Debuggers page updated September 4, 2008
Posted by reversengineering in NEWS.add a comment
see Debuggers page for more info
new tut by ChOoki September 4, 2008
Posted by reversengineering in armadillo, MUPS.add a comment
a flash tutorial + a script on unpacking Real Arcade Wrapper. Needed Olly script plug-ins included.
VMWare ThinApp 4.0.0.200 + Keygen September 4, 2008
Posted by reversengineering in OTHER, TOOLS.1 comment so far
Run any version of virtually any application on a single operating system without conflicts. You can even run multiple versions of the same application. Plug VMware ThinApp, formerly known as Thinstall, into your existing management infrastructure and accelerate your software development and desktop deployment. Deliver and deploy applications more efficiently, more securely, and more cost-effectively with agentless application virtualization.
- Package each application with its own DLL file and registry changes to eliminate installation conflicts
- Execute applications on locked-down PCs in 100% user mode
- Run applications from any media without needing admin privileges
http://www.vmware.com/products/thinapp/
if u like it buy it
http://letitbit.net/download/d6b54e536392/VMWare.ThinApp.4.0.0.200-EMBRACE.rar.html
OllyDBG The Best version September 4, 2008
Posted by reversengineering in DEBUGGER, TOOLS.5 comments
hi
in this oly u can find all scripts and plugins u need ,plus more ( skins ,etc..)
DownloadLink:
http://rapidshare.com/files/142544485/OllyDBG_The_Best_version.rar
http://letitbit.net/download/ffb745506367/OllyDBG-The-Best-version.rar.html
CoolDumpper 1.0 beta6 September 4, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
http://letitbit.net/download/788ae5396317/cool.rar.html
http://letitbit.net/download/df93cf879727/cooldumpper1.0beta6.rar.html
MHS v5.002- Debug, Disassemble, Hex Edit, Search, Inject Code/DLLs, Etc. September 4, 2008
Posted by reversengineering in DEBUGGER, OTHER, TOOLS.add a comment
MHS sports the fastest and most efficient searches available, an advanced, colorful, and easy-to-use real-time Hex Editor, a Debugger with unique features, a Disassembler, and an extensive scripting language (L. Spiro Script) yielding unlimited potential.
The array of tools offered in MHS can make hacking any game easy.
Here is a compact list of tools and features:
- Searching
- Data-Type Searches
- Fastest searches available.
- Search for types char, byte, short, unsigned short, int, long, unsigned long, 64-bit integer, float, and double.
- Search for exact values, values not equal to, ranges, greater than, less than, and unknown.
- Group Searches
- Find unordered sets of data.
- Find relative lists of data.
- String Searches
- Find hex strings, ASCII strings, Unicode strings, Wildcard strings, and Regular-Expression strings.
- Boyer Moore Algorithm for fast searching.
- Pointer Searches
- Fastest search possible.
- Quickly find both static and dynamic pointers.
- Script Searches
- The most powerful searches possible.
- You have full control over what values are found during a search.
- Able to replicate all search types available in all software, now and forever.
- All addresses shown after a search and without delay; no need to view “only the first 100” returns.
- Data-Type Searches
- Converter
- Convert from any type to any other type, both big and little endian.
- RAM Watcher
- View the RAM of the target process in real-time.
- Multiple display types shown simultaneously.
- Real-Time Expression Evaluator
- Evaluates even the most complex of expressions.
- Shows expression results in real-time; especially useful for following changing pointer locations or changing expressions.
- Hex Editor
- Edit files and RAM.
- Files open instantly, regardless of size, and RAM is shown in real-time.
- Multiple display types show you RAM and files in characters, bytes, shorts, ints, floats, doubles, and more.
- Full undo/redo.
- Many options and full customization.
- Debugger
- Breakpoint functionality can be assigned by the user, and breakpoints can call user-defined script functions for the ultimate do-what-you-want.
- Hardware breakpoints.
- Read/write software breakpoints (watchpoints).
- The Debugger issues debugging events that can be handled by scripts, allowing the user to perform any and all operations he or she desires at key times during debugging.
- Disassembler
- Shows names of known functions.
- Logging (to be finished).
- Addresses of all imported/exported functions shown.
- Auto-Hack shows you every read, write, or access to an address, and extremely advanced features will be coming soon (automatic back-tracking down to the root pointer).
- Exlanations of ASM instructions are provided in real-time, explaining what each instruction is going to do and offering previews of the results.
- Process threads are updated in real-time and useful information about them is displayed.
- Injection Manager
- Complete and feature-rich injection suite.
- Code caves can be found automatically, defined by the user, or created.
- Code preview shows you the code before injecting.
- Automatically adds the JMP back to the original code and adds the overwritten code to the code cave.
- Injections are automatically saved, and options allow to inject automatically when the process is reloaded later.
- Automatic injections are always safe; injections are verified before being automatically injected.
- Script Editor
- Syntax coloring.
- Code folding.
- Functions listed and easily navigated.
- Hotkeys
- Many assignable keys and functions.
- Two hotkey implementations in case the game blocks one or the other.
- Stability
- MHS is extremely stable. Currently there are no known issues.
But the biggest feature in MHS is that it is constantly updated.
http://mhs.mpcforum.com/MHS5.002.rar
StrongOD v0.15 (bug fixed) September 4, 2008
Posted by reversengineering in OLLY'S PLUGINS, TOOLS.add a comment
DeAttach a BUG
1, enhanced Find function modules (correctly handled peb find the modules, such as ring3 hidden module)
2, OD enhance the document Pe head of analysis (such as Upack shell, etc.)
3, anti anti attach (an extreme form attach)
4, the goal is no longer out of debugging (DebugActiveProcessStop) function, xp system over
5, dll to be injected into the process of debugging
a) Remote Thread (using CreateRemoteThread injection)
b) Current Thread (shellcode, not to increase threads way into the current thread to be suspended)
////////////////////////////////////////////////// /////////////////////
Tell us about simple function:
1, View module features: Find module is the general search peb, have to deal with the peb, OD support properly, so StrongOD find ways to use the module ZwQueryVirtualMemroy
The following plans: This is the hidden module, ProcessExplorer find less than module, and correctly found in the OD
2, the first non-normal PE, OD will not be able to identify, in the data window pe header structure will be an error, StrongOD OD enhanced ability to identify PE head, but also to other plug-in for the information provided to facilitate pe
The chart is the main program UPack
OD under the plan is to identify the import table Upack
3, many procedures to prevent additional OD, hook or a NtContinue DbgUiRemoteBreakin function, StrongOD use of a means to attach extreme attach. (Note: some unconventional means to check the thread StrongOD no special treatment, such as opening a thread TTProtect regularly check, can not be here or attach)
4, DebugActiveProcessStop functions to be debugging process from the debugger
5, dll to be injected into the process of debugging, two kinds of ways, the first thread is the long-range model, the second did not open an additional thread, the current moratorium on the use of the thread to inject. The former can be run in the state, can also suspend the state, while the latter must first suspend a thread can be injected
http://letitbit.net/download/6f61ac660771/StrongODv0.15-DeAttach-a-BUG.rar.html
Winhex v15.1 September 4, 2008
Posted by reversengineering in HEX EDITOR, TOOLS.add a comment
WinHex is in its core a universal hexadecimal editor, particularly helpful
in the realm of computer forensics, data recovery, low-level data
processing, and IT security. An advanced tool for everyday and emergency
use: inspect and edit all kinds of files, recover deleted files or lost
data from hard drives with corrupt file systems or from digital camera
cards.
X-Ways.Winhex.v15.1.Incl.Keymaker-ZWT
if u like it buy it
BreakPoint Hex Workshop v5.1.4.4188 September 4, 2008
Posted by reversengineering in HEX EDITOR, TOOLS.1 comment so far
Description: The Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. With Hex Workshop you can edit, cut, copy, paste, insert, and delete hex, print customizable hex dumps, and export to RTF or HTML for publishing.
Hex Workshop supports drag and drop and is integrated with the Windows operating system so you can quickly and easily hex edit from your most frequently used workspaces. The Data Inspector is perfect for interpreting, viewing, and editing decimal and binary values. Arithmetic, logical, ascii case, and bitwise operations can be used to help manipulation your data in place.
Additionally you can goto, find, replace, compare, calculate checksums, add smart bookmarks, color map, and generate character distributions within a sector or file.
Features: With Hex Workshop you can edit, cut, copy, paste, insert, and delete hex, print customizable hex dumps, and export to RTF or HTML for publishing. Additionally, you can find, replace, compare, add smart bookmarks, and generate character distributions within a sector or file. Hex Workshop supports drag-and-drop and is integrated with the Windows operating system so you can quickly and easily hex edit from your most frequently used workspaces. The Data Inspector is perfect for interpreting, viewing, and editing decimal and binary values. An Integrated Structure Viewer allows you to view and edit data in the most intuitive and convenient way.
Release Name: BreakPoint.Hex.Workshop.v5.1.4.4188.Incl.Keymaker-EMBRACE
Filename: e-bhw514
Size: 3.18 MB
NFO: http://www.paste2.org/p/69089
Links: http://www.hexworkshop.com/
BreakPoint.Hex.Workshop.v5.1.4.4188.Incl.Keymaker-EMBRACE
if u like it buy it
IDAStealth v1.0 Beta 2 September 4, 2008
Posted by reversengineering in OTHER, TOOLS.1 comment so far
09/02/2008 -
Bugfix: Due to improper checking of input parameters in the NtQuerySystemInformation hook, the
debugged process could raise an exception,
finally unveiling the existence of IDA Stealth
Bugfix: Hiding of possibly existing kernel debugger now working correctly
Bugfix: Fake parent process and Hide IDA from process list are no longer mutual
exclusive
Bugfix: NtQueryInformationProcess hook accepted too small input buffers
Bugfix: NtQueryInformationProcess hook erroneously assumed the process
handle to be always that of the current process
Bugfix: Exception caused by closing an invalid handle is now properly hidden from
the debugged process by using SEH or Vectored exception handling
Bugfix: NtSetInformationThread wasn’t hooked at all due to a typo
Bugfix: Added checks to hook functions so they behave as expected when an
invalid handle is passed. Affected functions:
NtSetInformationThread
SuspendThread
SwitchDesktop
NtTerminateThread
NtTerminateProcess
Bugfix: RtlGetVersion returned wrong platform ID and build number
Added: Console version of IDA is also hidden from process list
DefCon 16 September 4, 2008
Posted by reversengineering in NEWS.add a comment
All the presentations all the CD is out now.
DefCon had released all the materials in the CD given to registrants for the conference.
Hope it’s useful. 
https://www.defcon.org/html/links/defcon-media-archives.html
Kernel Detective v1.0 September 4, 2008
Posted by reversengineering in OTHER, TOOLS.2 comments
Kernel Detective v1.0 by GamingMaster/AT4RE
Kernel Detective is a free tool that help you detect, analyze, manually modify and fix some Windows NT kernel modifications. Kernel Detective gives you the access to the kernel directly so it’s not oriented for newbies. Changing essential kernel-mode objects without enough knowledge will lead you to only one result, BSOD
With Kernel Detective you can:
Enumerate running processes and print important values like Process Id, Parent Process Id, ImageBase, EntryPoint, VirtualSize, PEB block address and EPROCESS block address. Kernel Detective also has special scan methods for detecting hidden processes
Enumerate a specific running processe Dynamic-Link Libraries. Also show every Dll ImageBase, EntryPoint, Size and Path .
Enumerate loaded kernel-mode drivers and show every driver ImageBase, EntryPoint, Size, Name and Path. Also it has special methods for detecting hidden drivers.
Scan the system service table (SSDT) and show every service function address and the real function address. You can restore single service function address or restore the whole table.
Scan the shadow system service table (Shadow SSDT) and show every shadow service function address and the real function address. You can restore single shadow service function address or restore the whole table
Scan the interrupts table (IDT) and show every interrupt handler offset, selector, type, Attributes and real handler offset. This is applied to every processor in a multi-processors machines.
Scan the important system kernel modules, detect the modifications in it’s body and analyze it. For now it can detect and restore inline code modifications, EAT and IAT hooks. I’m looking for more other types of hooks next releases of Kernel Detective.
A nice disassembler rely on OllyDbg disasm engine, thanks Oleh Yuschuk for publishing the source code of your nice disasm engine . With it you can disassemble, assemble and hex edit virtual memory of a specific process or even the kernel space memory. Kernel Detective use it’s own Read/Write routines from kernel-mode and doesn’t rely on any windows API. That make Kernel Detective able to R/W processes VM even if NtReadProcessMemory/NtWriteProcessMemory is hooked, also bypass the hooks on other kernel-mode important routines like KeStackAttachProcess and KeAttachProcess
http://letitbit.net/download/c1212e590430/Kernel-Detective-v1.0.zip.html
