Jump to content
Tuts 4 You

Tools & Utilities

Numerous RCE related tools and utilities...

48 files

  1. Scylla Imports Reconstruction

    Scylla Imports Reconstruction

    ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job.

    Scylla's key benefits are:
    x64 and x86 support
    full unicode support
    written in C/C++
    plugin support (ImpREC plugins are supported)
    works great with Windows 7

    Currently there are only 2 plugins (PECompact, PESpin x64) in this release, full sourcecode for both is included.




  2. HexDec

    Converter Hex-Dec-Bin-Chr and calculator (Xor,Or,And,Mod,Div,Mul,Shl,Shr)

    0.02 - Added button to clear the input fields.
    If you have any ideas, bug reports, please PM me - or post on the release thread of the tool.




  3. Mpress GUI

    MPRESS [Matcode comPRESSor] GUI

    GUI for fine packer Mpress.




  4. [SCT]Reversers' Calculator

    Reversers' Calculator is a full tool that combines all logical and mathematical operations, also can convert hexadecimal numbers to binary, decimal(signed/unsigned),octal and string. This tool is very handy for all reversers.




  5. ScyllaHide

    ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://bitbucket.org/mrexodia/titanhide.

    ScyllaHide supports various debuggers with plugins:

    - OllyDbg v1 and v2 http://www.ollydbg.de
    - x64_dbg http://x64dbg.com or https://bitbucket.org/mrexodia/x64_dbg
    - Hex-Rays IDA v6+ https://www.hex-rays.com/products/ida/
    - TitanEngine v2 https://bitbucket.org/mrexodia/titanengine-update and http://www.reversinglabs.com/open-source/titanengine.html

    PE x64 debugging is fully supported with plugins for x64_dbg and IDA.

    Please note: ScyllaHide is not limited to these debuggers. You can use the standalone commandline version of ScyllaHide. You can inject ScyllaHide in any process debugged by any debugger.

    More information is available in the documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHide.pdf

    Source code license:
    GNU General Public License v3 https://www.gnu.org/licenses/gpl-3.0.en.html

    Special thanks to:

    - What for his POISON Assembler source code https://tuts4you.com/download.php?view.2281
    - waliedassar for his blog posts http://waleedassar.blogspot.de
    - Peter Ferrie for his PDFs http://pferrie.host22.com
    - MaRKuS-DJM for OllyAdvanced assembler source code
    - MS Spy++ style Window Finder http://www.codeproject.com/Articles/1698/MS-Spy-style-Window-Finder




  6. Scylla Imports Reconstruction Source

    Scylla - x64/x86 Imports Reconstruction
    ImpREC, CHimpREC, Imports Fixer... this are all great tools to rebuild an import table, but they all have some major disadvantages, so I decided to create my own tool for this job.
    Scylla's key benefits are:
    x64 and x86 support full unicode support written in C/C++ plugin support works great with Windows 7 This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system. But it may work with XP and Vista, too.
    Source code is licensed under GNU GENERAL PUBLIC LICENSE v3.0




  7. REPT KeyGen Maker

    REPT KeyGen Maker is an utility to make keygens easily without having a programming knowledges.
    Please report any bug/improve to make it better

    This is currently done in .NET so will need .NET Framework 3.5 or higher.
    Thanks for download it!




  8. PPEE (puppy)

    This is a professional PE file explorer that lets you dig into all data directories available in the PE/PE64 file and edit them.
    Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.
    Two companion plugins are also provided. FileInfo, to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on. YaraPlugin, to test Yara rules against opened file.
    Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details.
    Puppy is free and tries to be small, fast, nimble and friendly as your puppy!
    Website: https://www.mzrst.com/




  9. PE Generator 1.1...

    This tool allows you to build your own PE file (Executable). After compiling, you have just to edit the code and data sections with your own code (Of course using a disassember or a debugger). PE GeNeRaToR Supports also imports building... Creating icons is now supported.





  10. PinMe!

    PinMe! allows setting individual windows to TopMost (window always on top) with the following additional features;
    Setting windows to TopMost / NoTopMost Changing window transparency levels Window captures and region captures Desktop captures (foreground and background) Basic window statistics Window information; dimensions, sizes, styles, etc. Installation
    As of version 0.8.9 PinMe! is a Windows 10 only application.
    Extract PinMe! from the archive and copy to a directory from where it can be run.
    If you want to have PinMe! run at each startup click on the "Run at Start-Up" option in the menu. A copy of PinMe! will be saved to the Windows "Startup" folder.
    TopMost / NoTopMost
    A list of all open and visible windows are shown in Z-Order from the click of the tray icon. Selecting a window positions that window to TopMost (always on top/pinned) and now the highest in Z-Order. If you select a window that has already been given TopMost it will set it to NoTopMost (normal). When more than one window is TopMost, the TopMost windows will take hierarchy in the order which you selected them. The first TopMost window will go to the bottom and recent to the top. TopMost windows will show up with a locked icon next to them in the menu. Normal windows will have their default window or system icon.
    If a window you want to set to TopMost or NoTopMost is not shown in the menu list of windows you can use customised shortcut keys, found in Preferences menu, whilst the window is active.
    Window Monitor
    As of version 0.9.3 PinMe! contains a frequently requested feature to "Monitor" certain windows and automagically set them to TopMost.
    When a window is being monitored PinMe! will remember the window(s) and, for example, after a restart set those windows to TopMost again.
    One of the caveats with this feature is if you were to monitor a Notepad window all subsequent opened Notepad windows will be set with TopMost.
    Feedback on this feature is warmly welcome.
    Window Transparency
    There are two ways to change the transparency of a window. The first it to find the window in the menu list and from the, "Window Transparency", submenu set the desired level of transparency between 10% to 100% viewable.
    If the window you want to set the transparency level of is not in the window menu list use the second method. From "Tools Menu..." menu select, "Enable Window Transparency". Once the setting has been activated you should see the same menu option now listed as, "Disable Window Transparency". Move the mouse cursor over the window you would like to change the transparency level of and scroll the mouse wheel until the transparency is at the desired level. Moving the mouse to other windows and scrolling the mouse wheel will change the transparency level of those windows until you go back to the tools menu to disable the feature.
    Whilst this option is activated mouse scroll wheel messages are not passed to the window until this option is disabled, scrolling through a page in a browser or document for example will not be possible.
    Capturing Windows
    You can capture the contents of a window in each windows submenu. PinMe! will try to capture the window image even if it is located behind other windows. If it is unable to do so PinMe! will attempt to bring that window to the front before capturing.
    Images can be saved in either .PNG, .JPG and .BMP., the image is also copied to the clipboard if you have the option enabled in Preferences.
    Capturing Screens & Desktops
    You can capture whole screens, desktop foreground and background. By going to, "Tools Menu...", you will find a submenu titled, "Capture Display Devices...". The submenu will contain a list of all the display devices currently connected and active including two options titled, "Capture Desktop Background", and, "Capture Desktop Foreground". To capture a screenshot simply select the appropriate display device and a save dialogue will appear to allow you to save the captured image to a folder.
    The following options capture the entire desktop across all monitors/displays:
    Capture Desktop Background, captures all of the desktop background across all display devices without any of the windows on top. Capture Desktop Foreground, captures all windows on top of the desktop across all display devices. Images can be saved in either .PNG, .JPG and .BMP., the image is also copied to the clipboard if you have the option enabled in Preferences.
    Region Captures
    Region capture can be activated by selecting, "Tools Menu...", then, "Enable Region Capture". Once you are in region capture the display will turn a slightly different colour and the mouse cursor will change to a cross hair with a square magnified window next to it.
    There are two methods for selecting the capture points. The first is to click and hold down the mouse pointer at the start position and drag the mouse pointer to draw a rectangle over the area of screen you would like to capture. You will notice a coloured rectangular box will be created, this is the region that will be captured. The second method is to left mouse click at the first capture point then left mouse click at the second capture point. You will notice the cross hair will stay active at the first location, this helps you correctly size the corners of the rectangle you wish to capture.
    To help you capture the correct region a magnify window is available. Inside the magnify window information will display the x and y coordinates of the cross hair position. A colour picker in the top right hand corner is displayed. The top left hand side shows the zoom factor which, you can change by scrolling the mouse wheel to zoom in and out of the image.
    After selecting a capture region the save dialogue automatically appears. Images can be saved in either .PNG, .JPG and .BMP., the image is also copied to the clipboard if you have the option enabled in Preferences.
    Exiting from region capture can be done by pressing the right mouse button.
    Depressing the wheel mouse button at any time during a capture will cause the mouse to move at slow speed. This may help in correctly aligning the capture cross hairs.
    Pressing the "SHIFT" key after the first cross hair has been set will delete it.
    Shortcut Keys
    In the Preferences menu you will find two options for customising shortcut keys to start region capture and set an active window between TopMost and NoTopMost. To configure this click in one of the shortcut fields and then select the key combinations you would like to use. If the key combination was successful the shortcut description will be set. An error message will prompt you if PinMe! was unable to do this, likely because the key combination has already been registered by another application.
    Run At Startup
    You will only see this menu option if PinMe! is not already running from the Windows startup folder.
    When selected PinMe! will be copied to:
    C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup To update either;
    manually copy a new version to the startup folder or, whilst the new version of PinMe! is running (from another folder) select this option to overwrite the existing file. Run As Administrator
    Introduced in Windows Vista and used with subsequent editions, the Windows OS comes with a security feature called User Account Control - or UAC for short. UAC prevents programs and applications running with elevated (Administrator) privileges to help protect the operating system from being compromised by malicious software. By default PinMe! does not request elevated privileges. Because of this PinMe! may not by able to send messages to communicate a change of window state to a program that is running with higher privileges than PinMe!. This is due to another security technology called User Interface Privilege Isolation (UIPI). If you find that PinMe! is not changing the state of a particular window you can request PinMe! to run in Administrator mode by going to, "Tools Menu...", menu and selecting, "Run As Administrator", which will let PinMe! run with high integrity. Once activated Windows will prompt you with a User Account Control dialogue asking if you want to allow PinMe! to make changes to the computer. Click yes if you do. Once PinMe! is running with high integrity in Administrator mode PinMe! will be able to send messages and communicate with those windows.
    Here is a quick overview of other available options, not mentioned above, in the Preferences menu that allow you to enable or disable features:
    Sounds sound prompts and warnings. Clipboard saving of captures to the clipboard. Save Dialogue save dialogue prompt after captures. Double Buffer if in region capture the window suffers from flickering enable this. Repeat Capture continue to the next region capture after saving. Display Affinity magnify window sees through the capture window (Windows 10 Build 18994 and above). Magnify Window enable or disable the magnify window. Language Files
    Upon startup PinMe! will try to determine the users interface language then search for that regions language file in the "Language" subfolder where PinMe! executable is located. All language files begin with, "lang_", suffixed by a three letter ISO language name for the region. E.g. for a user in Thailand using Thai language PinMe! will search for, "lang_tha.txt". If a language file is unable to be located PinMe! defaults to it's built in English language. PinMe! conforms to ISO 639-2 three-letter code for the language file suffix name. If you wish to create a language file for your region you can find your language prefix listed at Wikipedia:
    The language file must be saved in UTF-8. If for some reason your language is displayed incorrectly within PinMe! please try saving the file as UTF-8 with BOM (byte order mark).




  11. Delphi Tool Version 2.00

    At last, it's here! xD
    Sorry about the delay, but I had other stuff going on...so yeh. It's here now. Hope it was worth the wait!

    Delphi Tool
    Version 2.00

    Code + GFX by RaptoR of Team iNFECTiON



    Description: This tool was originally just a String Splitter for Delphi, but after a few suggestions to expand it, I have. It now comprises of:
    Delphi String Splitter
    Delphi String Unsplitter
    String To Charcode Converter
    Charcode to String Converter
    Table Extractor
    Array Maker
    Source Cleaner
    ASCII Table Viewer

    The string splitter module splits up strings into more managable blocks. It is very handy for cutting long strings into ones that Delphi can handle (as you know, the maximum length of a string in Delphi is 255 characters. This can be annoying when using long strings, when for example working with encryption schemes). It is also handy for simply tidying up long code.

    The string unsplitter module does the reverse of the string splitter module, and concatenates strings that have been split with the string splitter (or by other means) into one.

    The string to charcode converter will convert an entered string into Delphi's character codes. For example "RaptoR" becomes "#82#97#112#116#111#82".

    Charcode to string converter is the opposite of string to charcode. It will convert entered charcodes into strings.

    The Table Extractor is for extracting data from files to be used in your Delphi apps, be it chiptunes, patchdata, whatever.

    The Array Maker does exactly as it says on the tin, and allows you to create arrays quickly and easily. This module was originally coded as a standalone app by my friend Saduff, but he has allowed me to merge it into the Delphi tool. Greetz!

    Source Cleaner ...cleans your source It makes your source easier to read and work throught. Coded by KenTheFurry, who has given code and permission to merge it into Delphi Tool. Thank you too!

    The ASCII Table viewer is simply a viewer for a full ASCII table. The table was taken from:

    Format/Type: EXE/Tool
    Size: 276kb
    SHA-1 of Archive: 118D598F90FCCD4CA6F69A7B8972653CD2FF9AFE
    Screenshot attatched.


    If you have any ideas, bug reports, or suggestions for Delphi Tool, please PM me - or post on the release thread of the tool.

    - RaptoR




  12. iNF0 Master 1.5.1

    It is a nfo drawing application. What to say, try it!


    1 comment


  13. FastOldskoolCracktroMaker

    here is a first alphaversion of my oldskoolish cracktromaker
    the manual is only german, but i hope u can find how to use it
    have fun =)




  14. Strong.Name.Helper.v1.7-whoknows-pass-bs.7z

    Bundle of .NET tools!
    The development ended @ 2012 with v1.7. Main reason is to defeat strong name validation, on the other hand third party tools merged!
    Is the only .Net tool that allows you to view, edit, analyze and invoke (almost) any object from a .Net application. Whenever you try to debug, test, change or understand an application, Hawkeye can help.
    CFF Explorer-NTCore
    Designed to make PE editing as easy as possible, but without losing sight on the portable executable's internal structure.
    Is an invaluable tool for developers doing maintenance on GUI applications, where they first need to understand the windows hierarchy and how the windows are structured.
    HxD-Mael Horz
    Is a carefully designed and fast hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size.
    Is a library to generate and inspect programs and libraries in the ECMA CIL format.
    Is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
    Is a utility to easily refresh embedded resources in a .NET assembly. ResX Schema(*.resX), Embedded Resource(*.resources), Import/Export/View/Edit/Translate embedded resources,  Text/Icon/Bitmap/Cursor/String/ImageListStreamer/PinnedBufferMemoryStream (v4)...
    Is a system utility tool that can scan and analyze your computer to find changed (added, modified or deleted) data into registry and files.
    Is an open source .NET deobfuscator and unpacker written in C#.

    Password to extract is bs




  15. REPT File Compare

    REPT File Compare 0.94c
    Created by Levis/Team REPT

    REPT File compare is small tool that help you compare between 2 files
    and make a list of different byte(s) with its offset. You also can export
    data to file with type of some general programming languages. There are four types
    of languages I added:
    and you can export data to text file, if you want
    Compare speed is very high, with less CPU and RAM used.
    For any suggestions, or complain, or questions... please send me: levintaeyeon[at]live[dot]com
    or contact via our board at: Http://www.team-rept.com
    Thanks for using!


    1 comment


  16. REPT Patch Engine

    Hello everyone!

    I made a new utility for Team Rept called "REPT Patch Engine". As it name says, this patch engine provides you an easy to use interface to make different types of patch in one single executable. Currently it has 3 types of patching method:
    Hex Editor (Offset Patch)
    File Export
    Registry Patch

    This utility is made on .NET. I did NOT put any credit of "Created with REPT Patch Engine" because I wanted to make a new patch engine useful.

    Things to update for next versions:
    Compare files to see the offset of cracked and original file. DONE!
    Add custom skin

    If you need another thing to put on the patch tell me

    I hope you like it and it could be interesting to use. Fell free to use as you want.






    hey guys

    i create a program for serial sniff by vb6

    esc features :

    check crc(automatic)
    unicode string
    small size
    background music
    bypass packers

    and .....

    sorry for my english (im persian)

    enjoy it




  18. Real & Virtual Addresses (R.V.A)

    1- Gives some info about programs PE and sections !!
    2- Converts Virtual to Real and Real to Virtual Offset !!




  19. dirtyJOE

    dirtyJOE - Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files).

    dirtyJOE is free for non-commercial use.

    dirtyJOE is entirely written in C++.

    dirtyJOE is using Python library as a script engine.

    Main features:
    Viewer for: constant pool, methods, fields, attributes
    Editor for: constant pool, bytecode, file header, attributes
    Python scripting for encrypted strings

    Current version: v1.5 (c359)

    Project homepage




  20. Liquid Crack Generator 2

    My very old generic crack generator. Supports skins, music and text scroller by your choice.

    - What does "generic" means?
    - It does not only patch concrete offsets but it's trying to find the same segments into the target app so it might be newer version of the app but the same parts of the code might exist so it cracks them.

    It's very old, I'm uploading it just to share it but if you feel it useful feel free to use it.




  21. PE Location Calculator

    This is a simple utility to convert between ImageBase, VA, RVA & File offset




  22. PE Generator Example Executable

    A small example executable of how PE Generator can be used to construct the backbone for a PE file.

    You can get PE Generator 1.1 here:




    1 comment


  23. ProcessMaster

    A simple process viewer written in MASM and EasyCode




  24. Offset Converter

    Converting Offset to RVA and VA.


    1 comment


  25. Jump to Hex Converter

    Another tool to convert asm jumps to opcodes...




  • Create New...