From Collaborative RCE Tool Library

Jump to: navigation, search

Memory Patchers


Tool name: dUP
Rating: 5.0 (2 votes)
Author: diablo2oo2                        
Website: https://web.archive.org/web/20121227223736/http://diablo2oo2.di.funpic.de/dup.html
Current version: 2.26.1
Last updated: December 21, 2012
Direct D/L link: Locally archived copy
License type: Free
Description: diablo2oo2's Universal Patcher - [dUP]

Probably the most capable patcher/loader creator out there...

Some recent version history

[2.26.1]
-bugfix in [text patch] module
-bugfix: plugins did not work with "/silent" paramenter
-bugfix: patching used files did not work with "/silent" paramenter

[2.26]
-added large file support for search & replace module
-patchercode now is stored in a DLL
-updated BeaEngine.dll (4.1 rev 172)
-fixed: backup files for [attached file] module
-added new filetime plugin
-added new log message plugin
-added new backup switch plugin
-added new find next file plugin
-fixed: patcher with plugins now can be packed
-new option to run patcher after creation
-new query option in [file check] module: check for write access
-show jump destination of [event] module in patchdata list
-fixed crash when open dUP2 project with large filename
-auto backup unsaved projects
-improved save system
-minor fixes

[2.25]
-bugfix: open files in sharemode
-new disassembler engine: BeaEngine
-improved search & replace comparison
-plugin dlls are loaded now on patcher startup
-updated plugin development kit
-added option to turn off backup by default

[2.24]
-improved compatibility for windows 2000
-usage of reg.exe instead of regedit.exe for registry patching
-added regular expressions (PCRE) support to [Text Patch] module
-added regular expressions (PCRE) support to [Registry Check] module
-added new plugin "Check Windows Version"

[2.23]
-fixed music playback bug
-fixed bug: open *.dUP2 files with dup2.exe
-fixed bug: crash when option "do not check original bytes" is enabled
-fixed bug: commandline parameter "/startupworkdir" did not work
-any bytepattern format will be accepted when it is pasted
-added plugin support
-added ASLR support
-added DLL patching support for the loader

[2.22]
-added console output for patcher
-fixed bug in "silent" mode
-fixed bug when using "multi-wildcard-mode"
-new option to fix the CheckSum in PE Header after patching
-more detailed patchlog
-removed "xmstrip"
-added console command (/setvar) for setting %dup2_cmd_var%
-new logo (thank you kr8Vity!)
-new menu structure

[2.21]
-new option to keep original file time and date
-new option to disable the WOW64 File System Redirector (for 64 Bit Patching)
-new option to import multiple file attachments
-new: tooltip for bytepattern shows now also the ASCII text of the bytepattern
-bugfix: inline patching should now also work on windows 7
-bugfix: improved inline patching method
-text patch: single wildcards (?) will not be cut out any longer at end and begin of the 'Find Text'
-added new "Registry Check" module
-improved access to 64 Bit registry (small bugfix)
-improved menu structure of dup2 gui (adding patchdata is now easier)
-bugfix: crash when open project

[2.20]
-added wildcard support for textpatch module
-windowresize bugs fixed
-minimize patcherwindow with rightmouseclick
-added new "Event" module for patcher. Now you can programm your patcher!
-added new "File Check" module for patcher
-bugfixes in textpatch module
-bugfix: executing attached files
-bugfix: problem with nested environment variables
-bugfix: tooltips will be shown without flicker effect on windows 7
-bugfix: increased pattersize limit for search & replace compare module
-fix: remove quotation marks from paths when reading fom registry

[2.19]
-new "Text-Patch" module !
-bugfix in s&r compare module
-other bugfixes from v2.18
-added linkcursor in patcherwindow
-registry editor now can import v5 reg files
-faster scrolltext engine
-better scrolltext font management
-new function: import long hexpatterns in offset-patch-dialog
-fixed loader_installer bug
-added support for relative paths (subfolders) for the targetfiles
-search & replace comments bugfix
-loader: registrypatcher bugfix
-added new internal environment variable: %dup2_last_path%
-skincontrols now can have transparent backgroundcolor (FFFFFFFF)
-now you can execute multiple search&replace loaders from same directory

[2.18]
-replaced WinExec API by ShellExecute for Windows Vista
-bugfix in Dialog for editing S&R Pattern Occurrence
-added check for skin button IDs
-improved window resizing engine
-added option "trim to path" for Registry Paths
-loader can save now targetfilepath to inifile when its not in same folder
-added TitchySID player for .sid file playback
-added new option for attached files: overwrite existing file
-added support for disabled patch button skin
-added multilanguage support
-fixed bug with tooltip width. long hexpatterns are displayed now in multiple lines
-compiled with new MASM v10
-bugfix when executing attached files
-bugfix for resource (skin) updater
-strings for patcher.exe can be modifed now inside a skin

[2.17]
-improved dup2 plugin for ollydbg v1.10
-long comments for search&replace patchdata now possible
-new v2m player (vista compatible) from http://magic.shabgard.org
-use targetfile information from s&r dialog in CheckOccurrence Dialog
-added function "back to releaseinfo" in patcher logbox
-bug fixed on vista systems with music playback
-"patch" button will be disabled after patching
-some fixes in projectconverter (for old v1.x dup projects)
-changed handling with unresolved environment variables
-original bytes not saved to compiled patcher when
"dont't check original bytes" option is enabled
-fixed bug when saving columnswidth of listviews
-new for Attached File: delete file after execute
-new for Attached File: wait for process
-added support for PECompact (optional commandline settings)
-manifest in resource is now avaible by default
-patcher: last used filepath will be stored inside %dup2_last_file% environment variable
-removed the ugly "flicker"-effect on bitmap buttons
-improved dumping (open projects from patcher.exe)
-advanced registry patching (usage of placeholders)
-changes in bitmapbutton code (please only use new
button names: BTN_PATCH_OVER ...)
-added fade in/out effect for patcher
-problem with the patchers topmost windows fixed
-removed option from settings dialog: dup file association
-important bugfix in loadercode (patching of protected memory)
-added option for registry patches: resolve environment variables
-fixed bug for musicplayback with bassmod.dll
-added textscroller feature
-fill patchinfdialog with default info only when new project is created
-and many more...
Also listed in: Loader Generators, Patch Packaging Tools, Patcher Generators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 0.9.7
Last updated: March 3, 2014
Direct D/L link: http://www.radare.org/get/radare2-0.9.7.tar.xz
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rohitab API Monitor
Rating: 5.0 (1 vote)
Author: Rohitab Batra                        
Website: http://www.rohitab.com/apimonitor
Current version: v2 (Alpha-r13)
Last updated: March 14, 2013
Direct D/L link: http://www.rohitab.com/downloads
License type: Freeware
Description: API Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

* Supports monitoring of 32-bit and 64-bit applications and services
* API Definitions for over 15,000 API’s from 200 DLL’s and over 17,000 methods from 1,800+ COM Interfaces (Shell, Web Browser, DirectShow, DirectSound, DirectX, Direct2D, DirectWrite, Windows Imaging Component, Debugger Engine, MAPI etc)
* Decode and display 2000 different structures and unions, 1000+ Enumerated data types, 800+ flags. Buffers and arrays within structures can also be viewed
* Display input and output buffers
* Call Tree display which shows the hierarchy of API calls
* Decode Parameters and Return Values
* Control the target application by setting breakpoints on API calls
* Instant monitoring of any API from any DLL without requiring any definitions
* Memory Editor that lets you view, edit and allocate memory in any process
* Dynamic Call Filtering capabilities which allows you to hide or show API calls based on a certain criteria
* Supports monitoring of COM Interfaces
* Decode error codes and display friendly messages by calling an appropriate error function to retrieve additional information about the error
* Capture and view the call stack for each API call
* Custom DLL Monitoring - Supports creating definitions for any DLL or COM Interface
* Support for filtering calls by threads
* Displays the duration for each API call
* Process detection and notification
Also listed in: API Monitoring Tools, COM Monitoring Tools, File Monitoring Tools, Memory Dumpers, Monitoring Tools, Network Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: THYloadergen
Rating: 5.0 (1 vote)
Author: veyl/THY                        
Website: N/A
Current version: 0.6
Last updated: March 6, 2010
Direct D/L link: Locally archived copy
License type: creditware
Description: features:
* memory patch packed targets (except process redirected ones, like armadillo debugblocker)
* patch:VA (patch at a virtual address)
* patch:SnR (patch by search&replace)
* hookAPI (specify an API call that is executed after target is fully unpacked. hit count can be specified)
* hookVA (specify a VA that is executed after target is fully unpacked. hit count can be specified)
* wnd (specify a window that is created after target is fully unpacked)
* inject a dll into the process to have the possibility to include more complex stuff than the patching provided. (no live injecting, as this is a loader)
* optional splash screen at startup (pic can be specified, aswell as the transparency)


veyl/THY, MAR/2010
Also listed in: Code Injection Tools, Loader Generators, Patch Packaging Tools, Patcher Generators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinHex
Rating: 4.5 (2 votes)
Author: Stefan Fleischmann                        
Website: http://www.x-ways.net/winhex
Current version: 15.6
Last updated: March 1, 2010
Direct D/L link: http://www.x-ways.net/winhex.zip
License type: Shareware
Description: WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include (depending on the license type):

* Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash, ...
* Native support for FAT, NTFS, Ext2/3, ReiserFS, Reiser4, UFS, CDFS, UDF
* Built-in interpretation of RAID systems and dynamic disks
* Various data recovery techniques
* RAM editor, providing access to physical RAM and other processes' virtual memory
* Data interpreter, knowing 20 data types
* Editing data structures using templates (e.g. to repair partition table/boot sector)
* Concatenating and splitting files, unifying and dividing odd and even bytes/words
* Analyzing and comparing files
* Particularly flexible search and replace functions
* Disk cloning (under DOS with X-Ways Replica)
* Drive images & backups (optionally compressed or split into 650 MB archives)
* Programming interface (API) and scripting
* 256-bit AES encryption, checksums, CRC32, hashes (MD5, SHA-1, ...)
* Erase (wipe) confidential files securely, hard drive cleansing to protect your privacy
* Import all clipboard formats, incl. ASCII hex values
* Convert between binary, hex ASCII, Intel Hex, and Motorola S
* Character sets: ANSI ASCII, IBM ASCII, EBCDIC, (Unicode)
* Instant window switching. Printing. Random-number generator.
* Supports files >4 GB. Very fast. Easy to use. Extensive online help.
Also listed in: Binary Diff Tools, Hex Editors, Memory Dumpers, Memory Search Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cheat Engine
Rating: 0.0 (0 votes)
Author: Dark Byte/Eric Heijnen                        
Website: http://www.cheatengine.org
Current version: 6.4
Last updated: June 19, 2014
Direct D/L link: http://www.cheatengine.org/download/CheatEngine64_NoSetup.rar
License type: APL (Open Source)
Description: Cheat Engine, also known as CE, is an open source and free software, most commonly used for cheating in games using a hex memory searcher and editor to allow people to modify memory addresses. It is currently the most popular cheating software used today. CE has influenced a lot of online games (although it does not work on most any more), as it is open source and can be modified to their needs. This program resembles L. Spiro's MHS, Tsearch, and ArtMoney. It searches for values input by the user with a wide variety of options such as "Unknown Initial Value" and "Decreased Value" scans. Cheat Engine can also create standalone trainers which function on their own without Cheat Engine.

Cheat Engine can also view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition. It also has some Direct3D manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse for you to get a certain texture into the center of the screen. This is commonly used to create Aimbots.
Also listed in: Memory Search Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MHS (Memory Hacking Software)
Rating: 0.0 (0 votes)
Author: L. Spiro                        
Website: http://memoryhacking.com/index.php
Current version: 6.1
Last updated: December 5, 2009
Direct D/L link: http://mhs.mpcforum.com/MHS6.1.rar
License type: Free
Description: MHS is a utility for searching, viewing, and modifying the RAM of other processes, and for disassembling and debugging other processes.

MHS sports the fastest and most efficient searches available, an advanced, colorful, and easy-to-use real-time Hex Editor, a Debugger with unique features, a Disassembler, and an extensive scripting language (L. Spiro Script) yielding unlimited potential.

The array of tools offered in MHS can make hacking any game easy.

Here is a compact list of tools and features:

Searching
Data-Type Searches
Fastest searches available.
Search for types char, byte, short, unsigned short, int, long, unsigned long, 64-bit integer, float, and double.
Search for exact values, values not equal to, ranges, greater than, less than, and unknown.
Group Searches
Find unordered sets of data.
Find relative lists of data.
String Searches
Find hex strings, ASCII strings, Unicode strings, Wildcard strings, and Regular-Expression strings.
Boyer Moore Algorithm for fast searching.
Pointer Searches
Fastest search possible.
Quickly find both static and dynamic pointers.
Script Searches
The most powerful searches possible.
You have full control over what values are found during a search.
Able to replicate all search types available in all software, now and forever.
All addresses shown after a search and without delay; no need to view “only the first 100” returns.
Converter
Convert from any type to any other type, both big and little endian.
RAM Watcher
View the RAM of the target process in real-time.
Multiple display types shown simultaneously.
Real-Time Expression Evaluator
Evaluates even the most complex of expressions.
Shows expression results in real-time; especially useful for following changing pointer locations or changing expressions.
Hex Editor
Edit files and RAM.
Files open instantly, regardless of size, and RAM is shown in real-time.
Multiple display types show you RAM and files in characters, bytes, shorts, ints, floats, doubles, and more.
Full undo/redo.
Many options and full customization.
Debugger
Breakpoint functionality can be assigned by the user, and breakpoints can call user-defined script functions for the ultimate do-what-you-want.
Hardware breakpoints.
Read/write software breakpoints (watchpoints).
The Debugger issues debugging events that can be handled by scripts, allowing the user to perform any and all operations he or she desires at key times during debugging.
Disassembler
Shows names of known functions.
Logging (to be finished).
Addresses of all imported/exported functions shown.
Auto-Hack shows you every read, write, or access to an address, and extremely advanced features will be coming soon (automatic back-tracking down to the root pointer).
Exlanations of ASM instructions are provided in real-time, explaining what each instruction is going to do and offering previews of the results.
Process threads are updated in real-time and useful information about them is displayed.
Injection Manager
Complete and feature-rich injection suite.
Code caves can be found automatically, defined by the user, or created.
Code preview shows you the code before injecting.
Automatically adds the JMP back to the original code and adds the overwritten code to the code cave.
Injections are automatically saved, and options allow to inject automatically when the process is reloaded later.
Automatic injections are always safe; injections are verified before being automatically injected.
Script Editor
Syntax coloring.
Code folding.
Functions listed and easily navigated.
Hotkeys
Many assignable keys and functions.
Two hotkey implementations in case the game blocks one or the other.
Stability
MHS is extremely stable. Currently there are no known issues.
But the biggest feature in MHS is that it is constantly updated.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Needs New Category  (3)