Tuesday, July 24, 2007

ArmaDetach. v1.3

hi new version:) http://rapidshare.com/files/44764965/ArmaDetach.v1.3-RES-tool.rar
Posted by REM at 16:39:38 | Permalink | No Comments »

Tuesday, July 17, 2007

un themida 3.0

hi

what do u think:

http://rapidshare.com/files/43415368/untmd-3.0.0.rar

Posted by REM at 14:13:08 | Permalink | No Comments »

Friday, July 13, 2007

Asprotect unpack script Aspr2.XX_unpacker_v1.0 e by VolX

Author: VolX

This is an asprotect’s unpack script for ollyscript, when you use it, you must to have these tools:

1.Ollydbg 1.1
2.Odbgscript 1.47 or high
3.Import Reconstructor

After run this script, you will get de_xxxxxxx.exe (or de_xxxxxxx.dll), you can use Import Reconstructor to fix IAT.

*** perhaps you can get the other files like st_table.bin and jmptable.bin after run script, leave alone.

don’t use this script to unpack an app that use asprotect’s VM !!!!

link hide :) 

Posted by REM at 17:22:47 | Permalink | Comments (7)

Monday, July 9, 2007

Themida Spy

TheMida uses RAW of kernel32.dll, user32.dll and advapi32.dll to stop,
disable breakpoints in APIs while TheMida layer is executing. To be
able to break on APIs we have to add one extra layer between TheMida
code and API, which will allow us to easily break on APIs from k32 and
advapi32.dll
thax to deroko
REM’S note: some antivirus like nod32 says that is unknow virus …dont worry about that !-)
link:
Posted by REM at 07:00:47 | Permalink | No Comments »

Saturday, July 7, 2007

Armadillo Find Protected V1.6

Posted by REM at 08:49:29 | Permalink | No Comments »

Tuesday, July 3, 2007

Armadillo Process Detach v1.2

     Armadillo  Process  Detach  allows you to detach/decrypt child process
     from parent,in applications protected with Armadillo protection system
     Latest version was coded 2 years  ago  and  due  to  its functionality
     I decided to recode it again from  scratch,  this  time  with  a  nice
     GUI,CopyMem-II support and some protection detection  features. Tested
     with  several versions from Armadillo  v3.78  to  v5.00 and all worked
     perfectly, probably its the most compatible tool out there, enjoy :)
LINK:
Posted by REM at 09:54:56 | Permalink | No Comments »

Thursday, June 14, 2007

ASClean - ASProtect trial keys cleaner. Version 2.0 - Public

HI.
from PE_KILL :)
 When I wrote Tools to remove trial golden keys. Served as treshreg . But then a notice that some keys, it is not. Make-treshreg also skip them. Then I Rza Shift key finding from the devaluation, he’s their keys as looking for! Well what happened. Finds all keys isolated from the 1.32 version. The release, I also included sources who Asthma may be required.
LINK:
Posted by REM at 10:40:13 | Permalink | No Comments »

ArmInline 0.96 Final

hi
ArmInline is a very good Armadillo Shelling aids, Armadillo support v3.5-4.4.
this is chines version
link:
Posted by REM at 08:52:04 | Permalink | No Comments »

Tuesday, June 12, 2007

ArmaGUI 1.5.4 +1.5.3

ArmaGUI 1.5.4 - Armadillo 3.xx/4.xx unpacker

############################################

Supported Armadillo options:
Standard Features
Debugblocker
CopyMemII
Nanomites
Import Elimination
Strategic Code Splicing

Main features:
Complete automatic recover and validation of nanomites, even the fake ones in the tables;
Complete automatic reinsertion of Strategic Spliced Code at the original location before exe was protected by Armadillo;
Complete rebuild of the dumped file, cleaning all the trash;
Complete rebuild of the IAT without the use of any extern tool;

History:

27/08/2006 - V1.5.4:

*Suport to some custom versions;

16/08/2006 - V1.5.3:

*General IAT recover bug fixed;

09/08/2006 - V1.5.2:

*Dll’s unpacking fixed, this option wasn’t working at all since my last modifications;

*Several stuff added to spliced code and nanomites engines;

 

link:

http://rapidshare.com/files/36664597/arm.rar

Posted by REM at 10:15:54 | Permalink | No Comments »

ACProtect Additional Info Finder v0.41

Description
——–
This program is written for simple getting information about protector
version, protect options and addresses of crypted code.
version history
————–
v0.41
[+] Analysis Code replace option
[-] Corrected a few little bugs
v0.40
[!] Plugin for Detect it Easy!
[!] Improved ÎÅÐ Finding

v0.31

[!] Dll Loader is situated in resources
[!] First analysis is improved
[-] Corrected bug with ddl’s, protected with ACProtect 2.0

v0.30

[+] Dll Loader
[s] ACProtect 1.07
[s] ACProtect 1.09
[!] Interface is modified
[-] Improved RSA Crypt & Embedded Protector detection

v0.22

 [+] OEP Obfuscation & finding stolen ÎÅÐ
[s] ACProtect 1.40
[s] ACProtect 1.35A (Detects as version 1.40)
[s] ACProtect 1.22
[s] ACProtect 1.21
[-] Added possibility of analysis of “suspicious” programs

v0.21

[+] Support of some version of windows other than win XP
[-] Corrected little bug

v0.2

[!] The engine is rewritten from scratch
[+] Detection of Dynamic Crypt
[+] Detection of Embedded Protector
[-] Deleted option detection  Anti-SoftIce & Anti-Loader
[-] Corrected bug with programs not packed with ACProtect

v0.1

[!] First version
[+] Protector version detection
[s] ACProtect 1.09 (versions f and g)
[s] ACProtect 1.10
[s] ACProtect 1.22
[s] ACProtect 1.23
[s] ACProtect 1.3c
[s] ACProtect 1.32
[s] ACProtect 1.41
[s] ACProtect 2.0 build 06.03.10
[s] ACProtect 2.0 build 06.02.06
[+] Detection of option Anti-SoftIce
[+] Detection of option Anti-Loader
[+] Detection of option API Redirection
link:
Posted by REM at 09:28:13 | Permalink | Comments (1) »