Results 1 to 6 of 6

Thread: ap0x Unpack Engine SDK v1.5

  1. #1

    ap0x Unpack Engine SDK v1.5

    a greate tool finally updated and out !!!

    This unpack engine covers everything one unpacker needs. It has debugger, dumper and importer modules which enable coding unpackers with ease. SDK is free and can be used by anyone but make sure you mention my name or include logo.bmp somewhere in About dialog.

    SDK v.1.5
    - Added C SDK
    - Updated Delphi and MASM SDK
    - Fixed all .dll LIB files in Engine folder
    - Fixed memory problems for all modules
    - Tested on over 100+ unpackers build on it!
    - Listing major changes only...

    v.1.7 [Debugger.dll]
    - Added new API: GetExitCode
    - Added new API: DebugLoopEx
    - Added new API: GetDebugData
    - Added new API: AttachDebugger
    - Added new API: DetachDebugger
    - Added new API: GetTerminationData
    - Added new API: LengthDisassembleEx
    - Added new API: GetDebuggedDLLBaseAddress
    - Added new API: GetDebuggedFileBaseAddress
    - Fixed: CommandLine parameter passing for InitDebug
    - Fixed: Wrong hex to dec conversion for some numbers
    - Fixed: LengthDisassemble crashing while getting length for some addresses
    - Fixed: Not releasing open handles for some files

    v.1.6 [Dumper.dll]
    - Added new API: IsFileDLL
    - Added new API: DumpProcessEx
    - Added new API: PastePEHeaderEx
    - Added new API: DeleteLastSection
    - Added new API: SetSharedOverlay
    - Added new API: GetSharedOverlay
    - Added new API: StaticLengthDisassemble
    - Fixed: Crashes releated to overlay when trying to extract the overlay
    - Fixed: ConvertVAtoFileOffset not converting addresses correctly with some files
    - Fixed: Crashes with PastePEHeader when PE32 header is not below 0x1000
    - Fixed: Not releasing open handles for some files

    v.1.6 [Importer.dll]
    - Added new API: ImporterAutoSearchIATEx
    - Added new API: ImporterGetRemoteAPIAddress
    - Added new API: ImporterRelocateWriteLocation
    - Added new API: ImporterGetDLLNameFromDebugee
    - Fixed: ImporterGetAPINameFromDebugee not returning names for APIs
    - Fixed: ImporterFindAPIWriteLocation returning wrong values if API is not found

    v.1.1 [Tracer.dll]
    - Added support for following redirections: SVK Protector 1.x, tELock 0.8x-0.99
    - Fixed: Memory leak for tracing large ammount of data in the same session
    - Improved tracing for all levels (added a trace into near jumps)

    v.1.0 [Realigner.dll]
    - Added new API: RealignPE
    - Added new API: IsPE32FileValid

    v.1.0 [Relocater.dll]
    - Added new API: RelocaterInit
    - Added new API: RelocaterAddNewRelocation
    - Added new API: RelocaterExportRelocation
    - Added new API: RelocaterChangeFileBase
    - Added new API: RelocaterEstimatedSize
    - Added new API: RelocaterMakeSnapshoot
    - Added new API: RelocaterCompareTwoSnapshots
    - Added new API: RelocaterGrabRelocationTable
    - Added new API: RelocaterGrabRelocationTableEx

    v.1.1 [HideDebugger.dll]
    - Added check for Windows version before patching APIs
    - Fixed: ASLR and Vista compatibility (Importer must be present)

    v.1.2 [Updater.dll]
    - Added return value to UpdateEngine
    - Added support for Tracer.dll updating
    - Added support for Realigner.dll updating
    - Added support for Relocater.dll updating
    - Changed update location to http://www.reversinglabs.com/
    http://ap0x.jezgra.net/sdk.html

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  3. #3
    One of the greatest challenges of modern reverse engineering is taking apart and analyzing software protections. During the last decade a vast number of such shell modifiers have appeared. Software Protection as an industry has come a long way from simple encryption that protects executable and data parts to current highly sophisticated protections that are packed with tricks aiming at slow down in the reversing process. Number of such techniques increases every year. Hence we need to ask ourselves, can we keep up with the tools that we have?

    Protections have evolved over the last few years, but so have the reversers tools. Some of those tools are still in use today since they were written to solve a specific problem, or at least a part of it. Yet when it comes to writing unpackers this process hasnít evolved much. We are limited to writing our own code for every scenario in the field.

    We have designed TitanEngine in such fashion that writing unpackers would mimic analystís manual unpacking process. Basic set of libraries, which will later become the framework, had the functionality of the four most common tools used in the unpacking process: debugger, dumper, importer and realigner. With the guided execution and a set of callbacks these separate modules complement themselves in a manner compatible with the way any reverse engineer would use his tools of choice to unpack the file. This creates an execution timeline which parries the protection execution and gathers information from it while guided to the point from where the protection passes control to the original software code. When that point is reached file gets dumped to disk and fixed so it resembles the original to as great of a degree as possible. In this fashion problems of making static unpackers have been solved. Yet static unpacking is still important due to the fact that it will always be the most secure, and in some cases, fastest available method.

    TitanEngine can be described as Swiss army knife for reversers. With its 250 functions, every reverser tool created to this date has been covered through its fabric. Best yet, TitanEngine can be automated. It is suitable for more than just file unpacking. TitanEngine can be used to make new tools that work with PE files. Support for both x86 and x64 systems make this framework the only framework supporting work with PE32+ files. As such, it can be used to create all known types of unpackers. Engine is open source making it open to modifications that will only ease its integration into existing solutions and would enable creation of new ones suiting different project needs.

    Features:

    Integrated x86/x64 debugger
    Integrated x86/x64 disassembler
    Integrated memory dumper
    Integrated import tracer & fixer
    Integrated relocation fixer
    Integrated file realigner
    Functions to work with TLS, Resources, Exports,Ö

    Link: http://www.reversinglabs.com/products/TitanEngine.php
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Great work ap0x

  5. #5
    Good work. I wish you could also add static library. Thanks again

    Kemal Atar
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  6. #6
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4
    o0..its prolly not legal to RE the 'RE' Engine is it...

    @apox:
    can i convert the code to 'native only' code for you(and reimplement some of it)?..the learning and expierence would be fun...

    but then again i might not have to now..i may be able to just inject your engine with APC's..I can string together some 'nop' padding so loved by windows..and combine them dynamically to form the data required in ntdll to inject these dll's

    BanMe
    Last edited by BanMe; September 5th, 2009 at 13:12.
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

Similar Threads

  1. [ New Tool ] Capstone-Engine
    By Gunther in forum General Reversing
    Replies: 0
    Last Post: May 16th, 2014, 12:09
  2. [ New Tool ] Capstone-Engine
    By Gunther in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: May 16th, 2014, 12:09
  3. Cheat Engine
    By hackermasteryX in forum The Newbie Forum
    Replies: 0
    Last Post: March 19th, 2010, 20:31
  4. RLPack by ap0x
    By Vrane in forum Tools of Our Trade (TOT) Messageboard
    Replies: 21
    Last Post: February 27th, 2007, 06:38
  5. +Tsehp -- Search Engine ???
    By Clandestiny in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: November 8th, 2000, 17:00

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •