Friday, July 13, 2007

OllyDbg ExeCryptor version

hi

 OllyDbg ExeCryptor version for hiding olly and ….

link:

http://rapidshare.com/files/39851301/exec.olly.zip 

Posted by REM at 17:09:56 | Permalink | No Comments »

Sunday, June 24, 2007

ollydbg DeFixed

hi

this is  another of ollydbg modificated :) 

This  version of OllyDBG is moded to be undetectable by protectors or
      protecting  formulas,  it  is  fast  and with most needed plugins for
      everyday cracking!

http://rapidshare.com/files/39044055/DeFixed_Edition.rar

 

Posted by REM at 12:52:27 | Permalink | No Comments »

Sunday, June 10, 2007

tElock 0.99 OEP Finder

// tElock 0.99 OEP Finder

// Coded by: kNiGhT

// Note: Ignore all exceptions

var temp

var temp1

var ImgBase

var CodeEnd

var CodeStart

var CodeSize

gmi eip, MODULEBASE

mov ImgBase, $RESULT

mov temp, 3c

add temp, ImgBase

mov temp, [temp]

add temp, ImgBase

add temp, 100

mov CodeSize, [temp]

add temp, 4

mov CodeStart, [temp]

add CodeStart, ImgBase

mov CodeEnd, CodeStart

add CodeEnd, CodeSize

gpa “LoadLibraryA”, “kernel32.dll”

add $RESULT, 2

bp $RESULT

run

bc $RESULT

rtu

String_Schleife:

sto

mov temp, [eip]

and temp, FFFF

cmp temp, 858D

jne String_Schleife

sto

mov temp, eax

DeleteString:

mov temp1, [temp]

and temp1, FF000000

cmp temp1, 0

je FindOEP

mov [temp], 0

inc temp

jmp DeleteString

FindOEP:

bprm CodeStart, CodeSize

OEP_Schleife:

run

cmp eip, CodeStart

jb OEP_Schleife

cmp eip, CodeEnd

ja OEP_Schleife

bpmc

cmt eip, “OEP found by kNiGhT”

msg “Dump and rebuild IAT!”

ret

Posted by REM at 22:43:37 | Permalink | No Comments »

NTkrnl Packer 0.15 OEP Finder + IAT Repair

// WinXP SP2,OllyDbg V1.10,ODbgScript 1.48xxx1.60,FantOm plugin0,58

var br

var pt

var va

run

mov [eip],#CC#

mov br,[esp+8]

bp br

run

bc br

gpa “LoadLibraryA”,”kernel32.dll”

bp $RESULT

run

bc $RESULT

rtr

mov br,eip

bpcnd br, “EDI==7C809A81″//–”VirtualAlloc”,”kernel32.dll”

run

bc br

sti

mov pt,eip

add pt,A8

mov [pt],#EB#

find eip,#8944241C61FFE0#

cmp $RESULT,0

je quit

mov br,$RESULT

add br,5

bp br

run

bc br

sti

cmt eip, “This is the entry point”

MSG “OEP Faund ! IAT fixed! Dump it”

ret

quit:

ret

Posted by REM at 22:41:28 | Permalink | No Comments »

Thinstall 2.736 Extract Dependecies (DLL’s)

hi
the new script for Thinstall

// Thinstall 2.736 Extract Dependecies (DLL’s)

// Note: This script is used for extracting dependencies, such as those found here:

// Coded by: Pavka

 

Var mod

var _isBad

var addr_dll

var size_dll

var img_dll

 

gpa “SetEnvironmentVariableA”,”kernel32.dll”

bp $RESULT

run

bc $RESULT

rtu

mov oep,eip

add oep,6F

bp oep

run

bc oep

sti

find eip,#51E8??????0083C4088B55C4899528FBFFFFC78578FEFFFF00000000C645FC058B8528FBFFFF#

cmp $RESULT,0

je quit

mov mod,$RESULT

bp mod

run

gpa “IsBadWritePtr”,”kernel32.dll”

mov _isBad,$RESULT

run

l:

bp _isBad

run

rtu

mov addr_dll,eip

add addr_dll,1E

bc _isBad

go addr_dll

mov img_dll,edx

mov size_dll,edx

add size_dll,90

mov size_dll,[size_dll]

eval “Name dll in ebx, damp partial address:{img_dll} , size:{size_dll}”

msg $RESULT

pause

run

jmp l

quit

ret

Posted by REM at 22:38:57 | Permalink | No Comments »

all patches for ollydbg 1.1

hi
all patches for ollydbg 1.1 that i find in the world :)
have nice modifing !!!:)
this patches for protect ur olly from detecting by any anti debug trick :)
Posted by REM at 17:43:10 | Permalink | No Comments »

OllyDbg Modification

HI
i want to introduce the new olly debugger that modification by reverser in the world .
this package updated till now.
some of  these ollydbg  used to hiding  from protectors  and  some packers has detecting debuggers.
i use them for analyzing worm and virus……
have nice reversing
list of ollydbg :
OllyDbg - Diablo’s Modification
http://rapidshare.com/files/25395171/request.php_2
OllyDbg - Hacnho’s Modification
http://rapidshare.com/files/25395639/request.php_4
note:
AFTER DOWNLOAD CHANGE NAME TO*.RAR OR *.ZIP
Posted by REM at 17:32:52 | Permalink | No Comments »