search’ AddIn
for Reflector and don’t forget, that it’s always case sensitive ! Secondly the way
in which hex values are shown in Reflector, depends on the chosen .net language !
‘Search’ and ‘Copy’ function should be clear.
‘M$-plugins’ folder: It contains the tools needed for the disassembling/assembling functions.
It has to be left in the same folder as xenoDEcode.exe !
That’s it… happy unmixing !
Log:
====
- 0.1
Released
- 0.2
Included M$ toys (ILdasm/ILasm):
Now fully reads/decodes .ILs and .EXEs
and assembles them back to executables.
Added ‘Copy Key’ and fixed a lot of crap.
Note:
If the file’s packed, first use LibX’s unpacker
http://rapidshare.com/files/50603568/xenoDEcode_v0.2.rar
greetins to: Ufo-Pu55y
FilePacker v1.2 “freeware” August 22, 2007
Posted by reversengineering in NEWS, PACKER, TOOLS.add a comment
Introduction to FilePacker
FilePacker is a 32-bit Windows application that can be used to temporarily remove the runtime engines that are used by some programming languages. It comes with a wizard-orientated design interface that enables you to easily and quickly create a stand-alone executable of your software for easier distribution.
FilePacker can accomplish this by placing the runtime engines and other project files into a self-extracting executable that is extracted to one of the twenty-one build in extraction directories. This can all take place in only a few seconds when the stand-alone executable is run.
FilePacker also has the capability to compress the project files by using the zlib compression library. You can even protect your executable with a password or you can display a dialog box, with a progress bar, that will display the percentage of data that has been extracted.
After extracting the project files, FilePacker can launch up to sixty-four executables simultaneously.
FilePacker can also delete the extracted project files after the running executables are closed.
FilePacker released as freeware
Version 1.2 is now released as freeware; the source code is also available to users that have bought one of the previous versions.
src :
http://www.jvwcomputing.com/
PEiD Signature Organizer 1.3 alpha 4 August 22, 2007
Posted by reversengineering in OTHER, TOOLS.add a comment
+ More robust signature import from HTML file(s)
- Minor bugs fix
link:
http://rapidshare.com/files/50472396/peidso13a4.rar.html
alephz
Themida 1.9.3 Demo Version Cracked! August 22, 2007
Posted by reversengineering in NEWS.3 comments
hi
this version cracked so u can find that on the web !
hehe
PE Explorer v1.99 R2 August 22, 2007
Posted by reversengineering in NEWS.1 comment so far
PE Explorer has been upgraded.
What’s new?
General:
• Added the NsPack Unpacker plug-in.
• Bugfix: PE Explorer would occasionally raise an exception on startup if the logfile was corrupted.
• Other minor bugfixes and improvements.
Resource editor:
• Bugfix: when displaying multilingual StringTables the string indices would be displayed incorrectly.
UPX Unpacker plug-in:
• Now supports for UPX v3.01.
• Now supports for LZMA compression method.
• Now supports for scrambled files originally compressed by UPX v3.01
==============================================
What follows refers only to original files that can be opened in full mode.
The Upack unpacker plug-in doesn’t suffer relocations.
Nor the NsPack one,
which almost never works with NsPack v3.7,
although it’s most time effective with former versions:
cleared header is of no consequence.
GREAT IMPROVEMENT:
Files packed with UPX 3.0x with the option “–brute” may be now opened in full mode
(if no header is cleared).
BRD’s methods are no longer topical.
Dup 2.16 beta 8 August 22, 2007
Posted by reversengineering in NEWS, OTHER, TOOLS.add a comment
20.08.07
[2.16]
-proceed patchdata in userdefined order
-resizeable dialogs
-autodetect if to hide releaseinfobox in patcher
-patching of used files (using file rename method)
-remove useless wildcards at begin & end from pattern
-updated ufmod player (for XM music) to v1.25
-fixed bug: closing dialogs with ESC key
-minor bugfixes and code changes
link:
http://diablo2oo2.di.funpic.de/stuff/dup2.beta.rar
Protection ID v6.0 BETA August 22, 2007
Posted by reversengineering in NEWS.add a comment
Progress Reports – v6.0 BETA – 21.08.2007
As you can see Protection ID v6 is progressing very well, thx to our beta testers for
reporting bugs, crashes and giving us ideas on what we can add to the functionality.
The current version does detect more than
250 exe-packers, PC ISO Protections, Dongles, Licenses and Installers in
such an exact and fake proof way you haven´t seen before in any scanning tool due the detailed checks.
False reports and detection where other tools fail are history.
src:http://pid.gamecopyworld.com/
FullDisasm 1.63 August 17, 2007
Posted by reversengineering in NEWS, OLLY'S PLUGINS, TOOLS.add a comment
translated: fr > en
source :http://reverseengineering.online.fr/spip/spip.php?article89
“I propose to you small a plugin for OllyDebugger 1.10 and Immunity Debugger 1.00 which makes it possible to replace the old routine of dismantling of OllyDbg by BeaEngine. With this new plugin, OllyDbg and ImmDbg are capable of débugguer last instructions FPU, MMX, SSE, SSE2, SSE3 and SSSE3, SSE4.1, SSE4.2, VMX. It also makes it possible to choose a syntax parmis 3 (GoAsm, Nasm, Masm). See rather:
Without FullDisasm:
With FullDisasm (support on Ctrl+W to carry out a change of (…)”
FullDisasm 1.63 :
http://reverseengineering.online.fr/tools/FullDisasm/FullDisasm_OllyDbg.zip
http://reverseengineering.online.fr/tools/FullDisasm/FullDisasm_ImmDbg.zip
What’s New in Process Monitor v1.22 August 17, 2007
Posted by reversengineering in NEWS.add a comment
This update adds the ability to specify the level of information saved when you export to XML.
Microsoft Process Monitor 1.22 August 17, 2007
Posted by reversengineering in MONITORING, TOOLS.add a comment
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
Process Monitor Enhancements over Filemon and Regmon
Process Monitor’s user interface and options are similar to those of Filemon and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:
• Monitoring of process and thread startup and exit, including exit status codes
• Monitoring of image (DLL and kernel-mode device driver) loads
• More data captured for operation input and output parameters
• Non-destructive filters allow you to set filters without losing data
• Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
• Reliable capture of process details, including image path, command line, user and session ID
• Configurable and moveable columns for any event property
• Filters can be set for any data field, including fields not configured as columns
• Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
• Process tree tool shows relationship of all processes referenced in a trace
• Native log format preserves all data for loading in a different Process Monitor instance
• Process tooltip for easy viewing of process image information
• Detail tooltip allows convenient access to formatted data that doesn’t fit in the columna
• Cancellable search
• Boot time logging of all operations
The best way to become familiar with Process Monitor’s features is to read through the help file and then visit each of its menu items and options on a live system.
Homepage – http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx
REZiriz v1.0 August 16, 2007
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
REZiriz is a unpacker for Eziriz .NET Reactor > v3.1.x.x
First of all its *ONLY* a unpacker and not a deobfuscation tool.
Unpacker features:
—————————
[*] Unpacking Eziriz .NET Reactor v3.3.0.1
[*] Unpacking Eziriz .NET Reactor v3.2.4.6
[*] Unpacking Eziriz .NET Reactor v3.2.0.6
[*] Unpacking Eziriz .NET Reactor v3.2.0.0
[*] Unpacking Eziriz .NET Reactor v3.1.0.0
[*] Versions < v3.1.0.0 are not supported
http://www.reteam.org/tools/tf33.zip
Screenshot: Click To View
thanx fly out to:
LibX // RETeam
OllyDbg 116 plugins 2007-8-12 August 13, 2007
Posted by reversengineering in OLLY'S PLUGINS, TOOLS.1 comment so far
hi
this is another collection i share with u
over 110 plugins ( 116 ) ~ 42.5 mg
comperssion ratio ~20%
size :13.5 mg
5 parts 2.5mg +1 part 1.2 mg
i think u have fun with that
u never seen
link :
ollydbg 116 plugins 2007-8-12
http://rapidshare.com/files/48755690/ollydbg_116_plugins_2007-8-12.part01.exe
http://rapidshare.com/files/48755960/ollydbg_116_plugins_2007-8-12.part02.rar
http://rapidshare.com/files/48756301/ollydbg_116_plugins_2007-8-12.part03.rar
http://rapidshare.com/files/48756651/ollydbg_116_plugins_2007-8-12.part04.rar
http://rapidshare.com/files/48758053/ollydbg_116_plugins_2007-8-12.part05.rar
http://rapidshare.com/files/48758195/ollydbg_116_plugins_2007-8-12.part06.rar
detail:
http://reversengineering.files.wordpress.com/2007/08/details.txt
PEiD Patch Maker 0.5.0 August 13, 2007
Posted by reversengineering in OTHER, TOOLS.add a comment
hi
this nice tools from IMPosTOR
PE iDentifier : PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files. you can use this plugin for PEiD, Quick Unpack & PE Tools.
homepage :
[http://www.impostor.blogfa.com]
LINK:
http://rapidshare.com/files/48725650/PEiD_Patch_Maker_Plugin__0.5.0_by_IMPosTOR.rar
Syser Debugger 1.93 Release August 13, 2007
Posted by reversengineering in DEBUGGER, TOOLS.add a comment
2007.07.25 Syser Debugger 1.93
| 1. Fixed wc + command bugs . 2. Fixed wd + command bugs . 3. Fixed ‘JZ’ assembly instructions bugs. 4. Fixed mov ecx,[ebp+ecx*4-0x30] disassembly instructions bugs. 5. Release SyserDebugger Japanese version. |
LINK:
http://www.sysersoft.com/download/download.php
OR
Write Your Own Programming Language Using C++ August 13, 2007
Posted by reversengineering in E-BOOK.add a comment
Writing a custom scripting language is much easier than you may believe. It?s a matter of knowing where to get started. Many commercial products include scripting languages. AutoCAD has AutoLisp and PROCOMM PLUS includes ASPECT. Visual Basic can be used as a Windows scripting language. A scripting language adds a professional quality to any program.
This book covers implementing a simple scripting language, CALC, and its big brother Until that can be added to any interactive C or C++ program written with any ANS C compiler including Borland C++ and Turbo C++. The code included with this book is compiled with Borland C++, which is a popular product of Borland International, Inc. CALC is a minimal implementation of a threaded interpreter called Until (for UNconventional Threaded Interpretive Language) and an RPN compiler named CALL for Callable Application Language Library. CALC includes fewer than 50 primitive macros while Until has more than 300 primitives including the C string and I/O libraries.
LINK:
http://rapidshare.com/files/48707509/Write.ur.Prog.Lan.Using.C.rar
WinUpack 0.3x PE Fixer August 13, 2007
Posted by reversengineering in OTHER, TOOLS.add a comment
HI
this is nice tool from my friends in UnReal RCE , sina_dir
“ok here is a new tool to fix the PE Header of WinUpacked files, there’s no more explanation “
“Last test on: WinUpack 0.39final”
“Best Regards – Sina_DiR”
http://unreal-rce.net/forum/showthread.php?t=2794
link:
Ollydbg 712 scripts 2007-8-9 + All OllyScript plugins August 10, 2007
Posted by reversengineering in Scripts.4 comments
hi
what do u thinking ?
its so hot ……
hurry up
dont lose time
712 scripts update 2007-8-9 ( witout dup. )
all ollyscripts i find in the web and my archive
u never seen before!
link:
http://rapidshare.com/files/48199220/Ollydbg_712_scripts_2007-8-9.part1.exe
http://rapidshare.com/files/48198337/Ollydbg_712_scripts_2007-8-9.part2.rar
http://reversengineering.files.wordpress.com/2007/08/ollyscripts-plugins.txt
http://reversengineering.files.wordpress.com/2007/08/list.txt
best regards
REM
Droids Corporation RR0D “ring 0 debugger” August 10, 2007
Posted by reversengineering in NEWS.add a comment
What’s RR0D ?
RR0D is a ring 0 debugger. It offers the possibility to debug any kind of code (kernel/user/rasta land). Its philosophy is to be OS independent. That’s why RR0D can today be installed on Linux, *BSD, Wind0ws. This has some disadvantages: RR0D is only designed to run on x86 (is this really a disadvantage?). Here is a presentation of Rr0d.
How the hell does this work ?
It works fine. Thanks. Actually, the goal is to keep the code low level enough to *not* use any kernel host code. RR0D is a sort of stand-alone module that installs hooks at each important point to realize such a dream. The only part that is OS dependent is the kernel module interface.
This kernel debugger has its own keybord driver (only PS2 keyboard). Rr0d has its own video drivers: The first one is a VGA driver that manipulates directly the VGA compatible mode of graphic cards (in console mode). Rr0d has a FrameBuffer video driver as well: it is used under X server (or with the Win desktop).
more info :
Microsoft Process Monitor 1.21 August 10, 2007
Posted by reversengineering in MONITORING, TOOLS.add a comment
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
Process Monitor Enhancements over Filemon and Regmon
Process Monitor’s user interface and options are similar to those of Filemon and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:
• Monitoring of process and thread startup and exit, including exit status codes
• Monitoring of image (DLL and kernel-mode device driver) loads
• More data captured for operation input and output parameters
• Non-destructive filters allow you to set filters without losing data
• Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
• Reliable capture of process details, including image path, command line, user and session ID
• Configurable and moveable columns for any event property
• Filters can be set for any data field, including fields not configured as columns
• Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
• Process tree tool shows relationship of all processes referenced in a trace
• Native log format preserves all data for loading in a different Process Monitor instance
• Process tooltip for easy viewing of process image information
• Detail tooltip allows convenient access to formatted data that doesn’t fit in the columna
• Cancellable search
• Boot time logging of all operations
The best way to become familiar with Process Monitor’s features is to read through the help file and then visit each of its menu items and options on a live system.
Homepage – http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx
link:
http://rapidshare.com/files/48089599/ProcessMonitor.zip
.NET Reactor 3.2.4.6 August 10, 2007
Posted by reversengineering in .NET, TOOLS.add a comment
.NET Reactor is a powerful .NET code protection & license system which assists developers in protecting their .NET software. Developers are able to protect their software in a safe and simple way now. This way developers can focus more on development than on worrying how to protect their intellectual property.
In contrast to obfuscators .NET Reactor completely stops any decompiling by mixing any pure .NET assembly (written in C#, VB.NET, Delphi.NET, J#, MSIL…) with native machine code. In detail, .NET Reactor builds a native wall between potential hackers and your .NET code. The result is a standard Windows based, not MSIL compatible, file. The original .NET code remains intact, well protected by native code and invisible for prying eyes. The original .NET code is not copied on harddisk at any time. There is no tool which is able to decompile .NET Reactor protected assemblies.
Product .NET Reactor
Version 3.2.4.6
Date 23.06.2007
Type Demo/NagScreen
Size 6.5 MB
http://www.eziriz.com/downloads/dotnet_reactor_setup.exe
ANDpakk2 (apk2) v0.18 August 10, 2007
Posted by reversengineering in PACKER, TOOLS.add a comment
ANDpakk2 is an EXEcutable compression tool allowing you to get better compression ratios of your intros, demos or any other kind of software. This project is a part of research work of the author for internal usage and 64k intro experiments. ANDpakk2 is based on idea of adaptive statistical data compression based on context modeling and prediction by model mixing and prediction by partial matching on neural networks. All the data is getting processed by filters, predicted in different context models (by neural networks) which are getting mixed and predicted by another neural networks again. Prediction is done per bit with four-byte context history and coded by arithmetic coder at the final stage. I’ve got very impressive compression ratios making Zoom3 64k intro compressed down to 45760 bytes after some specific optimizations of the data structures. It also shows much much better compression ratios than any other general purpose EXE/data compressor.
http://and.intercon.ru/downloads/apk2_v0_18.zip
PhantOm plugin 1.03 August 7, 2007
Posted by reversengineering in OLLY'S PLUGINS, TOOLS.add a comment
hi
new rlz of hellspawn
// The driver- extremehide.sys
[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
//Plug-in- PhantOm.dll
[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] Process Heaps.
[+] GetTickCount.
[+] GetProcessTimes.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
link:
http://rapidshare.com/files/47596228/PhantOm.plugin.1.03.zip
BASIC KIT RLZD August 7, 2007
Posted by reversengineering in NEWS.add a comment
HI
http://reversengineering.wordpress.com/kits/basic-kit-2007-8-7/
upx 3.01 August 7, 2007
Posted by reversengineering in NEWS, PACKER, TOOLS.add a comment
hi
Changes in 3.01 (31 Jul 2007):
* new options –no-mode, –no-owner and –no-time to disable preservation
of mode (file permissions), file ownership and timestamps.
* dos/exe: fixed an incorrect error message caused by a bug in
relocation handling
* new format linux/mipsel supports ELF on [32-bit] R3000
* fix argv[0] on PowerPC with –lzma
* bug fixes
Changes in 3.00 (27 Apr 2007):
* watcom/le & tmt/adam: fixed a problem when using certain filters
link:
http://upx.sourceforge.net
serial tuts August 7, 2007
Posted by reversengineering in RCE.1 comment so far
HI
another collection
THANX FLY OUT TO krobar
link:
http://rapidshare.com/files/47528426/serialtuts.zip
cd tuts August 7, 2007
Posted by reversengineering in RCE.add a comment
HI
another tutors about cd cracking !!!
NOTE:
If you wanna use my cd.html index then do this:
Just unzip this zip: “cdtuts.zip”, and click on cd.html to have an index of all the cd tuts I had at Jan 2002….
krobar
link:
http://rapidshare.com/files/47523788/cdtuts.zip
