Kaspersky Key Finder V1.5.1 (KKF) October 29, 2008Posted by reversengineering in OTHER, TOOLS.
This application is designed to access a database hosted online and list over hundreds of keys offered to you for almost every week (there is Over 800 Keys working in the database, and always growing). There is no need any more to search the web for the latest keys. All you have to do from now on is start this application, click on list the keys from the database and select the keys that are valid for your software version, select one of the FIVE servers (mirros) you need to download from then click to download it in seconds (No more Rapidshare to wait or Online to search) Download directly from the database which is updated every week with more keys. Currently last update is Oct 15th, 2008.
With this application, it’s the finale of the constant search for a valid key.
Keys list upto date as follow:
1- Keys for Kaspersky Anti-Virus (KAV) Version 6, 7, and 8
2- Keys for Kaspersky Internet Security (KIS) Version 6, 7, and 8
If the application is not working, ensure you have .NET Freamework 3.5 from Microsoft.
1- Now it’s Windows Vista Compatible.
2- Changed a line in the code that Antivirus application considered it as a risky hacking tool.
3- If the user does not have C drive, the access to the Database will fail.
4- Added “Download History”.
How to Stop Kaspersky from blocking this application?
If you don’t follow these steps, you will not be allowed to start the application (because Kaspersky disable it, and it will show you as the file is not a valid win32 application) and Kaspersky may delete the file or show you a warning message all the time.
Themida v220.127.116.11 crkd October 29, 2008Posted by reversengineering in PROTECTOR, TOOLS.
Themida v18.104.22.168 Cracked by Nooby with NET Support
i find this note in the web (http://hi.baidu.com) and i seen that in browser by thai enconding !!
if u translate this share it in comment thanx
and like always if u like it buy it and support the developers and dont use that for not good program= worm or virus or trojan and …!!
าิฯยื๗ี฿ถผสว nooby (unpack ตฤID )
0×61, 0xE9, 0xAF, 0×01, 0×00, 0×00
สวหฎำกตฤฬุี๗ฃฌHide PE Scannerักฯ๎ธฤฑไืลธ๖ถจึต
00F9D7A2 60 pushad
00F9D7A3 BB 78563412 mov ebx, 12345678
00F9D7A8 8DB5 9E165809 lea esi, dword ptr [ebp+958169E]
00F9D7AE 8DBD A3385809 lea edi, dword ptr [ebp+95838A3]
00F9D7B4 E9 07000000 jmp 00F9D7C0
00F9D7B9 301E xor byte ptr [esi], bl
00F9D7BB 003E add byte ptr [esi], bh
00F9D7BD D1CB ror ebx, 1
00F9D7BF 46 inc esi
00F9D7C0 3BF7 cmp esi, edi
00F9D7C2 ^ 0F82 F1FFFFFF jb 00F9D7B9
00F9D7C8 61 popad
00F9D7C9 C3 retn
(BYTE[n] – KEY1>>n | KEY1<<(32-n)) ^ KEY2>>n | KEY2<<(32-n)
หตตฝkeyฃฌณ�มหฟษาิธ๚VMป๑ตราิอโฃฌำษำฺำรตฤสวRORภดฑไปปKEYฃฌำฺสวี๋ถิรฟ8ธ๖ืึฝฺส�พ�ฃฌฑุศปฟษาิศทถจาปธ๖ป๒ี฿ศ๔ธษธ๖KEY BYTEตฤื้บฯฃฌีโั๙รถพูมฟึปำะ0xFF * 0xFF * 4 * n
nศกพ๖ำฺฒปศทถจื้บฯตฤส�มฟฃฌฑศศ็ส�พ�ฮช0ฃฌkeyตฤbit patternึปาชาปึยพอฟษาิฃฌำะ2^n (nฮชธร8ืึฝฺฤฺส�พ�ฮช0ตฤืึฝฺตฤส�มฟฃฉึึื้บฯกฃีโึึฒปศทถจะิาชิฺตฺ32ืึฝฺบ๓ฒลฤ�ฬๅฯึณ๖ภดฃฌฒขวาฟษาิธ�พ฿32ฮปาิบ๓ตฤทว0ส�พ�ภดศทถจbit patternฃฌำฺสวดำาปธ๖ฐดนๆิ๒ัญปทฮปาฦตฤะ๒มะฮารวาปถจฟษาิตรณ๖าปธ๖keyฃฌฒขวาฑฃึคถิำฺีโธ๖ะ๒มะฝโย๋ี�ศทกฃ
RUN TRACEฃฌฬ๕ผ�ด๓ทถฮงสว ึธม๎ฮชjmp esiฃฌศปบ๓CTRL+F11
push dword ptr[eax]
push dword ptr[ebx]
push dword ptr[ecx]
push dword ptr[edx]
push dword ptr[edi]
push dword ptr[esp]
027EE7A3 FF30 push dword ptr [eax]
027EE7A5 813424 DC7F7970 xor dword ptr [esp], 70797FDC
VM V 22.214.171.124 ตฤ ฦฦฝโฐๆฑพ ำษ nobody ทลณ๖…….
X-Ways Winhex v15.1.SR-4 October 29, 2008Posted by reversengineering in OTHER, TOOLS.
add a comment
X-Ways Winhex v15.1.SR-4 Keymaker FIXed
only for test if u like this software buy it and support the developers thx
Flynano v1.1 (Armadillo nanomites INT3 tracer) October 29, 2008Posted by reversengineering in OTHER, TOOLS.
add a comment
Flynano v1.1 (Armadillo nanomites INT3 tracer)
An INT3 tracer for on-the-fly Armadillo nanomites jumps from nanomite tables.
Created from OllyDbg source > asmcode.dll, created for asm command opcodes.
//1 asm func Pchar ex:”JMP 4BC474″
//2 eip addr Cardinal (in C++ -ulong) ex: $4BC46D
//return Opcode PChar ex: EB05
dup 2.18 Final October 29, 2008Posted by reversengineering in OTHER, TOOLS.
add a comment
-replaced WinExec API by ShellExecute for Windows Vista
-bugfix in Dialog for editing S&R Pattern Occurrence
-added check for skin button IDs
-improved window resizing engine
-added option “trim to path” for Registry Paths
-loader can save now targetfilepath to inifile when its not in same folder
-added TitchySID player for .sid file playback
-added new option for attached files: overwrite existing file
-added support for disabled patch button skin
-added multilanguage support
-fixed bug with tooltip width. long hexpatterns are displayed now in multiple lines
-compiled with new MASM v10
-bugfix when executing attached files
-bugfix for resource (skin) updater
-strings for patcher.exe can be modifed now inside a skin
diablo2oo2′ OllyDbg updated October 29, 2008Posted by reversengineering in DEBUGGER, TOOLS.
1 comment so far
diablo2oo2 :And last i also updated my custom ollydbg package.
StrongOD v0.18 [2008.09.18] October 29, 2008Posted by reversengineering in OLLY'S PLUGINS, TOOLS.
add a comment
OllyDBG v1.10 plugin – StrongOD v0.18 [2008.09.18]
1, to repair the Ctrl G calculation rva, offset when a small BUG
2, when the program is not running the state, Detach before running program
3, restoration of the original data OD zone copy BUG
4, repair od after the CPU running very high occupancy rate BUG
5, you can set it to skip some of the exception handling
1, to skip some of the improper handling of the abnormal OD
2, correctly handle the instructions int 2d
1, joined the drive to protect the process, the hidden window, over most of the anti-debugging
2, driver support for the custom equipment 000 (ollydbg.ini of DeviceName, equipment were not more than 8 characters)
ollydbg.ini of [StrongOD], you can set up their own
HideWindow = 1 to hide the window
HideProcess = 1 to hide the process
ProtectProcess = 1 protection process
DriverKey =- 82693034 and the key driver of communication
DriverName = fengyue0 who drives (not more than 8 characters)
3, OD will be the creation of the parent process into the process explorer.exe (copied from shoooo code)
The increase in the version of the driver, if a blue screen, set up minidump spread to the Forum, thank you
OllyDbg original use as much as possible, and other generally do not need the anti-anti plugin in conjunction with plug-in (including phant0m)
Syser Debugger 1.99.1900.1095 October 29, 2008Posted by reversengineering in DEBUGGER, TOOLS.
Syser Debugger is designed for Windows NT Family based on X86 platform. It is a core-level debugger with full-graphical interfaces and supports assembly debugging and source code debugging. Syser Debugger is able to debug Windows applications and Windows drivers. Don’t leech from kopona.netSyser Debugger perfectly combines the functions of IDA Pro, Softice and Ollydbg, which makes operations easier and faster and provides powerful functions. It supports multi-CPU and Intel Hyper-Threaded processors.
- Supports color disassembly.
- Source code debugging supports syntax coloring.
- Source code debugging supports collapsing mapping between source code and assembly instructions.
- Supports dynamic loading and unloading.
- entire keyboards operations support. (If is doing not have mouse equipment situation all operations all to be allowed to use keyboard to operate)
- Full mouse action support (if no keyboard is available, all operations can be performed through mouse commands).
- Commands are Softice-compatible
- Multi-language support, fully implemented unicode at low level.
- Supports plug-ins.
- Supports multi-CPU and Intel Hyper-Threaded processors.
- Supports startup scripts (similar to batch files).
- Supports clipboard function, able to copy data from Ring 3 debugger to Ring 0 debugger.
- Fully supports PDB debugging symbol files.
- Automatically load drivers to debug.
- Supports comments adding when debugging.
- Supports bookmark function.
- Don’t leech from kopona.net.
- Address navigation is supported in disassembly windows and users can browse different functions quickly by double-clicking.
- Source code debugging supports quick view of variables and users can view variable types and values by moving cursor over variable names.
- Syser is the perfect combination of IDA and Softice functions.
- Supports address cross-reference lists.
- Supports data reference lists.
- Supports the advanced processing modes of pointing devices, such as TouchPad, TrackPoint.
- Supports multiple data windows.
- Supports multiple code windows to facilitate the browsing of assembly code.
- Supports run trace mode for ollydbg.
• подсветка листинга дизассеблера
• динамическая загрузка и выгрузка
• поддержка работы с клавиатурой и мышью
• поддержка всех команд отладчика Softice
• поддержка юникода, многоязычный интерфейс
• поддержка плагинов
• поддержка многопроцессорных систем с Intel Hyper-Threaded процессоров
• поддержка скриптов
• поддержка буфера обмена, позволяющего копировать данные из уровня Ring 3 в уровень Ring 0
• корректная совместная работа с Softice
• автоматическая загрузка драйверов для отладки
• добавление комментариев в отладку
• поддержка cross-reference и data reference
• многооконный интерфейс
• и многое другое
2008.10.01 Syser Debugger 1.99.1900.1083
1. Add thread command.
2. Add hwnd command.
3. Add objtab command.
4. Add bmsg command.
5. Add bmsg command.
6. Add TID public symbol in syser,support breakpoint in one thread . example: bpx CreateFileA if TID==54c
7. Fixed a BOSD bug on window 2000 in SDbgMsg.sys.
8. Fixed a BOSD bug in syser.sys.
Detemida v126.96.36.199 October 29, 2008Posted by reversengineering in DETECTOR, TOOLS.
add a comment
Detemida v188.8.131.52 – Detection tool for Themida protected programs
- Identifing programs proteced by major Themida/WinLicense releases.
- Decode/View Watermarks
- POC to all antivirus companies that Themida protected programs are identical, even with all “Hide from PE Scanners” option on or even heavily DIYed.
- End of hope to those people who wanted to use Themida to protect trojans from antivirus.
- Fuzzy matching, static decoding.
- Watermark info and version
- If there is an identical Themida OEP
- 4 Fuzzy matching methods
- 6 Hide from PE Scanners detection with method info
- 3 section data detection
- Decoding Themida encrypted sections
- Coding style pattern matching
As for the last 2 newly added detection methods, there will be false-positive cases, send me the file if you want.
Themida and WinLicense 184.108.40.206 (Unpacking) October 29, 2008Posted by reversengineering in MUPS, Themida.
Themida and WinLicense 220.127.116.11 (Unpacking) by LCF-AT
Today I show you an example how to unpack Themida / WinLicense
Unpack WinLicense_UnpackMe! v18.104.22.168
- Find OEP / Near OEP / stolen code
- Find IAT / Magic Jump / Use GDI32 – API will not redirect in TM / WL
- Get Full IAT / Fix VM API call´s and jump´s / Use Script
- Repair stolen code / find input and output / log results
- Delete useless section´s to reduce the target size
PE iDentifier v 0.95 (PEiD) October 29, 2008Posted by reversengineering in DETECTOR, TOOLS.
“PEiD v0.95 is now available for download.
PEiD 0.95 got released to stall for the comming 1.0 version and to show that we are still alive.
If you have any questions visit the forum: PEiD Forum”
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 470 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out there!
1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag’n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
There are 3 different and unique scanning modes in PEiD.
The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.
The *Deep Mode* scans the PE file’s Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.
The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.
The scanner’s inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!
Snaker, Qwerton, Jibz
Bulk Labelling PlugIn 1.0 October 29, 2008Posted by reversengineering in OLLY'S PLUGINS, TOOLS.
add a comment
There are 8 files in this package, including this ReadMe.
1. BlkLabel.dll ) Copy to OllyDbg
2. SubLabel.dll ) Folder to obtain Clarion MAP
3. BlkLabel.chm ) PlugIn functionality
Create a SubLabel.dll to obtain specific functionality for your Programming Language IDE Output. The specificalion of
SubLabel.dll is set out in BlkLabel.chm. In essence all that is required are two Exports:
MAPFilePerCharacterHandler … which will receive each Character read (as a 1 Character C-String). (It will also receive,
via a similar 1-Character C-String, the Previous Character … this may, or may not, be of use … depends on circumstances).
If Character translation is necessary, overstore the Current Character with a translation (Unicode is NOT supported here). In
this case of SubLabel.dll as supplied, the only translation performed is to turn Tab Character (09h) into a single Space
The record that is built, via MAPFilePerCharacterHandler, is – when completed – handed over to:
MAPFilePerRecordHandler … from which Label-Address pairs can be extracted any-which-way you want. Use OllyDbg
“_Insertname” to insert them.
4. BlkLabel.clw is the Clarion Source Text of the main PlugIn.
5. SubLabel.clw is the Clarion Source Text that supports a Clarion Memory Map file.
(Being written in Clarion they should be perfectly readable, but will probably be useless to you. This is, of course,
precisely the problem *I* have, IN REVERSE, with ALL examples supplied by other people … unless the functionality is
described in non-specific/universal terms … as I have tried to do here).
6. Veronica.obj is my Asssembler-coded stuff that provides ‘interfacing glue’ between C-Style and Clarion-Style, comprising
such Functions as SaveRegisters(), RestoreRegisters(), StringCopy(), RemoveLeadingSpaces(), RemoveTrailingSpaces(), etc.
7. Veronica.clw is a Source File Text which declares the Prototypes of the Exports of Veronica.obj.
This PlugIn is really only useful to those who write their own software, using an IDE that can create a Memory Map. In this
case you would find it very useful to be able to transfer your Symbols into OllyDbg. Things become much easier to find!
(As far as I can see) The only thing necessary would be to create a SubLabel.dll – as explained above – to decipher RECORDS
presented sequentially from the Memory Map of your choice … which should not be a big job. BlkLabel itself does all the
Author: Veronica Chapman
new scripts for ollydbg October 23, 2008Posted by reversengineering in Scripts, TOOLS.
1 comment so far
Themida and WinLicense
ASProtect SKE v2.4 build 12.20 RETAiL October 23, 2008Posted by reversengineering in PROTECTOR, TOOLS.
1 comment so far
hi my friends
after a long time i am here again
i will answr to ur comments check it out please
i hope u well
only crack file