From Collaborative RCE Tool Library

Jump to: navigation, search

Memory Patchers


Tool name: dUP
Rating: 5.0 (2 votes)
Author: diablo2oo2                        
Website: http://diablo2oo2.di.funpic.de/dup.htm
Current version: 2.24
Last updated: September 30, 2011
Direct D/L link: http://diablo2oo2.di.funpic.de/downloads/dup2.rar
License type: Free
Description: diablo2oo2's Universal Patcher - [dUP]

Probably the most capable patcher/loader creator out there...

Some recent version history
[2.24]
-improved compatibility for windows 2000
-usage of reg.exe instead of regedit.exe for registry patching
-added regular expressions (PCRE) support to [Text Patch] module
-added regular expressions (PCRE) support to [Registry Check] module
-added new plugin "Check Windows Version"

[2.23]
-fixed music playback bug
-fixed bug: open *.dUP2 files with dup2.exe
-fixed bug: crash when option "do not check original bytes" is enabled
-fixed bug: commandline parameter "/startupworkdir" did not work
-any bytepattern format will be accepted when it is pasted
-added plugin support
-added ASLR support
-added DLL patching support for the loader

[2.22]
-added console output for patcher
-fixed bug in "silent" mode
-fixed bug when using "multi-wildcard-mode"
-new option to fix the CheckSum in PE Header after patching
-more detailed patchlog
-removed "xmstrip"
-added console command (/setvar) for setting %dup2_cmd_var%
-new logo (thank you kr8Vity!)
-new menu structure

[2.21]
-new option to keep original file time and date
-new option to disable the WOW64 File System Redirector (for 64 Bit Patching)
-new option to import multiple file attachments
-new: tooltip for bytepattern shows now also the ASCII text of the bytepattern
-bugfix: inline patching should now also work on windows 7
-bugfix: improved inline patching method
-text patch: single wildcards (?) will not be cut out any longer at end and begin of the 'Find Text'
-added new "Registry Check" module
-improved access to 64 Bit registry (small bugfix)
-improved menu structure of dup2 gui (adding patchdata is now easier)
-bugfix: crash when open project

[2.20]
-added wildcard support for textpatch module
-windowresize bugs fixed
-minimize patcherwindow with rightmouseclick
-added new "Event" module for patcher. Now you can programm your patcher!
-added new "File Check" module for patcher
-bugfixes in textpatch module
-bugfix: executing attached files
-bugfix: problem with nested environment variables
-bugfix: tooltips will be shown without flicker effect on windows 7
-bugfix: increased pattersize limit for search & replace compare module
-fix: remove quotation marks from paths when reading fom registry

[2.19]
-new "Text-Patch" module !
-bugfix in s&r compare module
-other bugfixes from v2.18
-added linkcursor in patcherwindow
-registry editor now can import v5 reg files
-faster scrolltext engine
-better scrolltext font management
-new function: import long hexpatterns in offset-patch-dialog
-fixed loader_installer bug
-added support for relative paths (subfolders) for the targetfiles
-search & replace comments bugfix
-loader: registrypatcher bugfix
-added new internal environment variable: %dup2_last_path%
-skincontrols now can have transparent backgroundcolor (FFFFFFFF)
-now you can execute multiple search&replace loaders from same directory

[2.18]
-replaced WinExec API by ShellExecute for Windows Vista
-bugfix in Dialog for editing S&R Pattern Occurrence
-added check for skin button IDs
-improved window resizing engine
-added option "trim to path" for Registry Paths
-loader can save now targetfilepath to inifile when its not in same folder
-added TitchySID player for .sid file playback
-added new option for attached files: overwrite existing file
-added support for disabled patch button skin
-added multilanguage support
-fixed bug with tooltip width. long hexpatterns are displayed now in multiple lines
-compiled with new MASM v10
-bugfix when executing attached files
-bugfix for resource (skin) updater
-strings for patcher.exe can be modifed now inside a skin

[2.17]
-improved dup2 plugin for ollydbg v1.10
-long comments for search&replace patchdata now possible
-new v2m player (vista compatible) from http://magic.shabgard.org
-use targetfile information from s&r dialog in CheckOccurrence Dialog
-added function "back to releaseinfo" in patcher logbox
-bug fixed on vista systems with music playback
-"patch" button will be disabled after patching
-some fixes in projectconverter (for old v1.x dup projects)
-changed handling with unresolved environment variables
-original bytes not saved to compiled patcher when
"dont't check original bytes" option is enabled
-fixed bug when saving columnswidth of listviews
-new for Attached File: delete file after execute
-new for Attached File: wait for process
-added support for PECompact (optional commandline settings)
-manifest in resource is now avaible by default
-patcher: last used filepath will be stored inside %dup2_last_file% environment variable
-removed the ugly "flicker"-effect on bitmap buttons
-improved dumping (open projects from patcher.exe)
-advanced registry patching (usage of placeholders)
-changes in bitmapbutton code (please only use new
button names: BTN_PATCH_OVER ...)
-added fade in/out effect for patcher
-problem with the patchers topmost windows fixed
-removed option from settings dialog: dup file association
-important bugfix in loadercode (patching of protected memory)
-added option for registry patches: resolve environment variables
-fixed bug for musicplayback with bassmod.dll
-added textscroller feature
-fill patchinfdialog with default info only when new project is created
-and many more...
Also listed in: Loader Generators, Patch Packaging Tools, Patcher Generators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: radare
Rating: 5.0 (1 vote)
Author: pancake                        
Website: http://www.radare.org
Current version: 0.7
Last updated: March 8, 2011
Direct D/L link: http://www.radare.org/get/radare2-0.7.tar.gz
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, x86_64, mips, arm, sparc, csr, m68k, powerpc and java.

The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls.

The debugger and disassembler has a code analysis module for various architectures. The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so) and much more.

See website for more details
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Rohitab API Monitor
Rating: 5.0 (1 vote)
Author: Rohitab Batra                        
Website: http://www.rohitab.com/apimonitor
Current version: v2 (Alpha-r9)
Last updated: December 1, 2011
Direct D/L link: http://www.rohitab.com/downloads
License type: Freeware
Description: API Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.

* Supports monitoring of 32-bit and 64-bit applications and services
* API Definitions for over 11,000 API’s from 181 DLL’s and over 14,000 methods from 1100+ COM Interfaces (Shell, Web Browser, DirectShow, DirectSound, DirectX, Direct2D, DirectWrite, Windows Imaging Component, Debugger Engine, MAPI etc)
* Decode and display 2000 different structures and unions, 1000+ Enumerated data types, 800+ flags. Buffers and arrays within structures can also be viewed
* Display input and output buffers
* Call Tree display which shows the hierarchy of API calls
* Decode Parameters and Return Values
* Control the target application by setting breakpoints on API calls
* Memory Editor that lets you view, edit and allocate memory in any process
* Dynamic Call Filtering capabilities which allows you to hide or show API calls based on a certain criteria
* Supports monitoring of COM Interfaces
* Decode error codes and display friendly messages by calling an appropriate error function to retrieve additional information about the error
* Capture and view the call stack for each API call
* Custom DLL Monitoring - Supports creating definitions for any DLL or COM Interface
* Support for filtering calls by threads
* Displays the duration for each API call
Also listed in: API Monitoring Tools, COM Monitoring Tools, File Monitoring Tools, Memory Dumpers, Monitoring Tools, Network Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: THYloadergen
Rating: 5.0 (1 vote)
Author: veyl/THY                        
Website: N/A
Current version: 0.6
Last updated: March 6, 2010
Direct D/L link: Locally archived copy
License type: creditware
Description: features:
* memory patch packed targets (except process redirected ones, like armadillo debugblocker)
* patch:VA (patch at a virtual address)
* patch:SnR (patch by search&replace)
* hookAPI (specify an API call that is executed after target is fully unpacked. hit count can be specified)
* hookVA (specify a VA that is executed after target is fully unpacked. hit count can be specified)
* wnd (specify a window that is created after target is fully unpacked)
* inject a dll into the process to have the possibility to include more complex stuff than the patching provided. (no live injecting, as this is a loader)
* optional splash screen at startup (pic can be specified, aswell as the transparency)


veyl/THY, MAR/2010
Also listed in: Code Injection Tools, Loader Generators, Patch Packaging Tools, Patcher Generators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinHex
Rating: 4.5 (2 votes)
Author: Stefan Fleischmann                        
Website: http://www.x-ways.net/winhex
Current version: 15.6
Last updated: March 1, 2010
Direct D/L link: http://www.x-ways.net/winhex.zip
License type: Shareware
Description: WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include (depending on the license type):

* Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash, ...
* Native support for FAT, NTFS, Ext2/3, ReiserFS, Reiser4, UFS, CDFS, UDF
* Built-in interpretation of RAID systems and dynamic disks
* Various data recovery techniques
* RAM editor, providing access to physical RAM and other processes' virtual memory
* Data interpreter, knowing 20 data types
* Editing data structures using templates (e.g. to repair partition table/boot sector)
* Concatenating and splitting files, unifying and dividing odd and even bytes/words
* Analyzing and comparing files
* Particularly flexible search and replace functions
* Disk cloning (under DOS with X-Ways Replica)
* Drive images & backups (optionally compressed or split into 650 MB archives)
* Programming interface (API) and scripting
* 256-bit AES encryption, checksums, CRC32, hashes (MD5, SHA-1, ...)
* Erase (wipe) confidential files securely, hard drive cleansing to protect your privacy
* Import all clipboard formats, incl. ASCII hex values
* Convert between binary, hex ASCII, Intel Hex, and Motorola S
* Character sets: ANSI ASCII, IBM ASCII, EBCDIC, (Unicode)
* Instant window switching. Printing. Random-number generator.
* Supports files >4 GB. Very fast. Easy to use. Extensive online help.
Also listed in: Binary Diff Tools, Hex Editors, Memory Dumpers, Memory Search Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cheat Engine
Rating: 0.0 (0 votes)
Author: Dark Byte/Eric Heijnen                        
Website: http://www.cheatengine.org
Current version: 5.5
Last updated: April 1, 2009
Direct D/L link: http://www.heijnen1.demon.nl/CheatEngine55.exe
License type: APL (Open Source)
Description: Cheat Engine, also known as CE, is an open source and free software, most commonly used for cheating in games using a hex memory searcher and editor to allow people to modify memory addresses. It is currently the most popular cheating software used today. CE has influenced a lot of online games (although it does not work on most any more), as it is open source and can be modified to their needs. This program resembles L. Spiro's MHS, Tsearch, and ArtMoney. It searches for values input by the user with a wide variety of options such as "Unknown Initial Value" and "Decreased Value" scans. Cheat Engine can also create standalone trainers which function on their own without Cheat Engine.

Cheat Engine can also view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition. It also has some Direct3D manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse for you to get a certain texture into the center of the screen. This is commonly used to create Aimbots.

Cheat Engine 5.4 is currently in RC9 and is expected to be released before 2008.
Also listed in: Memory Search Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:Memory_Patchers"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (235)
   Categorized by Tool Type  (1195)
   Anti Anti Test Tools  (16)
   Assemblers  (19)
   Code Coverage Tools  (13)
   Code Injection Tools  (35)
   Code Ripping Tools  (2)
   Crypto Tools  (13)
   Data Extraction Tools  (24)
   Debuggers  (47)
   Decompilers  (27)
   Deobfuscation Tools  (16)
   Dependency Analyzer Tools  (5)
   Diff Tools  (44)
   Disassemblers  (65)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (39)
   Executable File Editors & Patchers  (92)
   Firefox Extensions  (3)
   GUI Manipulation Tools  (18)
   Hardware Reversing Tools  (24)
   Helper Tools  (3)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (13)
   Memory Data Tracing Tools  (7)
   Memory Patchers  (6)
   Memory Search Tools  (7)
   Monitoring Tools  (130)
   Network Tools  (19)
   Packers  (18)
   Patch Packaging Tools  (12)
   Profiler Tools  (11)
   Programming Libraries  (45)
   Regular Expression Tools  (3)
   Resource Editors  (13)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (9)
   Technical PoC Tools  (8)
   Test and Sandbox Environments  (22)
   Tool Extensions  (169)
   Tool Hiding Tools  (7)
   Tool Signatures  (17)
   Tracers  (19)
   Unpacking Tools  (80)
   Needs New Category