Jump to content
Tuts 4 You

Tools & Utilities

Coded anything nice? Share it here...

64 files

  1. Scylla Imports Reconstruction Source

    Scylla - x64/x86 Imports Reconstruction
    ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job.
    Scylla's key benefits are:
    x64 and x86 support full unicode support written in C/C++ plugin support works great with Windows 7 This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system. But it may work with XP and Vista, too.
    Source code is licensed under GNU GENERAL PUBLIC LICENSE v3.0
    https://github.com/NtQuery/Scylla
    https://github.com/x64dbg/Scylla
     

    1,501 downloads

    0 comments

    Updated

  2. PPEE (puppy)

    This is a professional PE file explorer that lets you dig into all data directories available in the PE/PE64 file and edit them.
    Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.
    Two companion plugins are also provided. FileInfo, to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on. YaraPlugin, to test Yara rules against opened file.
    Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details.
    Puppy is free and tries to be small, fast, nimble and friendly as your puppy!
     
    Website: https://www.mzrst.com/

    835 downloads

    0 comments

    Updated

  3. Strong Name Helper

    Bundle of .NET tools!
    Main reason is to defeat strong name validation, on the other hand third party tools merged!
    ACorns.Hawkeye
    Is the only .Net tool that allows you to view, edit, analyze and invoke (almost) any object from a .Net application. Whenever you try to debug, test, change or understand an application, Hawkeye can help.
    CFF Explorer-NTCore
    Designed to make PE editing as easy as possible, but without losing sight on the portable executable's internal structure.
    HwndSpy-dp0
    Is an invaluable tool for developers doing maintenance on GUI applications, where they first need to understand the windows hierarchy and how the windows are structured.
    HxD-Mael Horz
    Is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
    Mono.Cecil-Evain 
    Is a library to generate and inspect programs and libraries in the ECMA CIL format.
    Procmon-SysInternals
    Is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
    Resource2+4-fish
    Is a utility to easily refresh embedded resources in a .NET assembly. ResX Schema(*.resX), Embedded Resource(*.resources), Import/Export/View/Edit/Translate embedded resources,  Text/Icon/Bitmap/Cursor/String/ImageListStreamer/PinnedBufferMemoryStream (v4)...
    SysTracer-blueproject
    Is a system utility tool that can scan and analyze your computer to find changed (added, modified or deleted) data into registry and files.
    de4dot-0xd4d
    Is an open source .NET deobfuscator and unpacker written in C#.

    Assembly_Resigner-CodeCracker
    StrongName_Killer-CodeCracker

    251 downloads

    0 comments

    Updated

  4. Strong.Name.Helper.v1.7-whoknows-pass-bs.7z

    Bundle of .NET tools!
    The development ended @ 2012 with v1.7. Main reason is to defeat strong name validation, on the other hand third party tools merged!
    ACorns.Hawkeye
    Is the only .Net tool that allows you to view, edit, analyze and invoke (almost) any object from a .Net application. Whenever you try to debug, test, change or understand an application, Hawkeye can help.
    CFF Explorer-NTCore
    Designed to make PE editing as easy as possible, but without losing sight on the portable executable's internal structure.
    HwndSpy-dp0
    Is an invaluable tool for developers doing maintenance on GUI applications, where they first need to understand the windows hierarchy and how the windows are structured.
    HxD-Mael Horz
    Is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
    Mono.Cecil-Evain
    Is a library to generate and inspect programs and libraries in the ECMA CIL format.
    Procmon-SysInternals
    Is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
    Resource2+4-fish
    Is a utility to easily refresh embedded resources in a .NET assembly. ResX Schema(*.resX), Embedded Resource(*.resources), Import/Export/View/Edit/Translate embedded resources,  Text/Icon/Bitmap/Cursor/String/ImageListStreamer/PinnedBufferMemoryStream (v4)...
    SysTracer-blueproject
    Is a system utility tool that can scan and analyze your computer to find changed (added, modified or deleted) data into registry and files.
    de4dot-0xd4d
    Is an open source .NET deobfuscator and unpacker written in C#.

    Assembly_Resigner-CodeCracker
    HeaderFixer-CodeCracker
    NR_Bad_Net_Opcode_Remover-CodeCracker
    StrongName_Killer-CodeCracker
     
    Password to extract is bs
     
     

    536 downloads

    0 comments

    Updated

  5. Funny x_dbg Text Patcher

    I was bored and tired of being reminded that I was wasting my life.
    Here is a simple text patcher for x32dbg and x64dbg. Just drop the patcher in your x32 and x64 folders and run it.
    Thanks!

    133 downloads

    0 comments

    Updated

  6. Code Ripper Plugin

    This is a new Code Ripper Plugin for OllyDbg 1.10.
    Post any problems or comments and suggestions for improvements here.

    271 downloads

    0 comments

    Updated

  7. CMDH - CMD running in hidden window

    CMDH by Gate2NET
    CMD running in hidden window

    91 downloads

    0 comments

    Submitted

  8. NEW dUP2 - Friendly with antivirus

    NEW dUP2 - Friendly with antivirus
    Password: tuts4you.com

    447 downloads

    0 comments

    Submitted

  9. Vic Plug-In 2 for OllyDbg 2.xx

    |-------------------------------------------|
    | Vic Plug-In 2 for OllyDbg 2.xx (Official) |
    | Author: Vic aka vic4key |
    | Mail: vic4key[at]gmail.com |
    | Blog: http://viclab.biz |
    | Website: http://cin1team.biz |
    |-------------------------------------------|


    ----- [ MENU ] -----
    Show the toolbar in the title of OllyDbg window
    Maximize OllyDbg window when staring
    Maximize OllyDbg child windows when staring
    Show address info in status bar
    Use APIs menu in OllyDbg menu bar
    Apply confirm exit for OllyDbg
    Make the transparency for OllyDbg window
    Debuggee Data
    Delete UDD data of the current session
    Delete all UDD data
    Open UDD data list
    Delete recent debuggee files
    Data Converter
    DLL Process Viewer
    File Location Converter
    PE Viewer
    Thread Viewer
    Lookup Error Code
    Find events of C++ Builder / Delphi VCL GUI application
    Advanced Map File Importer
    Map File Importer
    Open Label window
    Open Comment window
    Bypass Anti Debugging
    Hide the PEB
    Data Copier
    VA Address
    RVA Address
    Offset Address
    ANSI String
    UNICODE String
    Code Ripped
    Breakpoint Manager
    INT3 Delete all
    INT3 Import
    INT3 Export
    HWBP Delete all
    HWBP Import
    HWBP Export
    MBP Delete all
    MBP Import
    MBP Export
    Follow Me
    Follow in Disassembler at <address>
    Follow in Dump at <address>
    Copy <address> to clipboard
    Check for update
    Infomation

    942 downloads

    0 comments

    Updated

  10. OllyDBG - AIO

    OllyDbg with Plugin

    + OllyDBG v1.1
    + OllyDBG v2.0.1
    + OllyDBG Shadow
    GUI with Vic Plug-In

    Enjoy !

    2,115 downloads

    1 comment

    Updated

  11. Scylla Imports Reconstruction

    Scylla Imports Reconstruction

    ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job.

    Scylla's key benefits are:
    x64 and x86 support
    full unicode support
    written in C/C++
    plugin support (ImpREC plugins are supported)
    works great with Windows 7

    Currently there are only 2 plugins (PECompact, PESpin x64) in this release, full sourcecode for both is included.

    7,919 downloads

    0 comments

    Updated

  12. EASY SNIFFER CREATOR

    hey guys

    i create a program for serial sniff by vb6

    esc features :

    check crc(automatic)
    unicode string
    small size
    background music
    bypass packers

    and .....

    sorry for my english (im persian)

    enjoy it

    593 downloads

    0 comments

    Updated

  13. snr.dup.search.and.replace.patchengine.sourcecode.src

    snr.dup.search.and.replace.patchengine.sourcecode
    ASM Code

    275 downloads

    0 comments

    Submitted

  14. ScyllaHide

    ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://bitbucket.org/mrexodia/titanhide.

    ScyllaHide supports various debuggers with plugins:

    - OllyDbg v1 and v2 http://www.ollydbg.de
    - x64_dbg http://x64dbg.com or https://bitbucket.org/mrexodia/x64_dbg
    - Hex-Rays IDA v6+ https://www.hex-rays.com/products/ida/
    - TitanEngine v2 https://bitbucket.org/mrexodia/titanengine-update and http://www.reversinglabs.com/open-source/titanengine.html

    PE x64 debugging is fully supported with plugins for x64_dbg and IDA.

    Please note: ScyllaHide is not limited to these debuggers. You can use the standalone commandline version of ScyllaHide. You can inject ScyllaHide in any process debugged by any debugger.

    More information is available in the documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHide.pdf

    Source code license:
    GNU General Public License v3 https://www.gnu.org/licenses/gpl-3.0.en.html


    Special thanks to:

    - What for his POISON Assembler source code https://tuts4you.com/download.php?view.2281
    - waliedassar for his blog posts http://waleedassar.blogspot.de
    - Peter Ferrie for his PDFs http://pferrie.host22.com
    - MaRKuS-DJM for OllyAdvanced assembler source code
    - MS Spy++ style Window Finder http://www.codeproject.com/Articles/1698/MS-Spy-style-Window-Finder

    2,869 downloads

    0 comments

    Updated

  15. OllyICE TheMida MOD By EvOlUtIoN

    OllyICE patched to work with TheMida, this was made by the prestigious team SnD member EvOlUtIoN. This debugger took me a long time to find on the net and since most of the links that were on the net were dead it took me like around 3 weeks to find. I hope you guys enjoy.

    QUOTE BY EvOlUtIoN:
    So, by popular demand here is the debugger I normally use to "play" with programs protected with TheMida / WinLicense.

    My patch is very simple but it is good to remember that OllyICE was created for the first time since Hachno, a guru when it comes to Armadillo and unpacking in general.

    This version has basically 2 patches that differ from the normal OllyICE:
    One. We do not crash when you load a file protected
    2. If you add a context menu creates an entry called "TheMida OllyDbg", so depending on the target, you can open a olly or another.

    In the plugin folder there are all those necessary, the most important are:
    1. PHANTOM plugin
    2. HideOD
    Without these you do not ever riusicrà to load a target with TheMida without being detected.

    In addition there are 2 scripts, neither Dumpa the VM but at least find the OEP and aaggiustano the IAT.

    1,194 downloads

    0 comments

    Submitted

  16. UnPacKcN OllyDBG By FengLian

    The folder Ollydbg made the following modifications on the basis of DosaDBG
    1, Path several key name
    2, OllyDBG-C, OllyICE-B two debugger in loader Path after a title
    3, inside the INI File contains no debug logging blank INI document, only need to use after decompression can restore the debugging yywr

    487 downloads

    0 comments

    Submitted

  17. OllyExt

    OllyExt is a plugin for Olly 2.xx debugger.

    The main intention of this plugin is to provide the biggest anti-anti debugging features
    and bugfixes for Olly 2.xx. Updates will come...

    VMProtect support!

    The currently available commands are the following:
    - Code Rip to Clipboard
    - Code Rip to Clipboard Recursive
    - Data Rip to Clipboard
    - Signature Rip to Clipboard

    The currently supported protections are the following:
    - IsDebuggerPresent
    - NtGlobalFlag
    - HeapFlag
    - ForceFlag
    - CheckRemoteDebuggerPresent
    - OutputDebugString
    - NtClose
    - SeDebugPrivilege
    - BlockInput
    - ProcessDebugFlags
    - ProcessDebugObjectHandle
    - TerminateProcess
    - NtSetInformationThread
    - NtQueryObject
    - FindWindow
    - NtOpenProcess
    - Process32First
    - Process32Next
    - ParentProcess
    - GetTickCount
    - timeGetTime
    - QueryPerformanceCounter
    - ZwGetContextThread
    - NtSetContextThread
    - KdDebuggerNotPresent
    - KdDebuggerEnabled
    - NtSetDebugFilterState
    - ProtectDRX
    - HideDRX
    - DbgPrompt
    - CreateThread
    - NtSystemDebugControl
    - Custom ( Write your own )

    The currently supported bugfixes are the following:
    - Caption change
    - Kill Anti-Attach ( dll integrity check )

    Requirements:
    - Microsoft Visual C++ 2010 Redistributable Package (x86)

    OS support:
    - Windows XP
    - Windows Server 2003 R2
    - Windows Server 2008 R2
    - Windows 7
    - Windows Server 2012
    - Windows 8
    - Windows Server 2012 R2
    - Windows 8.1

    Limitations:
    - Because of missing PDK function data ripping is ONLY on 2.01 latest supported

    If you have any problem just notify me.

    About the author:

    Created by Ferrit
    Send your bugreports/comments to ferrit.rce@gmail.com

    Enjoy

    2,137 downloads

    0 comments

    Updated

  18. SubzEro

    ollydbg mod by me



    changed strongod and phantom names
    to avoid detection

    added fkvmp and zeus plugin
    also added LoadDll.dll not coded by me
    added dbghelp.dll



    added some visual tweaks and some more greetings to Apuromafo thx for help

    2,219 downloads

    0 comments

    Updated

  19. Jump Calculator

    This is my own coded jump calculator...
    Coded specially for our team site but i will share it the members on this board.
    It's simple as it is and nothing special. It's a simple jump calculator.
    Fill the fields for "Jump From:" and "Jump To:" with a hex address and press the button "Calculate". Thats all...
    Simple eh?

    grEEtZ iNvIcTUs oRCuS

    422 downloads

    1 comment

    Submitted

  20. Vic Plug-In

    Vic Plug-In 1.05 for OllyDbg 1.xx
    Author: vic4key
    Team: CiN1
    Website: www.cin1team.biz

    Lastest update: 13/10/2013
    + Menu
    - Show the toolbar
    - Maximize OllyDbg Window when staring
    - Maximize all OllyDbg child windows
    - Make the transparency for OllyDbg window
    - Deletes all the UDD (*.udd & *.bak)
    - DATA Converter
    - DLL Process Viewer
    - File Location Converter
    - PE Viewer
    - PEB Patcher
    - Lookup Error Code
    - Finding the Point Events in Delphi executables
    - Map file importe
    - Import labels
    - Import comments
    - Bypass anti debugging
    - Hide the PEB
    - Address copier
    - Copy VA
    - Copy RVA
    - Copy Offset

    Updating Infomation

    13/10/2013


    + Updated
    <None>

    + Fixed:
    - Crash OllyDbg when do not use the toolbar
    - Delete UDD data
    - DATA Converter

    24/03/2013
    - Maximize OllyDbg Window when staring
    - Maximize all OllyDbg child windows
    - Make the transparency for OllyDbg window
    - Lookup Error Code
    - Finding the Point Events in Delphi executables
    - Map file importe
    - Import labels
    - Import comments
    - Bypass anti debugging
    - Hide the PEB
    - Address copier
    - Copy VA
    - Copy RVA
    - Copy Offset

    + Fixed:
    - Show the toolbar
    - DATA Converter
    - File Location Converter

    469 downloads

    0 comments

    Updated

  21. Dissecting RC4 - Algorithm

    This application will show you how Algorithm RC4 works

    231 downloads

    0 comments

    Submitted

  22. zwfix.zip

    FIX for ZwQueryObject hang on file objects that have FO_SYNCHRONOUS_IO set.
    There is a "bug" in Win32 that hangs calls to ZwQueryObject and other functions
    when the queried handle has this flag set, as the Syscall is waiting forever.

    Ollydbg suffers from this bug as it reads certain handle informations after it
    hits a breakpoint. This then leads to a freeze of the debugger.
    This plugin tries to fix it by hooking the functions

    NtQueryObject (ntdll.dll)
    GetFileType (kernel32.dll)

    that get used by olly, which can cause the lockup and let them process the
    queries in a seperate thread with a timeout of 1sec. If the call hangs, an error
    is returned to Olly and the debugger doesn't freeze anymore.

    174 downloads

    0 comments

    Submitted

  23. REPT Patch Engine

    Hello everyone!

    I made a new utility for Team Rept called "REPT Patch Engine". As it name says, this patch engine provides you an easy to use interface to make different types of patch in one single executable. Currently it has 3 types of patching method:
    Hex Editor (Offset Patch)
    File Export
    Registry Patch

    This utility is made on .NET. I did NOT put any credit of "Created with REPT Patch Engine" because I wanted to make a new patch engine useful.

    Things to update for next versions:
    Compare files to see the offset of cracked and original file. DONE!
    Add custom skin

    If you need another thing to put on the patch tell me

    I hope you like it and it could be interesting to use. Fell free to use as you want.

    LordCoder

    942 downloads

    0 comments

    Updated

  24. Ollydbg Plugin for Safengine licensor 1.8 unpacking script

    Please download it here

    739 downloads

    1 comment

    Submitted

  25. REPT KeyGen Maker

    REPT KeyGen Maker is an utility to make keygens easily without having a programming knowledges.
    Please report any bug/improve to make it better

    This is currently done in .NET so will need .NET Framework 3.5 or higher.
    Thanks for download it!

    2,459 downloads

    1 comment

    Updated

×