From Collaborative RCE Tool Library

Jump to: navigation, search

New or Updated Items - RCE Tools (including sub-categories)


RSS feed If you want to keep track of all these updates automatically, simply use this RSS feed instead!


Tool Updated: PPEE (puppy)

At: 2016-04-22 16:23:37

Listed in categories: .NET Executable Editors, Dependency Analyzer Tools, Entropy Analyzers, Exe Analyzers, Executable CRC Calculators, Executable File Editors & Patchers, Export Editors, Hex Editors, Import Editors, Malware Analysis Tools, PE Executable Editors, Relocation Tools, String Finders

Most recent version:
1.05

Most recent release date:
April 22, 2016

Description:
This is a professional PE file explorer that lets you dig into all data directories available in the PE/PE64 file and edit them.
Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.
A companion plugin is also provided to take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on.

Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details.

Puppy is free and tries to be small, fast, nimble and friendly as your puppy!

In new version:
- .Net assembly VtableFixup support
- Control Flow Guard support
- New highlighting scheme
- Treeview icon added
- Neater Listview
- Major bug fixes


Feel free to use it ;)



Tool Updated: Detect It Easy

At: 2016-03-23 09:48:13

Listed in categories: .NET Packers, Compiler Identifiers, Entropy Analyzers, Exe Analyzers, Linux Tools, Mac OS Tools, PE EXE Signature Tools, PE Executable Editors, Packer Identifiers, Tool Signatures

Most recent version:
1.01

Most recent release date:
March 23, 2016

Description:
Detect it Easy

Detect It Easy, or abbreviated “DIE” is a program for determining types of files.

“DIE” is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.

Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.

Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn\'t cause any special inconvenience. The possibilities of open architecture compensate these limitations.

DIE exists in three versions. Basic version (“DIE”), Lite version (“DIEL”) and console version (“DIEC”). All the three use the same signatures, which are located in the folder “db”. If you open this folder, nested sub-folders will be found (“Binary”, “PE” and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:

• MSDOS executable files MS-DOS

• PE executable files Windows

• ELF executable files Linux

• MACH executable files Mac OS

• Text files

• Binary all other files



Tool Updated: Interactive TCP Relay

At: 2016-03-03 13:55:41

Listed in categories: TCP Proxy Tools

Most recent version:
1.0

Most recent release date:
February 12, 2003

Description:
This application security test tool gives developers an environment for testing non-HTTP Client/Server applications, similar to that provided by interactive HTTP proxies. When started, ITR operates as a simple TCP tunnel, listening on a specific port, and forwarding all the traffic to the remote host and port. By configuring the client to treat the ITR as its server, all traffic between a client and a server can be tunneled and logged. The true power of ITR, however, lies in its ability to intercept and edit the traffic passing through it. When invoking intercept mode, the ITR stops every message sent through it (client to server and/or server to client). The traffic can then be edited freely using a built-in hex Editor, providing a comfortable environment for testing Client/Server applications. To provide support and compatibility for various systems, the ITR can operate both its logs and hex editor using different types of character encoding, such as ASCII or EBCDIC.



Tool Updated: MmBBQ

At: 2016-02-06 12:20:35

Listed in categories: Code Injection Tools, Debuggers, Disassemblers

Most recent version:
3.1.0RC1

Most recent release date:
October 16, 2014

Description:
mmBBQ injects an interactive codecaving Lua API into a win32 process. It is easy to use, there are no dependencies and only little knowledge is required. It was initially built to create APIs for MMORPGs. However it is fully generic and can attach to any kind of program. It can also inject into many protected processes, as it's meant to bypass some protective mechanisms. It offers debugging functionality, but not being a debugger itself makes it harder to detect.

It's easy to place any form of generic codecaves by using plain Lua code (LuaJIT C-Types). For Example:
codecave.inject(nil, getProcAddress("user32", "GetMessageA"), function(context) print("Hellow World Codecave") end)

It can also call arbitrary functions of the host process:
asmcall.cdecl(getProcAddress("user32", "MessageBoxA"), 0, "Hello World!", "Title", 0)

Aside that it includes a debugging and disassembly module, that can be used to script breakpoints. This can be useful when making packed .exe extractors etc.


64 bit support is underway. And further future maybe also a Linux and Mac version.



Tool Updated: LordCHEAT

At: 2016-02-04 22:26:03

Listed in categories: Memory Data Tracing Tools

Most recent version:
1.2.6

Most recent release date:
July 18, 2009

Description:
- Small & Powerfull Game Trainer
- Save & Load memory using simple script
- Read/Write memory using Hex Editor
- Support 16/32 bit Windows games, macromedia flash games, *emulator, etc
- Support Pointer to Pointer
- Support Plugins
- Memory monitor
- Can run under windows 98 up to *Vista
- etc.



Tool Added: MitM-VM + Trudy

At: 2016-02-04 12:53:02

Listed in categories: TCP Proxy Tools

Most recent version:

Most recent release date:
January 28, 2016

Description:
MitM-VM is a Vagrant virtual machine that can be used as a transparent proxy. For those who have not used Vagrant, deploying the virtual machine is very straightforward and the virtual machine will be configured to handle most proxying situations. A simplistic motivating example: before MitM-VM, I often used an OpenWRT router with tcpdump (or similar) to monitor the traffic of my target device. This works well in most cases, but suffers from two major issues: first, routers are equipped with inferior hardware when compared to my laptop; second, I now have two pieces of hardware to manage. MitM-VM can be configured to provide the same functionality as my multi-hardware setup. Aside from the added benefit of less physical hardware and better specifications, I now also have a fully-featured Debian box to handle my traffic. (I still love OpenWRT though!)

MitM-VM also installs and configures several utilities that can be used to monitor or modify traffic. MitM-VM’s documentation lists these tools.

---

Trudy is written in Golang and intended to be used within MitM-VM. Trudy is a transparent proxy that works for any TCP connection and allows for programmatic and manual modification of TCP packets. Trudy aims to be simple to configure, easy to install, and generic enough to provide value in unique situations.

It does this by creating a 2-way “pipe” for each connection it proxies. The device you are proxying (the “client”) connects to Trudy (but doesn’t know this) and Trudy connects to the client’s intended destination (the “server”). Traffic is then passed between these pipes. Users can create Go functions to mangle data between pipes.

To proxy TLS connections, the Trudy binary spins up a TLS server with an invalid certificate. Obviously, you will need a valid certificate or a client that does not validate certificates.

Trudy was designed for monitoring and modifying proxy-unaware devices that use non-HTTP protocols. If you want to intercept and modify HTTP(S) traffic, Burp Suite is probably the better option.



Tool Updated: MasmBasic

At: 2016-01-24 12:57:27

Listed in categories: Programming Libraries

Most recent version:
2015.12.31

Most recent release date:
December 31, 2015

Description:
MasmBasic is a library that allows to use BASIC syntax in assembler, i.e. it is not a "separate" language but rather a library of macros and routines, fully compatible with the latest Masm32 SDK (version 11), MASM (version 6.15 and higher, e.g. version 8.0) and JWasm . While MasmBasic is pretty stable, it is still Assembler, therefore the usual disclaimers apply - do not use for military purposes, in hospitals and anywhere else where buggy applications could cause damage. You have been warned :)

To install the library, double-click MbSetup.exe in the downloaded archive.

For an overview of the about 200 functions available, see \Masm32\MasmBasic\MbGuide.rtf (after extracting the archive of course) or see the (incomplete) MasmBasic Quick Reference online.

Latest additions: GetFiles returns UTF8 now, WebCam, GetProcessArray(), new GSL lib, Choose, fast MemSet, Instr_() and Sinus() , Data, Read, GuiXX functions, Split$, Join$, Filter$, commandline to Files$(), GfCallback, true Unicode, also in file I/O; UnzipFile, ArraySet, SetReg64 for 64-bit registry settings, ArrayMerge, Age(), GetRegArrays, unsigned LONGLONG in Str$(), ShEx, xls interface, ArrayPlot, AddWin$, WritePipe, Plugins, IsFolder(), wOpen, FileOpen$/FileSave$, also as Unicode versions, Extract$, Dialogs, COM support (CoInvoke, GuidsEqual(), IUnknown, VARIANT, ...), improved ANSI and Unicode commandline macros CL$()/wCL$(), improved xHelp, Launch$(), Try/Catch/Finally, ...

From June 2015 onwards, MasmBasic is Windows 8 compatible. From March 2015 onwards, float counters are valid in For_ ... Next. From 10 Feb 2015 onwards, xmm regs are preserved for all
MasmBasic commands. Note that simple Windows API calls can trash them on 64-bit versions of Windows.

Note that you need either JWasm (highly recommended) or at least ML.EXE version 6.15 to use the MasmBasic library; ML 6.14 (the old version that is included with the Masm32 SDK, see \Masm32\bin) is not sufficient, because MasmBasic contains SSE2 code.



Tool Updated: DynamoRIO

At: 2016-01-24 12:40:46

Listed in categories: Code Coverage Tools, Code Injection Tools, Debugger Libraries, Disassembler Libraries, Profiler Tools

Most recent version:
6.0.0.6

Most recent release date:
October 6, 2015

Description:
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.
DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.



Tool Updated: Ultra hash cracking tool

At: 2015-12-19 14:48:35

Listed in categories: Crypto Tools

Most recent version:
1.40

Most recent release date:
November 30, 2015

Description:
This cryptoanalytic tool is created for cracking one way hash function algorithms.
The program also can be useful as hash calculator.

Ultra supports following hash algorithms:

•CRC32
•MD5
•SHA1
•SHA256
•SHA512
•HAVAL-3-128
•HAVAL-4-128
•HAVAL-5-128
•HAVAL-3-160
•HAVAL-4-160
•HAVAL-5-160
•HAVAL-3-192
•HAVAL-4-192
•HAVAL-5-192
•HAVAL-3-224
•HAVAL-4-224
•HAVAL-5-224
•HAVAL-3-256
•HAVAL-4-256
•HAVAL-5-256
•NTLM
•RIPEMD128
•RIPEMD160
•TIGER
•SNEFRU-4-128
•SNEFRU-4-256
•SNEFRU-8-128
•SNEFRU-8-256
•LMHash
•Whirlpool
•CRC16-CCITT
•GOST
•MYSQL
•MYSQL5
•eD2k
•PANAMA
•SHA3-224
•SHA3-256
•SHA3-384
•SHA3-512
•KECCAK224
•KECCAK256
•KECCAK384
•KECCAK512
•MD4
•MD2
•SHA224
•SHA384
•BLAKE224
•BLAKE256
•BLAKE384
•BLAKE512




Program uses bruteforce with different charsets and also random attack.
Exclusive option of this software is also ultrafast dictionary attack.

Release notes:

Since November 23, 2015 version 1.39s is available and contains variable salt string edit box. This version is available on the Website.

Since version 1.38 the program accepts zero length messages also as a Max. value (Min. = 0; Max. =0) to generate only zero length message.

Since version 1.31 Ultra handles zero length messages in brute force options (All combinations).

Program is tested in Windows 7/8.1/10.



Tool Updated: ExeInfo PE

At: 2015-12-17 13:23:53

Listed in categories: .NET Tools, .NET Unpackers, Compiler Identifiers, Crypto Tools, Deobfuscation Tools, Linux Unpackers, PE EXE Signature Tools, Packer Identifiers

Most recent version:
0.0.4.1 with 902+35 signatures

Most recent release date:
December 15, 2015

Description:
Good detector for packers, compressors , compiler + unpack info + internal exe tools.
Internal Ripper for zip,rar,Flash swf,GFX-bmp/jpg/png/gif,cab,msi,bzip, ...
Colored Disassembler,Delphi Form viewer , .Zlib unpacker v1.2.8 , .NET exe info
Internal detector for non executable files.



Tool Updated: Easy Code 2

At: 2015-12-02 21:59:45

Listed in categories: Assembler IDE Tools, Assemblers

Most recent version:
2.00.0.0007

Most recent release date:
December 2, 2015

Description:
Easy Code 2.0 is the evolution of Easy Code 1.x, the visual assembly programming environment, and it has been programmed to build 32/64-bit Windows applications (supporting Unicode, multiple languages and building drivers and services). This new version of EC supports Fasm/GoAsm/Jwasm/Masm and PoAsm.

Easy Code 2 works on Windows XP and later.



Tool Updated: WinResize

At: 2015-11-14 15:49:37

Listed in categories: Window Manipulation Tools

Most recent version:
2.04

Most recent release date:
June 27, 2015

Description:
WinResize is Windows program for resizing windows of other applications to exact sizes in pixels. Program also displays window client area size.

Program is tested in Windows 7/8.1/10.



Tool Updated: Easy Code

At: 2015-10-16 09:18:36

Listed in categories: Assembler IDE Tools, Assemblers

Most recent version:
1.07.0.0008

Most recent release date:
September 16, 2015

Description:
Easy Code is the visual assembly programming environment made to build 32-bit Windows applications, supporting Unicode, multiple languages and driver building. The Easy Code interface, looking like Visual Basic, allows you to program a Windows assembler application done in an easy way as was never possible before. Download and test this application which includes the source code of a nice CD player, a complete and fast text editor in a dll file (to be able to program your own editor), a complete and excellent text editor ready to use, a file shredder, a MIDI player and many other applications. There are two available versions of Easy Code:

- Masm version using the Microsoft Macro Assembler (distributed with Masm32 and GeneSys packages)
- GoAsm version using the Jeremy Gordon's Go tools (distributed with the ECGo package)

Easy Code works in all Windows platforms (from Win95 to Win10).



Tool Updated: InnoExtractor

At: 2015-10-13 08:11:33

Listed in categories: Installer Extraction Tools

Most recent version:
5.2.1.185

Most recent release date:
October 8, 2015

Description:
InnoExtractor is a powerful application that helps you to unpack Inno Setup installers using InnoUnp technology.

With InnoExtractor you can explore the internal structure and content of the installer and you can to extract them to a local folder or a portable devices, without having to run the setup.

Key Features:

- Open Inno Setup-based installers into the application by drag and drop executables from Windows Explorer.
- Use VirusTotal technology to quickly search virus and threats in the installer.
- Research/scan all Inno Setup-based installers available in your hard drive.
- Explore and inspect internal content (files and more) of the installer.
- Get the full source code of installer.
- Edit the script of the installer with internal highlighted text editor or with external Inno Setup compiler if is currently installed.
- Extract files to a local folder, to a zip package, to a self-extracting module (portable) or by drag and drop feature.
- Dump/export "Code" (RemObjects Pascal in assemply code), "Registry" and "INI" sections from the script to a readable file.
- Extract the installer/setup icon.
- Run files of the installer into the same application with double click.
- Identify encrypted files of the installer.
- Perform file searches by keyword.
- Input panel, that allows you to enter a valid password to extract encrypted installers.
- Properties panel to see advanced information about the installer.
- History for recently opened installer.
- Other miscellaneous options.
- Support older and latest versions of Inno Setup.
- Support older and latest versions of InnoUnp.
- Application available in multiple languages.
- Designed for Windows 2000/XP/Vista/7/8/8.1/10.
- Full Unicode support.
- Much more!

System Requirements:

- Windows 2000/XP/Vista/7/8/8.1/10.
- Inno Setup-based installers.



Tool Updated: Solar Assembler (SolAsm)

At: 2015-09-27 21:35:25

Listed in categories: Assemblers

Most recent version:
0.36.12

Most recent release date:
November 5, 2012

Description:
SOLAR Assembler is a modern multipass macro assembler that can compile 16/32/64 bits code and runs on Windows, Linux, MacOSX and Solar_OS.

A few Features:
•Fast on huge and complex projects: 350.000 lines per second
•Can directly generate PE32/64, Binary 16/32/64, DLL32/64
•Can output OMF32, COFF32/64, ELF32/64 and MachO32 OBJ
•    Can encode 16/32/64 ASM code 
•     Strong recursive and nested MACRO system
•     Includes a rich set of High Level primitives:
•         .IF .ELSEIF .ELSE .ENDIF with AND/OR/NOT multiple conditions
•         PROC, ARGS, LOCALS, USES
•         INVOKE with ADDR support
•        STRUCT, ENUM, UNION
•         .REPEAT .UNTIL
•        MACRO, MARGS, VARARG, EXITM
•         #if, #ifdef, #if_used, #else
•        does not need PROTO, checks PROC arguments 
•     Includes mini in memory resource compiler
•     Emits Listing in standard text format
•     Emits Debug Output in COFF format and an easy to read text format
•     Multiplatform, runs on:
•        WIn95, Win98, Windows XP, VISTA, Windows 7 32 and 64 bits
•         Mac OS X 
•         Unix / Linux and other unix like OSes that can link with an ELF libc
•         Solar OS 
•     It is fully written in ASM, Compiles itself
•     Compiles huge and complex ASM projects like:
•         Solar OS
•         Hostile Encounter RTS Game 
•     Has a rich manual and a set of samples to get you started



Tool Added: Pestudio

At: 2015-09-26 15:25:51

Listed in categories: Malware Analysis Tools, PE Executable Editors

Most recent version:
8.51

Most recent release date:
August 1, 2015

Description:
pestudio is an application that performs Malware Initial Assessment of any executable file.

Malicious executable attempts to hide its malicious intents and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of pestudio is to detect these anomalies, provide indicators and score the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk.



Tool Added: CmdbarO2

At: 2015-09-05 16:44:04

Listed in categories: OllyDbg 2.x Extensions

Most recent version:
v2.01

Most recent release date:

Description:
expression Calculate value of expression (1er character is not letter)
expression=expression Set register or memory (1er character is not letter)
* Follow address in Disassembler
: expression, label Assign symbolic label to address
? expression Calculate value of expression
A expression [,command] Assemble at address
ASM command [;address] Assemble ligne
AT expression Follow address in Disassembler
BC expression Delete breakpoint at address, WITHOUT ARGUMENTS DELETE ALL BREAKPOINT
BD expression Disable breakpoint at address, WITHOUT ARGUMENTS DISABLE ALL BREAKPOINT
BE expression Enable breakpoint at address, WITHOUT ARGUMENTS ENABLE ALL BREAKPOINT
BP expression [,condition] Set INT3 breakpoint at address
BV expression Validate breakpoint at address, WITHOUT ARGUMENTS VALIDATE ALL BREAKPOINT
BPX label Set breakpoint on each call to external 'label' within the current module
BRK View Breakpoints window
C expression, comment Set comment at address
CALC expression Calculate value of expression
CLOSE Close debugged program
CPU View CPU window
CS View Call Stack
D expression Follow address in dump
DA [expression] Dump in assembler format
DASM expression [;address] Deassemble ligne
DB [expression] Dump in hex byte format & ASCII text
DBA [expression] Dump in hex byte format & ASCII text
DBU [expression] Dump in hex byte format & UNICODE text
DC [expression] Dump as ASCII text
DD [expression] Dump as addresses (stack format)
DU [expression] Dump as UNICODE text
DUMP expression Dump in assembler format
DW [expression] Dump in hex word format
EXIT Close OllyDbg
FOLLOW expression Follow address in Disassembler
G [expression] Run till address
GE [expression] Pass exception to handler and run till address
H Show this help
H APIfunction Show help on API function
H OllyDbg Show OllyDbg help
HBRK View Hardware breakpoints window
HC [expression] Remove HW breakpoint at address, WITHOUT ARGUMENTS DELETE ALL HW BREAKPOINT
HD [expression] Disable HW breakpoint at address, WITHOUT ARGUMENTS DISABLE ALL HW BREAKPOINT
HE expression Set HW breakpoint on execute at address
HELP Show this help
HELP APIfunction Show help on API function
HELP OllyDbg Show OllyDbg help
HR expression Set 1-byte HW breakpoint on access to address
HV [expression] Validate HW breakpoint at address, WITHOUT ARGUMENTS VALIDATE ALL HW BREAKPOINT
HW expression Set 1-byte HW breakpoint on write to address
L expression, label Assign symbolic label to address
LOG View Log window
MBRK View Memory breakpoints window
MC expression Remove memory breakpoint
MD expression Disable memory breakpoint
MEM View Memory window
MOD View Executable modules
MR expression1 [,expression2] Set memory breakpoint on access to range
MV expression Validate memory breakpoint, WITHOUT ARGUMENTS VALIDATE ALL HW BREAKPOINT
MW expression1 [,expression2] Set memory breakpoint on write to range
OPEN [filename] Open executable file for debugging
OPT Edit options
ORIG Go to actual EIP
OSC execute ODbgScript Exemple: osc d:\upx.txt
PAUSE Pause execution
QUIT Close OllyDbg
RST Restart current program
RUN Run program
S Step into
SE Pass exception and Step into
SEI Pass exception and Step into
SEO Pass exception and Step over
SET expression=expression Set register or memory
SI Step into
SO Step over
STK expression Follow address in stack
STOP Pause execution
T [expression] Trace in till address
TC condition Trace in till condition (Only Condition 1 is set)
TCI condition Trace in till condition (Only Condition 1 is set)
TCO condition Trace over till condition (Only Condition 1 is set)
TIO [expression] Trace in till address
TO [expression] Trace over till address
THREAD View Threads window
TR Execute till return
TRACE View Trace window
TU Execute till user code
W expression Add watch
WATCH expression Add watch
======= All functions run ==========



Tool Updated: DebugPluginO2

At: 2015-07-11 14:00:05

Listed in categories: OllyDbg 2.x Extensions

Most recent version:
201

Most recent release date:

Description:
Loads OllyDbg, breakpoints on loading plugin and analyse the plugin
Each time you press the shortcut(Alt Shift F1) the following plugin is Annalyse



Tool Updated: ArmaGUI

At: 2015-07-09 03:57:10

Listed in categories: Automated Unpackers

Most recent version:
1.5.4

Most recent release date:
August 27, 2006

Description:
Armadillo unpacker.

Supported Armadillo options:
Standard Features
Debugblocker
CopyMemII
Nanomites
Import Elimination
Strategic Code Splicing


Main features:
Complete automatic recover and validation of nanomites, even the fake ones in the tables;
Complete automatic reinsertion of Strategic Spliced Code at the original location before exe was protected by Armadillo;
Complete rebuild of the dumped file, cleaning all the trash;
Complete rebuild of the IAT without the use of any extern tool;


Introduction & Disclaimer:
ArmaGUI unpacking tool for the commercial protector Armadillo from Silicon Realms Toolworks (http://siliconrealms.com/index.shtml), it supports most of the protection options offered by Armadillo since version 3.
It's coded in VC++ with MFC for GUI support with some inline asm, MFC is the explanation to the over bloated 212kb exe file, and its only tested on XP SP2, maybe it works on w2k3 too, forget anything bellow XP.
This project was started based on a "challenge" by crUsAdEr on the Woodmann excellent forum: http://www.woodmann.com/forum/showthread.php?t=6365
crUsAdEr said: "hopefully u wont spread it to everyone though cos unpackers itself doesnt teach ppl much.", and I agree with that, you DON'T learn by using unpackers. This tool is working for 1+ year now as private but suffered big and important updates along the way.
This tool WASN'T created to harm SRT in any way, Armadillo is a good product with some nice ideas.
It WAS created in the sequence of my desire to see if I was able to create an unpacker to some packer more complex than UPX, together with the challenge from crUsAdEr, learning was and will always be my main purpose.
I know the GUI isn’t very user friendly, but really I don't care, don't bother bashing me with that;
I know it crash's alot, my coding sucks, the code it's crappy and non optimized, really it's a mess, eventually it will hang ur PC;
I know it doesn't automatic detect the protection options, this happens because it wasn't my main objective. I focused on getting the hard stuff like Nanomites and IAT Elim, and when I was over, I realized that I had made the engine based on the options I specified and couldn't change it, and so it stays like that, and I actually don't care. If you don't like it, start writing a Options detector (its easy stuff), or keep the opinion to yourself;
If all this isn't a problem to you, then I hope you enjoy using the tool almost as I enjoyed creating it.



Tool Updated: ODbgScript

At: 2015-06-26 17:41:59

Listed in categories: OllyDbg 2.x Extensions

Most recent version:
v2.02

Most recent release date:
June 26, 2015

Description:
ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using my plugin you can write a script once and for all.



For OllyDbg v2.01




with some bugs less

I wish I had feedback for faster corrected bugs thank you!



Views