ExeFog v.1.1 ImpREc Plugin September 17, 2008
Posted by reversengineering in OTHER, TOOLS.1 comment so far
by :donny
here is my import fixing plugin for ImpRec…
my first plugin ever
http://letitbit.net/download/cf032d464939/ExeFog-v.1.1-ImpREc-Plugin.rar.html
Immunity Debugger v1.73 September 17, 2008
Posted by reversengineering in DEBUGGER, Immunity Debugger, TOOLS.3 comments
from:http://debugger.immunityinc.com
We have put out the 1.73 release which is a maintenance release that has a few more bugfixes as well as a DLL injection function in the debugger API.
The list of changes are as follows:
- Immunity Debugger API
- Added inject_dll() method to load a DLL into the debuggee
- Bug Fixes
- Fixed pathing issue when updater.exe spawns debugger
- Fixed MemoryPage.getOwner() to return only the module name
- Fixed hang when opening Immlib-> Lib References menu item
You can upgrade your current Immunity Debugger by going to Help/Update
or directly downloading the new installer from
http://www.immunityinc.com/products-immdbg.shtml
Thanks for using Immunity Debugger, and all your patience while we resolved these last few issues.
Sincerely
Team Immunity
Cheats Maximal 8.6 September 17, 2008
Posted by reversengineering in OTHER, TOOLS.1 comment so far
Cheats Maximal 8.6
CheMax is one of the best offline cheat-base for PC games. The base is based on ChEaTs software and it is fully rewritten and updated. There are no hints or solutions in its base, only pure cheat codes, level codes and easter eggs. Current version of CheMax contains cheats for more than 5434 games! This program is freeware, so you can use it without paying anything!
Resources Extract v1.03 September 17, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
Resources Extract v1.03
ResourcesExtract is a small utility that scans dll/ocx/exe files and extract
all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more…) stored
in them into the folder that you specify.
You can use ResourcesExtract in user interface mode, or alternatively, you can run
ResourcesExtract in command-line mode without displaying any user interface.
http://letitbit.net/download/73d9e7254500/resourcesextract.zip.html
Reverse Engineering: Smashing the Signature September 17, 2008
Posted by reversengineering in RCE.add a comment
Title: Reverse Engineering: Smashing the Signature
Date:
August 19th 2008
Author:
Nicolaou George
able of Contents
Introduction ……………………….3
Tools ………………3
Example Software ……………….3
Program Analysis ……………………..3
Source Code ……………3
User Interface ………………..6
Assembled Code………………..6
Binary Code Encryption ……………..8
Final Words ………………….19
SEH Overwrites Simplified v1.01th September 17, 2008
Posted by reversengineering in RCE.add a comment
Title: SEH Overwrites Simplified v1.01th
Date: October 29 2007
Author: Aelphaeis Mangarae
Table of Contents
Introduction
What Is The SEH Handler?
Pointer to Next SEH?
Microsoft Stack Abuse Protection Explained
Searching for Appropriate Addresses
Theory of SEH Overwrites & Exploitation
Theory of Windows XP SP2 & 2003 SP1 Exploitation
Windows XP SP2 & 2003 SP1 Exploitation
PLEASE READ
About The Author
Greetz To
Reverse Engineering:Anti-Cracking Techniques September 17, 2008
Posted by reversengineering in RCE.add a comment
Author:
Charalambous Glafkos
Date:
April 12th 2008
Table of Contents
Introduction…………………………….3
TODO………………….3
Reverse Engineering Tools………………………3
Reverse Engineering Approaches …………………..4
Example Software…………………….4
Program Analysis……………………………..4
Approach No1 (String References)………………………5
Suggestions (Approach No1)………………….7
Approach No2 (Breakpoint on windows API)……………………….8
Suggestions (Approach No2)……………9
Approach No3 (Stack Tracing)……………….10
Suggestions (Approach No3)…………………………….12
Binary Code Patching: …………………………….13
Approach No1 (Branch Patching)……………………….20
Approach No2 (Replace functions) ……………………..21
Serial Generating………………………..22
Code Reconstructing………………………22
Code Ripping………………………….23
Other …………………………..24
MS API function pointers hijacking September 17, 2008
Posted by reversengineering in RCE.add a comment
by: shinnai
In this paper I’ll demonstrate how to use some API functions pointers to execute
arbitrary code on a user’s pc. This is not a bug, but I consider it as a simply
security flaw.
Playing around with (old?)SEH September 17, 2008
Posted by reversengineering in RCE.2 comments
bY suN8Hclf aka crimsoN_Loyd9
08.06.2008
http://letitbit.net/download/ed2339869626/Playing-around-with–old–SEH.txt.html
edited
– and –!!
check it again
IDA and obfuscated code-Ilfak Guilfanov September 17, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
Translation: Chinese » English
from:pediy.com
Read the small, seemingly very good. Vm inside some of the analysis.
http://letitbit.net/download/ad8f99418824/caro-obfuscation.rar.html
ActiveMARK Decrypter 1.0 September 17, 2008
Posted by reversengineering in OTHER, TOOLS.add a comment
nice summer with ARTeam 
ActiveMARK Decrypter 1.0 – ARTeam (Bilingual English/Spanish)
ActiveMark programs are like compressed and crypted archives, containing different files, like zip. This tool help you extracting and decrypting them
Released Summer/2008
Features:
- Provides information about ActiveMARK protection on any file.
- Identifies the protection version.
- Unpacks & decrypts the content of any ActiveMARK protected file.
- Allows an internal analysis of the content of every compressed file within the encrypted container.
- It works statically (none executable is launched).
- Detects automatically the language in your system.
How to use:
Select first any executable. Then you can decrypt any external file associated to it, using the Uncompress key.
Note: Any ActiveMARK encrypted file is similar to a .zip or .rar file, containing several files in its inside.
Coded & designed by Nacho_dj/ARTeam
http://arteam.accessroot.com/releases.html
or
http://letitbit.net/download/895147251081/ActiveMARKDecrypter-10-by-Nacho-dj.rar.html
Enigma Protector 1.53 Build 2008.09.15 September 17, 2008
Posted by reversengineering in NEWS, PROTECTOR, TOOLS.1 comment so far
What’s new: The Enigma Protector 1.53 Build 15 September 2008
Added possibility to embed any types of files into protected file without writing these files to the disk
Added about 17 anti-debugger plugins
Added possibility to embed own plugins into protected files
Added checkup of Windows user’s privileges
Added hardware lock – “Hard Disk Serial Number”
Added support JPEG and PNG files for Splash Screen
Added “Close on mouse click” in Splash Screen
Added “Stop execution when splash screen is showing” in Splash Screen
Added checkup of Virtualization tools – VirtualBox
Added examples of using of EP_ProtectedStringByID and EP_ProtectedStringByKey functions, see Examples\ProtectedStrings folder
Added API EP_ProtectedStringByID and EP_ProtectedStringByKey that return protected strings
Added Protected Strings feature to protect user defined strigns
Added examples of EP_MiscGetWatermark, see Examples\Watermarks folder
Added Enigma API EP_MiscGetWatermark that returns watermarks from the file
Bug fixed when protecting overlay files with “File size preservation” feature enabled
Bug fixed in Checkup – Windows version
Bug fixed in some dlls that are using DecryptOnExecute marker
Bug fixed in some applications when reading relocations directory
Bug fixed when using DecryptOnExecute marker in dlls
Bug fixed in some applications that are protected with Advanced force import protection + DecryptOnExecute marker
Bug fixed with loading older created project files
Bug fixed when executing older protected version after new one has been executed
http://www.enigmaprotector.com/assets/files/enigma_1.53_20080915_en_demo.exe
ExeInfo PE ver. 0.0.1.9 C September 17, 2008
Posted by reversengineering in DETECTOR, TOOLS.add a comment
13.09.2008
added new skin, tools/ antipacker / sign counter / new signatures / bug fixed
http://letitbit.net/download/1355bd893695/exeinfope1.9c.zip.html
2 new tool from ARTeam September 17, 2008
Posted by reversengineering in OTHER, TOOLS, UNPACKERS.add a comment
xFile 1.4.0.36 Released!
The File Update Module increases the size of a file to the specified value. Just enter the “Desired Size” in bytes and you’re all set. Works with all file types, with compressed/packed files also, but files with integrity check are not supported. Also, backup option has been implemented.
The Hide Caption Tool is ideal for hiding the caption of any application. Just build a list with the full/partial captions you want to hide and hit Enable. Changes apply in realtime and checks are made often to hide all instances of the application.
The Junk Cleanup Module is useful for deleting Olly’s UDD and BAK files. Also, there is an option to backup files before deletion (ZIP).
NEW! The Resource Fix Module (based on DreamTheatre’s engine) comes in handy after unpacking. Just rebuild the resources, so that you can edit them without crashing the program. You can also dump the resources to file.
Additional features:
* Drag and Drop support
* file CRC Calculator
* auto-refresh of UDD folder
* auto-save settings
* Hide Caption works faster (Partial Captions are now supported)
* fixed minor UI bugs
ArmaG3ddon V1.5
Current Release: v1.5 September 2008
+ minor updates to improve stability
+ fix problem with hardware fingerprints
+ update Arteam Import Reconstructor v1.2.1 (Nacho_dj)
Includes:
+ Sorted imports
+ Fixed bug for UPX targets in the new Armadillo 6 code
Special Note: This tool has been built using Visual Studio 2005 and is now installed via an *.msi file. Nothing too much has changed other than the use of an installer and where it wants to put the new app.
You can change the default installation folder, also, you must use Control panel / add / delete programs to uninstall the program.
As a result of this change, the resultant d/l is larger due to the installer program.
get it here: http://arteam.accessroot.com/releases.html
or
http://letitbit.net/download/c42ccc366838/xFile-1-4-0-36-by-anorganix.rar.html
http://letitbit.net/download/14c469330314/Armag3ddon-v15-by-CondZero.rar.html
