Community Projects Archive

View File Imports Fixer - Legacy Archives This is a complete collection of public and private builds of Imports Fixer (mainly a collection of private builds). I am uploading all of these for posterity reasons before they are deleted and for those people who like to look over this stuff. Most of these old builds will not work on modern Windows OS's and IF is no longer being developed so do not expect them to function correctly. If you need to use an imports fixer I suggest turning to a publically accessible imports builder such as Scylla. It is more feature complete, supports modern OS builds and is open source - so you can fix an…

Overview:TitanHide is a driver intended to hide debuggers from certain processes.The driver hooks various Nt* kernel functions (using inline hooks at themoment) and modifies the return values of the original functions.To hide a process, you must pass a simple structure with a ProcessID andthe hiding option(s) to enable to the driver. The internal API isdesigned to add hooks with little effort, which means adding featuresis really easy.Features:- ProcessDebugFlags (NtQueryInformationProcess)- ProcessDebugPort (NtQueryInformationProcess)- ProcessDebugObjectHandle (NtQueryInformationProcess)- DebugObject (NtQueryObject)- SystemKernelDebuggerInformation (NtQuerySystemInformat…

(Sorry, I may have posted this in the wrong section. I believed this is the TitanHide section -.-) Hey. I wanna use TitanHide driver to hide x64dbg/ollydbg from certain protectors. As Reverse Engineering environment I have set up a virtual machine (VMware Workstation 12.1.1 build-3770994) with Windows 7 Professional x64 (SP1). Moreover, I compiled TitanHide myself on my host operating system Windows 10 Pro x64 using Win7 Release configuration and x64 platform without errors or warnings. (used WDK 8.1 Update 1) Since I got an UEFI mainboard I also had to enable Intel VT-x to get the virtual machine to work (idk if this is really important but just lis…

Hello everyone,Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems. Various changes: Fixed hardware breakpoints (various problems in x32 and not working in x64);Fixed memory breakpoints (still needs some checks);Changed exception handling (now only non-debugger-handled exceptions are reported);Fixed TitanEngine64 (never started debugging);Pieces of code rewritten;Fixed DumpPr…

Hi all, Whenever I tried to use any import fixer on windows 10 64bit and once the process ID was inserted in the fixer I got this error: Process ID is invalid or Process is Protected I have googled for that but fruitless. Is there any one know how to overcome this issue?

hi, this mainly is a bug fix release, as I currently don't have enough time pushing stuff... v0.8 -new: 'pack and execute' button in after-patch-created-dialog -fix: exceptions while creating patch into 'visible' folder (desktop or any other folder opended in explorer.exe) -fix: crashes after applying file drop -fix: offset patch dialog file comparison with huge amount of diffs slow/deadlocks -fix: slow comparison of original and patched files in 'offset patch' dialog -fix: packer console output not shown Here we go => uPPP.v0.8.7z ps: keep on posting suggestions and bug reports! greets

What's the solution?

Hi, Mr.eXoDia I have found a bug in TitanEngine.dll, but this may not be a bug~ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); This api definition comes from file"x64dbg-master\x64_dbg_dbg\TitanEngine\TitanEngine.h". the first parameter should not be 'ProcessId' as a 'DWORD', but 'hProcess' as a 'HANDLE' ! The inner routine: ImporterAutoSearchIATEx -> DumpProcessW -> ReadProcessMemory... It(pIATStart) shows nothing when execute script with right parameter, then search a lot, finally got the reason. So this might …

Hey folks, here comes something not very new but polished up (DLL existed since 2009 but now its usable with the TitanEngine Community Edition) What is TitanScript: TS is a plugin for the TitanEngine debugging framework. It completly implements the famous OllyDbgScript language and even enhances it with TitanEngine commands for things like IAT AutoSearch, fixing etc.. Basically this means you can load and run your beloved OllyDbgScripts with TitanEngine without rewriting them (well ok, few minor tweaks might be necessary) It supports OllyDbgScript up to version 1.77. We might bump that to 1.83 but with no ETA How to "install": - Grab TitanEngine…

How to Make skins for uPPP ?

I have been trying to code my own pe explorer tool as a learning exercise but have been stuck on how to add a new section to the pe header when there is no space for another section header. I have looked at the functions source code given below and it doesn't seem to deal with this. Why is this? https://bitbucket.org/mrexodia/titanengine-update/src/50379e53e9f3a1d9cf835e37e2fd7cbade61dc6a/TitanEngine/TitanEngine.PE.Section.cpp?at=master#cl-512

Hello everyone!I am trying at the moment to code an unpacker for several different compressors and packers using the TitanEngine Community edition. One of the things which I am trying to do is to set a breakpoint on an API (GetProcAddress). However, my callback code seems to be called only in cases where the breakpoint is placed at the begining of the API : SetAPIBreakPoint("KERNEL32.DLL","GetProcAddress",UE_BREAKPOINT,UE_APISTART,(void*)cbCallBack); If I am change the UE_APISTART with APIEND, the callback never gets called. The thing is that I would need to be able to land somewhere near the end of the API call and return from there. Does anyone know how I can do thi…

Hello everyone, Here is a small SDK example for TitanEngine Community Edition. It covers far from all features, but enough to get you started. This is the code: #include <windows.h>#include <stdio.h>#include <psapi.h>#include "TitanEngine\TitanEngine.h"PROCESS_INFORMATION* fdProcessInfo;LPVOID lpBaseOfImage;char szDumpName[MAX_PATH]="";static void log(const char* format, ...){ va_list args; va_start(args, format); char msg[1024]=""; vsprintf(msg, format, args); puts(msg);}static void cbOep(){ long long rip=GetContextData(UE_RIP); log("> OEP 0x%llX reached!", rip); log("> Dumping..."); DeleteFileA(szDumpName); //Dump t…

Hey, I spent some time reading through the source. I am not a huge fan of it, but i guess we'll have to work with what we have. I forked the project, because i havnt used bitbucket before and didnt want to break anything. A pull request has been issued to exodia, the first batch of fixes should be trivial. I have also created a couple of "issues" on the original repo. Once the pull request has been merged, i'll continue to shoot bugfixes into the bug fix branch, which can then be merged to master, after a second pair of eyes singed off on it. Several points: - NULL should only be used for pointers, we should use 0 for normal int variables. - poi…

Hey, Currently the PDF file included in TitanEngine isn't up to date, so the help needs updating. First I converted the PDF file to RTF with UniPDF and then we used word to convert it to DOCX. Attached the current DOCX file. This topic will be updated once I started working on the help. Greetings, Mr. eXoDia PS No copyright harm or whatever intended (ReversingLabs company name is included in the document). TitanEngine - SDK.rar

Opening this thread for all discussion and feedback related to the TE update by Mr.Exodia in general to keep other threads more clean. Source: https://bitbucket.org/mrexodia/titanengine-update/overview Issue / Bug Tracker: https://bitbucket.org/mrexodia/titanengine-update/issues Please also create issue tickets there if you have an account.

WordBeast's uPPP Skin Guide For people who are new to uppp Soon more guide for making advanced skins PDF file in AttachmentWordBeast.pdf

Features: -Use of PNG images with multiple levels of transparency -Supports 4 types of patches: offset, search pattern, registry, filedrop -(Sine-)Scroller instead of about box -XM player, custom fonts, custom cursor, custom sh!t,... -Simple encryption of patch-data-resources -Hyperlink function (of target url) Note: To run the GUI you will need the .NET 2.0 Runtime, but not for running a created patch !! Download uPPP v0.5: uPPP_0.5.rar Download 'uPPP GUI Guide': uPPP_Guide.rar Download 'A Skin Guide for uPPP': A_Skin_Guide_for_uPPP.rar Download 3 running examples: Patch_Examples.rar Download additional cursors and fonts (with fixed filenames !!): Cursor_N_Fo…

Hi, SupperCRacker There is some thing wrong when fixing the dumped file, I set the IAT address RVA manually.("Add new section unchecked") I press the "fix dump" button and choose the dumped file IF can not create the fixed file and not show the messagebox

My uPPP skin collection all worKIng perfect

hi, here's another update: v0.7 -new: multiple file drops with same resource -new: combobox 'Execution level': 'requireAdministrator' or 'asInvoker' -new: subfolder 'Tools' in package (uPPP SkinHelper, Upack, pngout, conv2m) --> pngout: best tool for compressing PNGs --> conv2m: for converting .v2m tunes into newer format -new: byte pattern text formats when copying to clipboard: normal, for OllyDbg or for WinHex -fix: anti-aliasing of scroller with ttf fonts on vista/win7 (and XP if font smoothing enabled) Here we go => uPPP.v0.7.7z /EDIT: Here's…

Greetings, I am making a patcher of some sort, it would act as a keygen except the the way i'm doing it is the user won't have to enter the data. My question: (related to the .reg file) (.reg) . I have no idea but ofc once told I can find my way, Thanks. So does anyone here know what to enter for a .reg file the .reg file example: I enter lets say for example 50 keys (keys = 10 car ) . thanks. (image example) Thank You.

lo folks, here's a new version. I've added and changed too much these days, so that there might be new bugs.I'm too lazy to sort it out what has changed since the last beta version.. please checkout the whole changelog again: v0.6 -new: 'Win64' option for all patch types (disables Wow64 redirections on 64 bit systems) to allow proper patching of x64 targets -new: grouping of patch entries via try-next-on-failure functionality.. some examples: a) multiple (future) versions of a target: add multiple search and replace patterns. as soon as 1 pattern hits, the rest of the group ge…

New Imports Fixer v1.5a (Public Beta) by SnD - virus-free. Thanks team SnD for such wonderful tool. Imports Fixer v1.5a (Public Beta).rar

Hi, I have gathered here some important features that will be included in next version (or future versions). It is a mixture of what testers have reported and wanted to see in IF : You don't find your feature here? Well post your idea and if approved will be added to the list of updates. You can access to the approved update list directly in IF (Help -> Next version update list) I am waiting few days to let time to people to test, report bugs and post ideas. I will begin coding new features very soon, so hurry up Please don't post bug reports in this topic, it is only meant for ideas. SC.