Thursday, June 21, 2007

Conditional Branch Logger (CBL) V 1.0

HI
NEW PLUGIN  FOR OLLYDBG
Conditional Branch Logger (CBL) is a plugin which gives control and logging capabilities for conditional jumps over the full user address space of a process.
From the main OllyDbg plugin menu select Conditional Branch Logger -> Configuration.
This will open a dialog for managing Included (Logged) and Excluded address ranges, conditional branch type selection and project settings. Ranges can be entered manually or selected from one of the Conditional Branch Logger context menu options available in other OllyDbg windows.
Main CPU window (Alt+C): Add multiline selections as Included or Excluded ranges.
Executable modules (Alt+E): Add code section as an Included range. Set ranges by procedure for any module.
Memory map (Alt+M): Add any memory address region, including non-standard or memory mapped sections, as an Included range. Set ranges by procedure for any module section successfully analyzed.
The Set Ranges by Procedure option, available from the main menu or one of the context menus, will open a window from which individual functions can be added as Included or Excluded ranges for any module. The module will be automatically analyzed via the OllyDbg code analysis function if required.
Each time the main dialog is closed the CBL jump table window will be updated with the latest conditional jump breakpoint addresses. A context menu provides several options for further controlling the selected breakpoints both before and after analysis. When you are satisfied with the settings, run or single-step the target as usual. The results will be shown in the logfile and/or the CBL jump table window.
A button on the OllyDbg toolbar can be used to show the two Conditional Branch Logger custom windows if they have been hidden or closed.
A logfile can be specified from the main Configuration dialog in which all executed conditional branch instructions within the selected logging range and the result of whether the jump was taken or not are recorded.  If a logfile is not specified a default file named “conditional_branch_logger_default.log” in the OllyDbg main executable directory will be used. Such log files, from different runs of the same program, can then be compared using any good ‘diffing’ program to find changes in the code execution path as a result of changing inputs or conditions.
The majority of Conditional Branch Logger settings, including active breakpoints, are saved in the OllyDbg UDD project files and restored when the target is reopened. This means that you can log conditional branch instructions in system dlls such as ntdll.dll which occur even before the Entry Point of the target is reached.
The salient features are as follows:
* Ability to detect all conditional branches and log their behaviour during runtime without having to single step the whole process, which results in a dramatic improvement in performance when compared to run trace logging.
* Ability to choose specific conditional branch types to monitor and log.
* Ability to choose and optimize included ranges and excluded ranges to fine tune the logging.
* Ability to disable, delete and restore the logging status of the detected conditional branches.
* Log conditional branches from multiple modules.
* Ability to list all module procedures that OllyDbg has recognized, with their symbolic names if they exist, as a handy reference so that it is easier to include or exclude ranges.
* A text mode log file that could serve to compare two similar runs to detect divergent paths taken with respect to input.
* A runtime log window that updates the status of conditional branches live with context menus to edit, delete and disable the entries on the fly.
* Context menus in Executable modules window to mass add modules after auto analyzing them or add specific modules to be included in the logging.
* Context menus in Memory map window to add any module section, including non-standard or memory mapped regions, to be included in the logging.
* Context menus in the main Disassmebly window to add odd ranges to be included or excluded from the logging.
* Other features include saving the entire database of conditional branches to the OllyDbg UDD file and restored back when restarting the project.
We hope this plugin might prove useful when monitoring execution flow path.
Regards,
Blabberer, dELTA and Kayaker
Posted by REM in 22:56:30 | Permalink | No Comments »

.NET Reflector, Version 5.0.21.0

Reflector for .NET
Reflector is the class browser, explorer, analyzer and documentation viewer for .NET. Reflector allows to easily view, navigate, search, decompile and analyze .NET assemblies in C#, Visual Basic and IL.
——————————————————————————
Resourcer for .NET
Resourcer is an editor for .resources binaries and .resX XML file formats used with the .NET platform. Resourcer allows editing of name/string pairs, import of bitmaps/icons and and merging of resources from different sources.
link:
miror soon whit all adds :)
Posted by REM in 12:59:08 | Permalink | No Comments »

Cracking code

hi
Cracking code - Introduction
To defend, you must have some idea of what you’re defending, and who and what you’re defending against, specifically, which attacks.  Failure do understand and know these things means that your defense will most likely not be effective, and could in fact decrease your security.  Here’s an example:
Near where I live, thieves were stealing cars that people parked in the street.  The neighbourhood committee decided that they’d stop this.  The solution they implemented was to put gates at all entrances and exits of their area, and have guards that only allow cars with a particular sticker get through.  This makes people FEEL more secure.  However, for the cost (guardhouses and gates construction, guard salaries), it’s not as effective as it could be.  A thief can still walk in just as easily (gates only block roads), and when driving a stolen car out, the guards will see the car and sticker, recognize it, and let them leave.  If they had thought about how thieves operated, then they would have realised this and done something more effective, perhaps hiring the same number of guards, but setting them on a patrol, instead of just sitting at their posts.  With unlimited resources, they could do both things, and give each member a special remote key-code to unlock the gate when they are driving.  However, the tradeoff in cost and convenience is too high for them.
This is how security is, in the physical and electronic worlds.  We have many possibilities, each with their tradeoffs.  Deciding which measures to implement requires us to understand how our opponent is going to operate, as well as the details of how exactly our defenses work.
In this series, I’m going to show you how to crack simple code.  I’m going to make a series of samples to try this out on (to avoid DMCA problems with real code), so as to get a feel of what crackers do to code.  It is not going to be in-depth or show how to become a master cracker.  Just enough so that we could attack a simple Windows/.NET program’s licensing key system, which is a common theme in software protection.
Continue to Part 1, where we’ll crack some simple code…
Posted by REM in 12:56:00 | Permalink | No Comments »

WinLicense v1.9.1.0 official release + Themida [1.9.1.0] (05-Jun-2007)

WinLicense v1.9.1.0 official release
——————————————————————————–
[+] New internal protections
[+] Added API-Wrapper Levels (Protection Options panel)
[+] .NET: Improved compatibility with some .NET applications with non standard COM directory
[+] Possibility to reuse a single project file with different software in command line protection (/software /version switches)
[!] Wrong message ID was displayed when a license expires by Global Time
[!] Fixed compatibility issue generating license keys where User or Company names finish in ASCII char(255)
[!] Fixed compatibility with some applications when generating a crash dump
[!] Fixed compatibility issue retrieving the start address of functions in MAP files for Visual Basic applications
Themida [1.9.1.0] (05-Jun-2007)
[+] New internal protections
[+] Added API-Wrapper Levels (Protection Options panel)
[+] .NET: Improved compatibility with some .NET applications with non standard COM directory
[!] Fixed compatibility with some applications when generating a crash dump
[!] Fixed compatibility issue retrieving the start address of functions in MAP files for Visual Basic applications
Posted by REM in 12:53:01 | Permalink | No Comments »

armadillo v 5.0 public

hi
SoftwarePassport technology expands your global sales capabilities while providing maximum protection for your digital assets. It contains powerful features such as flexible server-based licensing and activation, trialware distribution and marketing, in-application purchasing and sophisticated country based licensing to name just a few.

Altogether, they enable software publishers like you to grow revenue by:
• Exposing your products to rapidly expanding global markets,
• Identifying who is buying and using your software,
• Maximizing the lifetime value of your buyers whether they are consumers, small to mid-size businesses or enterprises, and
• Attracting new customers in lucrative and untapped markets.

Version 5.00, Release Date: 06-18-2007

Bugs fixed:
· Fixed the Vista UNREGISTER bug, where Armadillo would display an error if you use fixed or variable backup locations.

Home Page - http://siliconrealms.com/index.shtml

link for testing new rlz :)
Posted by REM in 10:50:04 | Permalink | No Comments »

Hide Tools 2.1

HI
——————- HideToolz (ultimate crackers tools hider) ————-

HideToolz is intended for hiding crackers tools from different protection trying define their presence.

1) Hiding processes from all possible ring3 methods of the finding.
2) Hiding windows from enumeration and searching for on the known name.
3) Protection processes from opening on the known pid (as well as from indirect methods of the opening).
4) Parental process emulation (for all visible processes runned from hidden, will be emulated parental process explorer.exe)
5) Protection from rebooting windows (and log all rebooting attempts).
6) Protection from formatting the disk (and log all formatting attempts).

Attention: access of the hidden processes unrestricted, and they can see the real system state.
For impossibility of the finding HideToolz file on disk, is recommended rename file and pack its any packer.
v. 2.0

Ready to release a new CD. The innovations introduced :
1) Protection against SetWindowsHookEx for hidden processes.
2) Access parent to the child (if hidden) foliage at the start of its first flow.
3) Anti-anti debugging (one option), which includes the following :
1-Protection from the debug port of the two-Protection
2-from ThreadHide From Debugger
3-validating hendlov transmitted ZwClose
4)Added compatibility with glucnam and curves KIS6 (yes otsohnut the hands of those who wrote)
5) Fixed small bugs. In updating the old version to the new, obligatory restart.

V 2.1
SOME BUGS REMOVE
LINK:
http://rapidshare.com/files/38418318/HideToolz_up_3y_REM.rar
Posted by REM in 00:12:02 | Permalink | No Comments »