Bit Detector v2.8.5.6 & ExeInfoPe v0.0.3.1

Exeinfo PE is a software that you can use to view various information on any executable file.

This product is portable, so installation is not necessary. It means that your Windows registry entries will remain intact but that you can also place the tool on a removable device and run it on any computer.

The user interface of Exeinfo PE is based on a small, standard window in which you can insert an EXE or DLL file by using the file browser or the “drag and drop” method.

So, you can view the entry point, file offset, linker information, file size, EP section, first bytes, sub-system and overlay. But you can also input HEX data to look into BIN information.

In addition, you can open a section viewer in which you can check out each virtual offset and size, RAW data offset and size, flags, name, first bytes (in HEX mode) and section status (executable, readable, writable).

Continue Reading

Armadillo V6.X Minimum Protection 【脱壳】

话说这个东西是前天拿到的,但是当时在家,东西也不全。平直接感觉是加壳了。去peid官方下载了个没有更新特征库的报了个什么都没发现,晕死。

今天重新查壳发现是Armadillo V6.X Minimum Protection -> Silicon Realms Toolworks * Sign.By.fly * 20081227 *,脱壳后发现程序是用bc++写的:

这个文章网上有的,这里只是做个类似笔记的东西,没别的用处(文章本身就是依样画葫芦。)。

Continue Reading

MEW 11 1.2 -> NorthFox/HCC 脱壳脚本

//////////////////////////////////////////////////
//  FileName    :  MEW 11 V1.0-V1.2.osc
//  Comment     :  MEW 11 V1.0-V1.2 OEP Find
//  Environment :  WinXP SP2,OllyDbg V1.10,OllyScript V0.92
//  Author      :  fly
//  WebSite     :  http://www.unpack.cn
//  Date        :  2005-10-03 20:30
//////////////////////////////////////////////////
#log

MSGYN "Plz Clear All BreakPoints  And  Set Debugging Option Ignore All Excepions Options  !"
cmp $RESULT, 0
je TryAgain

//GameStart――――――――――――――――――――――――――――――――

sti
find eip, #C30000#
cmp $RESULT, 0
je NoFind
eob Break
bp $RESULT
log $RESULT

esto
GoOn:
esto

Break:
cmp eip,$RESULT
jne GoOn
bc $RESULT
sto

//GameOver――――――――――――――――――――――――――――――――

log eip
cmt eip, "This is the OEP! Found By: fly"
MSG "Just : OEP !  Dump and Fix IAT.  Good Luck  "
ret

NoFind:
MSG "Error! Maybe It's not MEW 11 V1.0-V1.2 ! "
ret

TryAgain:
MSG " Please  Try  Again   !   "
ret

700+ OllyDbgScripts

猛击此处下载文件!https://cloud.189.cn/t/jmemA3a6fqIj (访问码:lf58) smile smile

2008-04-05 20:47 220 32Lite 0.03a OEP Finder v0.1.txt
2006-01-15 00:00 218 32Lite 0.03a OEP V0.1.txt
2008-05-18 00:33 218 32LITE 0.03A OEP-FINDER V.0.1.txt
2004-11-14 19:55 218 32Lite 0.03a.txt
2008-05-18 00:33 2,490 ActiveMark 5.4x Level 2 EP Finder + Fix CRC.txt
2008-05-18 00:33 1,380 ActiveMark 5.4x Remove Selfchecks.txt
2008-05-18 00:33 474 ActiveMark 5.xx Level 2 EP Finder.txt
2006-01-15 00:00 801 ActiveMark Level 2 EP Finder.txt
2006-01-15 00:00 441 ActiveMark Patching Script.txt
2008-04-05 20:50 2,648 activemark54x.txt
2008-04-05 20:50 4,919 AddrEnc.txt
2008-04-05 20:50 1,075 AHpack 0.1 OEP Finder .txt
2008-04-05 20:50 1,017 AHTeam EP Protector 0.3a.txt
2008-04-05 20:50 1,227 AHTeam EP Protector 0.3b.txt
2006-01-15 00:00 3,515 Alex Protector 1.0 Beta 2 Fix IAT + Remove Junk Code v0.1.txt
2008-04-05 20:50 3,515 ALEX PROTECTOR 1.0 BETA2 V0.1.txt
2006-01-15 00:00 3,515 ALEX Protector1.0.txt
2008-04-05 20:50 801 AM.level2.ep.finder.txt
2008-04-05 20:51 396 AM.patching.script.txt

Continue Reading