Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0 November 20, 2009
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0
By [SND]quosego
Hi all,
It’s time to make a final stand. Oreans it’s your turn now.
This package includes the following;
WL.&.TM.VM.dumper.&.IAT.CodeEnc.Fixer.v2.6.0-SnD
A script to unpack all known versions of Winlicense and Themida using any options.
The script will unpack all known Themida and Winlicense applications
using virtual machine antidump on Windows XP. (v1.8x – 2.1.0.0)
Known issues;
-Version retrieving can error, switch it off when neccesary.
-VM oeps are not always retrieved you must rebuild or find them yourself.
-Memory loaded dll’s are not dumped.
-The script stops after asking for the new antidump locations, just resume the script when it does.
Usage;
Step 1: Unpack an application using this script.
(Start at system entrypoint, EP break must be available,
no other breakpoints)
Step 2: When neccesary attach the dumped VM. Fix VM oep.
Step 3: Dump and Imprec.
Always read the log it holds vital information. Also there are several options that can be modified in the first few lines of this script.
Tinker with it if it doesn’t unpack your app.
The.Oreans.(Themida&Winlicense).VM.antidumps-Q
An article covering all antidumps, including more newer ones.
Running.Winlicense.Protected.Applications.Without.Licenses-SND
An article on how to run Winlicense protected apps without licenses.
I owe my gratitude to the whole of the webscene for support,
inspiration , ideas and the supply of information/executables.
Especially;
-A lot of suppliers.
-ARteam for being rumored to be the first to have found the first antidumps.
-An unnamed American.
-Lena for showing so many people the way.
-Teddy, for supplying us tuts4you.
-Team SND old and new members.
And most of all just have fun with this all. Use it for knowledge, the challenge and fun.
Monetary gain is never to be aspired.
regards,
http://letitbit.net/download/2216.28c286be4bac9432d2fd791f9/tmd.rar.html
Unpacker ExeCryptor RC2 October 14, 2009
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
http://letitbit.net/download/0229.0ec181aaf5ad1e8a17e074379/Unpacker_ExeCryptor_RC2.rar.html
Quick Unpack 2.2 October 14, 2009
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
by tPORt
http://letitbit.net/download/0314.0278e133219167ad3bddefe1f/Quick_Unpack_2.2.Tool.tPORt.rar.html
Unpacker_ExeCryptor_2.x.x_v1.0_RC2 January 7, 2009
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
What’s new:
v1.0 release candidate 2
————————
* Fixed bug in import rebuilding
* Added dynamic OEP search method
* Added manifest and file version information
* Added support for unpacking dll files with stripped relocations
* Fixed other minor bugs
http://vip-file.com/download/6ac381781913/Unpacker-ExeCryptor-2.x.x-v1.0-RC2.zip.html
ArmInline v0.96ff December 18, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
Bugfix: A couple of bug reports filtered in over the years, all pertaining to the Nanomite loader. Two fairly important fixes were made, so I thought I’d publish them
http://vip-file.com/download/c4c4ab235065/Armadillo-ArmInline-0.96ff.zip.html
GUnPacker.V0.4 generick unpacker & helper November 12, 2008
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
GUnPacker.V0.4 generick unpacker & helper
ACProtect 1.09、1.32、1.41、2.0
AHPack 0.1
ASPack 102b、105b、1061、107b、1082、1083、1084、2000、2001、21、211c、211d、211r、212、212b212r
ASProtect 1.1,1.2,1.23RC1,1.33,1.35,1.40,SKE.2.11,SKE.2.1,SKE.2.2,2.3.04.26,2.4.09.11
Alloy 4.1、4.3
alexprot 1.0b2
Beria 0.07
Bero 1
BJFNT 1.2、1.3
Cexe 10a、10b
DragonArmor 1
DBpe 2.33
EPPort 0.3
eXe32Pack 1.42
EXECrypt 1
eXeStealth 2.75a、2.76、2.64、2.73、2.76、3.16(支持,但效果不是很好)
ExeSax 0.9.1(支持,但效果不是很好)
eXPressor 1.4.5.1、1.3(支持,但效果不是很好)
FengYue’Dll unknow
FSG 1.33、2.0、fsg2.0bart、fsg2.0dulek
GHF Protector v1.0(支持,但效果不是很好)
Krypton 0.2、0.3、0.4、0.5(For ALL 支持,但效果不是很好)
Hmimys Packer UnKown
JDProtect 0.9、1.01、2.0
KByS unknow
MaskPE 1.6、1.7、2.0
MEW 11 1.0/1.2、mew10、mew11_1.2、mew11_1.2_2、mew5
molebox 2.61、2.65
morphine 2.7(支持,但效果不是很好)
MKFpack 1
Mpress UnKown
Mucki 1
neolite 2
NCPH 1
nsapck 2.3、2.4、3.1
Obsidium 1.0.0.69、1.1.1.4(For ALL 支持,但效果不是很好)
Packman UnKown
PCShrink 0.71
PC-Guard v5.0、4.06c
PE Cryptor 1.5
PEBundle 2.3、2.44、3.0、3.2
PE-Armor 0.46、0.49、0.75、0.765
PECompact 1.x
PEDiminisher 0.1
PELock 1.06
PEncrypt 4
pepack 0.99、1.0
PELockNt 2.01、2.03、2.04
PEtite 1.2、1.3、1.4、2.2、2.3
PKlite32 1.1
PolyCryptA UnKown
peshield 0.2b2(支持,但效果不是很好)
PESpin 0.3(支持,但效果不是很好)、0.7、1.1、1.3
PEX 0.99
PolyCrypt PE 1.42
PUNiSHER 1.5(支持,但效果不是很好)
RLPack 1.1、1.6、1.7、1.8
Rubbish 2
ShrinkWrap 1.4
SDProtector 1.12、1.16
SLVc0deprotector 0.61(支持,但效果不是很好)、1.12
SimplePack 1.0、1.1、1.2
SoftSentry 3.0(支持,但效果不是很好)
Stealth PE 1.01、2.1
Stone’s PE Encryptor 1.13
SVKP 1.11、1.32、1.43
ThemidaDemo 1.0.0.5
teLock 0.42、0.51、0.60、0.70、0.71、0.80、0.85、0.90、0.92、0.95、0.96、0.98、0.99
Upc All
Upack “0.1、0.11、0.12、0.20、0.21、0.22、0.23、0.24、0.25、0.26、0.27、0.29、
0.30、0.31、0.32、0.33、0.34、0.35、0.36、0.37、0.38、0.39、0.399″
UPolyX 0.2、0.5
UPX “0.51、0.60、0.61、0.62、0.71、0.72、0.80、0.81、0.82、0.83、0.84、0.896、
1.0w、1.03、1.04、1.25w、2.0w、2.02、2.03、3.03、UPX-Scrambler RC1.x”
V2Packer 0.02
VisualProtect 2.57
Vprotector 1.2
WindCrypt 1.0
wwpack32 v1.20、v1.11、v1.12
WinKript 1
yoda’s cryptor v1.1、v1.2
YZPACK 2.0
yoda’s Protector v1.02、v1.03.2、v1.03.3、v1.0b
original & unpacked:BY PAVKA
http://letitbit.net/download/e26a01440450/GUnPacker.V0.4.By.rar.html
asprotect unpackers November 12, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
http://letitbit.net/download/3ff267103447/stripper-v2.13b9.rar.html
http://letitbit.net/download/4fecc3897007/stripper-v2.07f.zip.html
http://letitbit.net/download/079257596467/stripper-v2.11rc2.zip.html
http://letitbit.net/download/3110cd452204/CASPR-v1.0.12.rar.html
http://letitbit.net/download/25129e80979/ASProtect.zip.html
http://letitbit.net/download/615199657920/Aspr-v2.XX-unpacker-v1.0E.rar.html
http://letitbit.net/download/fcf976186402/ASPriNF-v1.6-beta.rar.html
http://letitbit.net/download/e8ace655459/stripper-v2-1-.11rc2.zip.html
ArmaG3ddon V1.5.1 September 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.5 comments
ArmaG3ddon V1.5.1
the installer has been removed, it was asking for .net framework, even if the program is pure c++.
Anyone that used the *.msi package should uninstall the program using Control Panel >> remove program, Then they can use the new package (which doesn’t use the installer).
http://arteam.accessroot.com/releases.html
http://letitbit.net/download/7f1c2e751233/ArmaG3ddon-v151-by-CondZero.rar.html
2 new tool from ARTeam September 17, 2008
Posted by reversengineering in OTHER, TOOLS, UNPACKERS.add a comment
xFile 1.4.0.36 Released!
The File Update Module increases the size of a file to the specified value. Just enter the “Desired Size” in bytes and you’re all set. Works with all file types, with compressed/packed files also, but files with integrity check are not supported. Also, backup option has been implemented.
The Hide Caption Tool is ideal for hiding the caption of any application. Just build a list with the full/partial captions you want to hide and hit Enable. Changes apply in realtime and checks are made often to hide all instances of the application.
The Junk Cleanup Module is useful for deleting Olly’s UDD and BAK files. Also, there is an option to backup files before deletion (ZIP).
NEW! The Resource Fix Module (based on DreamTheatre’s engine) comes in handy after unpacking. Just rebuild the resources, so that you can edit them without crashing the program. You can also dump the resources to file.
Additional features:
* Drag and Drop support
* file CRC Calculator
* auto-refresh of UDD folder
* auto-save settings
* Hide Caption works faster (Partial Captions are now supported)
* fixed minor UI bugs
ArmaG3ddon V1.5
Current Release: v1.5 September 2008
+ minor updates to improve stability
+ fix problem with hardware fingerprints
+ update Arteam Import Reconstructor v1.2.1 (Nacho_dj)
Includes:
+ Sorted imports
+ Fixed bug for UPX targets in the new Armadillo 6 code
Special Note: This tool has been built using Visual Studio 2005 and is now installed via an *.msi file. Nothing too much has changed other than the use of an installer and where it wants to put the new app.
You can change the default installation folder, also, you must use Control panel / add / delete programs to uninstall the program.
As a result of this change, the resultant d/l is larger due to the installer program.
get it here: http://arteam.accessroot.com/releases.html
or
http://letitbit.net/download/c42ccc366838/xFile-1-4-0-36-by-anorganix.rar.html
http://letitbit.net/download/14c469330314/Armag3ddon-v15-by-CondZero.rar.html
[request links] September 16, 2008
Posted by reversengineering in E-BOOK, OTHER, PACKER, Request, TOOLS, UNPACKERS.add a comment
http://letitbit.net/download/943775516201/Bitsum.PECompact.v2.93b3-ArCADE.rar.html
http://letitbit.net/download/d01d5f873881/VBConversions.VB.Net.To.C.Sharp.Converter.v2.21.Incl.Keygen-Lz0.rar.html
http://letitbit.net/download/b056cc127114/unpacker-execryptor-2xx-beta-2.rar.html
http://letitbit.net/download/694380806550/The-Undocumented-Functions-For-Microsoft-Windows-NT2000.rar.html
Asprotect Unpacking Tools August 27, 2008
Posted by reversengineering in TOOLS, UNPACKERS.3 comments
asprotect unpacking tools
=========================
Aspr v2.XX unpacker v1.0E
ASPriNF v1.6 beta
Aspr2.XX unpacker v1.14aSC
CASPR v1.0.12
stripper v2.07f
stripper v2.11rc2
stripper v2.13b9
http://letitbit.net/download/3ff267103447/stripper-v2.13b9.rar.html
http://letitbit.net/download/4fecc3897007/stripper-v2.07f.zip.html
http://letitbit.net/download/079257596467/stripper-v2.11rc2.zip.html
http://letitbit.net/download/3110cd452204/CASPR-v1.0.12.rar.html
http://letitbit.net/download/25129e80979/ASProtect.zip.html
http://letitbit.net/download/615199657920/Aspr-v2.XX-unpacker-v1.0E.rar.html
http://letitbit.net/download/fcf976186402/ASPriNF-v1.6-beta.rar.html
http://letitbit.net/download/e8ace655459/stripper-v2-1-.11rc2.zip.html
or
http://letitbit.net/download/dc3f76794511/asprotect-unpacking-tools.rar.html
Armadillo Unpacking Tools serie 2 August 27, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
hi
http://letitbit.net/download/8e9866263606/UnArmadillo-v1.4.rar.html
http://letitbit.net/download/ab3d52856509/Armadillo-Reducer-1.7.1-RC2.rar.html
http://letitbit.net/download/26c435634333/HWID-Changer-v.0.2-by-TrueLies.rar.html
http://letitbit.net/download/76619c869597/Armag3ddon-v14-by-CondZero.rar.html
http://letitbit.net/download/a471f8351581/Armadillo-Find-Protected.rar.html
http://letitbit.net/download/8e9866606350/UnArmadillo-v1.4.rar.html
http://letitbit.net/download/a0686e156083/Demaradillo-v0.4.rar.html
http://letitbit.net/download/0313be248144/dilloDIE-v1.6.rar.html
http://letitbit.net/download/4b9041385874/ArmadilloKiller-v2.6.rar.html
http://letitbit.net/download/9bb5c2571613/ArmadilloFindProtected-v1-.4.rar.html
http://letitbit.net/download/d71b0951038/Armadillo-Killer.v1.3.CopyMem.Edition.rar.html
http://letitbit.net/download/5c0106355004/Armadillo.Killer.2.6.build.5.rar.html
http://letitbit.net/download/cab631504194/Armadillo.DLL-OCX-Stripper.v1.6.rar.html
http://letitbit.net/download/f20e13542732/Armadillo.Goblin.v1.0.rar.html
or
Armadillo Find Protected
Armadillo Killer.v1.3.CopyMem.Edition
Armadillo Reducer 1.7.1 RC2
Armadillo.DLL-OCX Stripper.v1.6
Armadillo.Goblin.v1.0
Armadillo.Killer.2.6.build.5
Armadillo.Password.Patcher
Armadillo_Find_Protected_V1.8
ArmadilloFindProtected v1.4
ArmadilloKiller v2.6
ArmaFP_bypassAV
Armag3ddon v14 by CondZero
arminline 0.6
ArmKiller v1. 2 1 Tool by TLG_XQuader
Demaradillo v0.4
dilloDIE v1.6
HWID Changer v.0.2 by TrueLies
Un Armadillo v1.4
http://letitbit.net/download/bf46fc393054/Armadillo-Unpacking-Tools-serie-2.rar.html
Armag3ddon 1.4 August 27, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
“I am releasing the latest public version v1.4 for Armageddon tool from CondZero. Thanks a lot to CondZero and Nacho for their efforts especially supporting latest Armadillo.
One note: now the tool is called ArmaG3ddon due to blacklisting of previous name in new armadillo.
Current Release: v1.4 August 2008
+ fix some minor bugs
+ improve import redirection functionality
+ update Arteam Import Reconstructor v1.2 (Nacho_dj)
+ add support for Armadillo v6.0.0/v6.0.4 custom builds
+ new log internal EP/OEP (nanomites) option
+ add refresh option for processing multiple targets”
by CondZero
http://arteam.accessroot.com/releases.html?fid=35
http://letitbit.net/download/76619c869597/Armag3ddon-v14-by-CondZero.rar.html
Thinstall & MoleBox Package Extractor August 23, 2008
Posted by reversengineering in OTHER, TOOLS, UNPACKERS.add a comment
by Sh4DoVV
This Is A Simple Tool For Extracting Embeded File In Thinstall & MoleBox
Protected Files
Note : Please Copy Sh4DoVV.dll In Your Target Folder And Run My Script In OllyDBG
http://letitbit.net/download/852834217728/Sh4DoVV-Extractor.zip.html
RL dePacker V1.4 , Unpacker for Petite 2.1 and 2.2 [old posts] August 2, 2008
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
aUS [Advanced UPX Scrambler] 0.4 – 0.5
ASPack 1.x – 2.x
AHPack 1.x
AlexProtector 1.x
ARMProtector 0.x
BJFNT 1.3
BeRoEXEPacker 1.x
CryptoPeProtector 0.9x
CodeCrypt 0.16x
dot Fake Signer 3.x
dePack
eXPressor 1.2.x – 1.5.x
EZip 1.0
EP Protector 0.3
Escargot 0.x
EXEStealth 2.x
FSG 1.xx & 2.0
Goat’s PE Mutilator 1.6
hmimys-Packer 1.x
HidePX 1.4
HidePE 2.1
JDPack 1.x
JDProtect 0.9
KByS Packer 0.2x
Krypton 0.x
LameCrypt 1.0
MEW 1.x
nSPack 2.x – 3.x
nPack 1.x
NeoLite 1.x – 2.0
NWCC
OrIEN 2.1x
PECompact 1.x – 2.x
PeX 0.99
PC Shrink 0.71
Polyene 0.01
PackMan 0.0.0.1 & 1.0
PE Diminisher 0.1
PolyCrypt PE 2.1.5
PeTite 1.x
PEStubOEP 1.6
PELockNT 2.x
PePack 1.0
PC PE Encryptor alpha
PackItBitch
PEncrypt 4.0
PEnguinCrypt 1.0
PeLockNt 2.x
PeLock 1.0x
Perplex PE-Protector 1.x
PKLITE32 1.x
RLP 0.6.9 – 0.7.x
RLPack Basic Edition 1.x
RLPack Modifier Edition 1.x
ReCrypt 0.15 – 0.80
Stone`s PE Encryptor 2.0
StealthPE 2.1
Software Compress 1.x
SPLayer 0.08
ShrinkWarp 1.4
SPEC b3
SmokesCrypt 1.2
Simple UPX-Scrambler
SimplePack 1.x
SLVc0deProtector 1.x
tELock 0.x
UPX 0.8x – 2.x
UPXRedir
UPXCrypt
UPX Inkvizitor
UPXFreak 0.1
UPolyX 0.x
UPXLock 1.x
UG Chruncher 0.x
UPX-Scrambler RC 1.x
UPX Protector 1.0x
UPXShit 0.06 & 0.0.1
UPXScramb 2.x
VirogenCrypt 0.75
WWPack32 1.x
WinUPack 0.2x – 0.3x
Winkript 1.0
yC 1.x
yZPack 1.x – 2.x
32Lite 0.3a
!EP (ExE Pack) 1.x
[G!X]`s Protector 1.2
.
What’s new in version 0.2b:
- I corrected verification of signature ( now it should work fine )
; ? = 2 bajty
;[PEtite v2.1=B8????6A?68????64FF35????648925????669C6050]
;[PEtite v2.2=B8????68????64FF35????648925????669C6050]
- I corrected reconstruction of import symbols
- unpack dll
- new dialog box
- manifest.xml is from MSDN library.
I tested him on several programs packed by me.
How unpetite 0.2b work:
(files *.exe)
1. run program
2. It stops on access violation
3. then it searches jump to OEP
4. rebuild import symblos
5. dump and save file as unpacked.exe
(files *.dll)
1. ntdll.KiUserException is patched
2. loading of dll
3. It stops on access violation
4. then it searches jump to OEP and reconstruction of ntdll.KiUserException
5. rebuild import symblos
6. dump and save file as unpacked.dll
All notes, problems and errors send under address e-mail mirz@o2.pl .
Don’t forget, that program can have some errors else:)
Some programs, which was using for tests:
- xmplay (thx bart)
- Cruehead Crackme1
- hexedit Geoffrey Prewett
- Lit 1.21 Marek Szyku翅
- RegCleaner4.3 by Juoni Vuorio
- CloneCD 5.2.6.1
- Winamp 5.08d
- WinIso v5.3
- WinRar 3.4
UnKK 1.0 – Unpacker for kkrunchy 0.23a2 +src August 2, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
VM Unpacker1.5 July 31, 2008
Posted by reversengineering in TOOLS, UNPACKERS.2 comments
VM Unpacker 1.5
DownloadLink: http://rapidshare.com/files/133785241/VM_Unpacker_1.5.rar
WinUpack KiLLeR 0.1 July 31, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
its rus tool
WinUpack_KiLLeR 0.1 by flashback
_wWw.Fba2008.land.ru
_http://letitbit.net/download/48fd57784448/WinUpack-KiLLeR.7z.html
4 new mup of Joker_Italy July 7, 2008
Posted by reversengineering in UNPACKERS.add a comment
4 new mup of Joker_Italy uPack Mutanter 0.1 (Unpacking) DownloadLink: http://rapidshare.com/files/127806808/uPack_Mutanter_0.1__Unpacking_.rar ———————————————————————————————- XComp 0.98 (Unpacking) DownloadLink: http://rapidshare.com/files/127807014/XComp_0.98__Unpacking_.rar ———————————————————————————————- Snoop Crypt 1.0 (Unpacking) DownloadLink: http://rapidshare.com/files/127807217/Snoop_Crypt_1.0__Unpacking_.rar ———————————————————————————————- UnOpix Scrambler 1.10 (Unpacking) DownloadLink: http://rapidshare.com/files/127807786/UnOpix_Scrambler_1.10__Unpacking_.rar ———————————————————————————————-
Armageddon v1.33 by CondZero June 2, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
June 2008 – v1.3.3
+ hotfix to resolve strategic code splicing issue
for last inactive MOV EDI,EDI instructions and
issue a warning message
(340.91 KB)
direct link:
http://arteam.accessroot.com/releases/dl.php?id=35
or
http://letitbit.net/download/e98a84284105/Armageddon-v133-by-CondZero.rar.html
Armageddon v 1.3.2 BY CondZero May 22, 2008
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
+ hotfix to resolve nanomites
+ relocate base address of Nanolib.dll
===========================================
May 2008 – v1.3.1
+ hotfix to resolve CreateProcess API problem
in Nanolib.dll for target work directory
Armadillo Crc Finder V1.4 + AoRE Unpacker 0.4 May 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.3 comments
v1.4.1 [05/07/08]
- Some code changed.
05/18/2008
- IAT’s bug fixed
http://letitbit.net/download/6c6f70619178/AoRE-Unpacker-0.4.rar.html
ArmaGeddon 1.3 May 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
May 2008 – v1.3
+ resolve relocations for dll files (Nacho_dj)
+ added new option to minimize the size of a dumped file (Nacho_dj)
Particulary useful for Shockwave Flash + applications that make use of an overlay. Of course this will also rebuild a normal target’s PE structure.
+ improved import rebuilder v1.1.2 (Nacho_dj)
+ added new option to “Resolve” nanomite INT3 instructions with their original
jmp instructions and patch directly to the dumped target. Requires use of the nanomite “Analyze” + “Log” options. Note: you can also elect to resolve nanomites directly to a target process’s memory if you elect to detach!!
+ integrated Admiral’s Strategic Code Splicing removal engine into the tool.
This is now the (default) behaviour and can be overridden with new option to
redirect CS (code splices) instead
+ new option to dump / decrypt / decompress the .pdata section to a binary file
+ new option to detach from a process (choose: DebugBlocker or CopyMemII)
+ resolve problem for ArmAccess dll function:Installkey missing error msg
+ add support for UPX compressed single process targets
+ new option to change your Standard / Enhanced Hardware Fingerprint ID
+ resolve some minor bugs
===========================================
March 2008 – v1.2g [gabor edition]
+ add warning message for OEP call return VA not from Armadillo VM
Note: Informational, not usually relevant for dll’s or exe’s with copymem2,
but may be useful for troubleshooting invalid OEP’s resulting
from custom implementations and/or packing / compressing of a file
prior to being protected by Armadillo
+ fix problem with copymem2 search string error
+ fix problem with createdump on error
===========================================
March 2008 – v1.2
+ improved PE section name resolution for internal use (thank’s Ghandi)
+ improved ARTeam Import Reconstructor v1.2
===========================================
February 2008 – v1.1
+ added dll support (dll loader.exe)
+ added option “Use OpenMutext trick” to force a single process. Use only if normal “debug blocker” processing fails. This would occur when a parent process launches the child process, but doesn’t debug the child process (i.e. use the WaitForDebugEvent API)
+ improve IAT elimination functionality
+ includes updated ARTeam Import Reconstructor
===========================================
February 2008 – v1.0 (initial release)
Born – 11/13/2007
http://letitbit.net/download/4fa2c3821802/Armageddon-v13-by-CondZero.rar.html
Aspr2.XX unpacker 1.14a (2008-05-19) May 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.5 comments
Aspr2.XX unpacker 1.14 (2008-05-17) by Volx May 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
———-
1.00
First release.
1.10
1. Occasionally crash when fixing initialization table of Delphi apps.
2. IAT rebuild for an early version of Asprotect.
3. Add one more crc check pattern.
4. Add one more Asprotect API emulation.
1.11
IAT rebuild is incomplete when the address of the API caller is beyond first section of the app.
1.12
With some version of ODBGscript it occasionally fails to locate the OEP.
1.13
1. With ODBGscript v1.63 or above it fails to fix initialization table of Delphi apps.
2. Support a newer Asprotect whose stolen code type definition is different.
1.14
1. Script runs on ODBGscript v1.64 or above only.
2. Modification of fixing CRC check point.
3. Failed to locate OEP of proggie packed with verison 1.4x
4. Unhide the Asprotect API used in proggie packed with version 1.4x.
5. If std function can’t find a match, they will be copied to .aspr section just like other stolen code.
6. Other bugs fix.
1.2
Add the ability to fix VM code.
**Modification needed before usage**
Copy the Asprvm8s.bin into a folder you want , then use text editor to modify this part of the script
lab78_1:
log VMcodeloc
lm VMcodeloc, 4000, “d:\Asprvm8s.bin” —> modify this line
if Asprvm8s.bin is copied under the folder c:\script the above command should be chnaged as
lm VMcodeloc, 4000, “C:\script\Asprvm8s.bin”
AoRE Unpacker 0.3 May 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.add a comment
AoRE Unpacker is for unpacking simple packers, so far it supports the following:
!EP (EXE_Pack) 1.2
ASPack v2.12
AverCryptor 1.0
DexCrypt 2.0
eXPressor 1.2.0/1.3.0.1
MEW_1.1
Molebox 2.2.4
NsPack 2.9/3.0/3.3/3.4/3.6/3.7
PeCompact 1.30/1.50/1.84
UPX 1.25/1.91/2.00/2.01/2.02/2.90/3.00/3.01
and much more
http://letitbit.net/download/e65c6755738/AoRE-Unpacker-0.3.rar.html
TheMida/winlicense unpaker 2 by okdodo May 19, 2008
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
All Armadillo tools 2008-04-05 April 5, 2008
Posted by reversengineering in TOOLS, UNPACKERS.1 comment so far
All Armadillo tools updated till now 2008-04-05
ARMA.INTRUDER.0.4
ARMACRC.V1
ARMADETACH.V1
ARMADETACHME
ARMADILLO FIND PROTECTED V1
ARMADILLO KILLER 2
ARMADILLO REDUCER 1.7
ARMADILLO.DLL&OCX
ARMADILLO.SECTIONS.STRIPPER.1.22
ARMADILLO_KEY_GENERATOR 1
ARMADILLOCLEANER
ARMADILLOTOOLS V1.2
ARMADUMPER.V1
ARMAEV
ARMAUNPACK
ARMINLINE V0
DEATTACHER
HWID_CHANGER V.0
LOADER-10
MM_DILLODIE_V1
NANOMITES.KILLER.BY
UIF-FINAL-PLUS
UIF-V1.2stable
UNARM
ArmaGeddon v1.1.0 by Condzero
ArmaGeddon V1.2g by Condzero
ArmInline v0.96f (Eng)
ArmKiller v1.2.1 Tool by TLG_XQuader
PEunLOCK 0.9 April 2, 2008
Posted by reversengineering in TOOLS, UNPACKERS.2 comments
+ fix code redirection delta
Quick Unpack v2.1 April 2, 2008
Posted by reversengineering in TOOLS, UNPACKERS.3 comments
———————–
v2.1
[!] fixed many bugs like crash on some applications while restoration of resources
[!] multithreaded applications are now handled properly
[+] added ability to set end of module when tracing import functions. When a reference to import is found it’s analysed if it leads to some space outside of the module (not to trace some internal functions). But some packers redirect import to the last section. This option is intended to aid this problem. This is RVA
[+] added ability to put import table at given RVA instead of adding extra section
[+] added ability to set RDTSC delta for RDTSC hook (see more on rdtsc_delta in Scripts.eng.txt)
[+] Load libraries only option added to import recovery methods. this option doesn’t actually recover import it just puts 1 import function from every loaded DLL into the import table. thus dump will be loaded with all the necessary libraries and will use old addresses for import functions which were set by a protector. this option can be used if import redirection is too complicated but the dump will stop working after service pack or some other patch installation
[+] Execute functions while tracing import option is added. by default while tracing import functions are not executed but some protectors need result of these functions to operate correctly so this option can be used
[+] Process call xxx/jmp xxx option is added. some protectors change import calls and jumps from call [xxx]/jmp [xxx] to call xxx/jmp xxx. this option is intended to work also with these redirections
[+] added several new functions and variables for the scripts
[+] UsAr’s generic OEP finder now supports DLLs
[+] new Vista manifest added
