iNF0 Master Reloaded v1.5.1
HI
ANOTHER TOOL FOR MAKING INFO
iNF0.Master.Reloaded.v1.5.1
LINK:
Tuesday, July 3, 2007
Armadillo Process Detach v1.2
Armadillo Process Detach allows you to detach/decrypt child process
from parent,in applications protected with Armadillo protection system
Latest version was coded 2 years ago and due to its functionality
I decided to recode it again from scratch, this time with a nice
GUI,CopyMem-II support and some protection detection features. Tested
with several versions from Armadillo v3.78 to v5.00 and all worked
perfectly, probably its the most compatible tool out there, enjoy
from parent,in applications protected with Armadillo protection system
Latest version was coded 2 years ago and due to its functionality
I decided to recode it again from scratch, this time with a nice
GUI,CopyMem-II support and some protection detection features. Tested
with several versions from Armadillo v3.78 to v5.00 and all worked
perfectly, probably its the most compatible tool out there, enjoy
LINK:
PE Detective 2007
Quick unpack 2.0 beta
v2.0
[!] fixed several bugs like missed import functions
[!] improved export feature now supports invalid functions
[!] many small improvements and optimizations
[+] import list from imprec feature added (now Quick Unpack supports both export and import of import functions in imprec-compatible files this allows to edit some functions or add new ones. keep in mind this option works with normally created files but if you put some garbage or format this file in unusual manner this may cause crash I was too lazy to parse the file with care)
[+] attach process feature added (this option allows to choose any module in a process for unpacking and has some features. if in processes listbox a process name is a full path with name you can attach to this process. if it is only name of the file you don’t have enough rights to attach. you can’t specify the OEP, the instruction the program was stopped is treated as the OEP. to use attach process feature one should load the program in any debugger and manually get to the OEP, when attach to that process with Quick Unpack. keep in mind that for smart import recovery you don’t need the program to run, it can just be left in the debugger standing at the breakpoint. but to use smart import recovery with tracer you should put it in the infinite loop (EB FE) and run the program because the tracer uses current thread for tracing. if the program was put in the infinite loop don’t forget to restore these two bytes in the dump. when attached tracing import is unreliable and very slow, so it’s not recommended to use it). this feature allows to use Quick Unpack as a dumper and import recoverer (my attempt to replace PETools and ImpRec with one program :))
[+] imprec plugin support added (this feature allows to use imprec tracer plugins in Quick Unpack to restore import functions. keep in mind when using attach to process feature the program must be run for the tracer to work)
[+] add UsAr’s generic oep finder
[+] add Human’s generic oep finder
[!] fixed several bugs like missed import functions
[!] improved export feature now supports invalid functions
[!] many small improvements and optimizations
[+] import list from imprec feature added (now Quick Unpack supports both export and import of import functions in imprec-compatible files this allows to edit some functions or add new ones. keep in mind this option works with normally created files but if you put some garbage or format this file in unusual manner this may cause crash
I was too lazy to parse the file with care)[+] attach process feature added (this option allows to choose any module in a process for unpacking and has some features. if in processes listbox a process name is a full path with name you can attach to this process. if it is only name of the file you don’t have enough rights to attach. you can’t specify the OEP, the instruction the program was stopped is treated as the OEP. to use attach process feature one should load the program in any debugger and manually get to the OEP, when attach to that process with Quick Unpack. keep in mind that for smart import recovery you don’t need the program to run, it can just be left in the debugger standing at the breakpoint. but to use smart import recovery with tracer you should put it in the infinite loop (EB FE) and run the program because the tracer uses current thread for tracing. if the program was put in the infinite loop don’t forget to restore these two bytes in the dump. when attached tracing import is unreliable and very slow, so it’s not recommended to use it). this feature allows to use Quick Unpack as a dumper and import recoverer (my attempt to replace PETools and ImpRec with one program :))
[+] imprec plugin support added (this feature allows to use imprec tracer plugins in Quick Unpack to restore import functions. keep in mind when using attach to process feature the program must be run for the tracer to work)
[+] add UsAr’s generic oep finder
[+] add Human’s generic oep finder
link:
