From Collaborative RCE Tool Library

Jump to: navigation, search

OEP Finders


Tool name: ACProtect 2.0 OEP Finder + IAT Repair OllyScript
Rating: 0.0 (0 votes)
Author: ColdFever                        
Website: N/A
Current version:
Last updated: February 10, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: ACProtect 2.0 OEP Finder + IAT Repair
Also listed in: OllyScript Scripts, IAT Restore Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ASProtect 1.3x - 2.xx OEP Finder OllyScript
Rating: 0.0 (0 votes)
Author:                         
Website: N/A
Current version: 0.1
Last updated: September 26, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: ASProtect 1.3x - 2.xx OEP Finder
Also listed in: OllyScript Scripts
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Armadillo 5.xx OEP Finder OllyScript
Rating: 0.0 (0 votes)
Author: Fly                        
Website: N/A
Current version:
Last updated: September 20, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Armadillo 5.xx OEP Finder (Standard Protection + Debug Blocker)
Also listed in: OllyScript Scripts
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OepFinder
Rating: 3.0 (1 vote)
Author: deroko of ARTeam                        
Website: http://deroko.phearless.org
Current version: X.Y.Z
Last updated: March 10, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Generic Oep finder, uses PAGE_GUARD to locate good range. Supports debugging using win32 debug subsystem, and nonintrusive traceing.
Also listed in: Non-Intrusive Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Pokas x86 Emulator for Generic Unpacking
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://sourceforge.net/projects/x86emu/
Current version: 1.2.0 and 1.21 visual C++
Last updated: December 28, 2012
Direct D/L link: http://sourceforge.net/projects/x86emu/files/1.2.0/x86emu-1.2.rar/download
License type: GPL
Description: Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon with the help of your feedback.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, Disassemblers, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: xTracer
Rating: 0.0 (0 votes)
Author: deroko                        
Website: http://www.accessroot.com/arteam/site/download.php?view.309
Current version: 1.0
Last updated: May 25, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: xtracer is TLB memory tracer. It tries to locate first break in code section of traced process using split TLB which is available in intel architecture.
This code can be used to locate OEP of traced process easily. Currently only 1st break is reported, but you may modify code to handle more breaks as that's not a problem at all if you go trough ring3 program which actually controls driver. You may expect to get very good and fast results no matter which protection you are tracing. Time needed to locate OEP is equal to the time needed to execute protection layer without debugger, nor any tracer.

I hope that you will enjoy this fine release from ARTeam, as we only try to bring quality releases to the RCE community. Of course, full source is included for learning purposes (code and tool released under GPL 3.0).

Code can be customized to handle various scenarios. Eg. add more breaks on code sections, hooking more some native calls to keep control of almost every allocated buffers, but that's up to the user to implement if he needs it.

To use this code simply type:

xtracer.exe <applicaton to trace>

wait a little bit. Also note that you must have internet connection as code is using my SymbolFinder class to locate some symbols from ntoskrnl.exe which makes this code compatible with windows versions from win2k to Vista SP1.
Also listed in: Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)