Community Projects Archive

View File Imports Fixer - Legacy Archives This is a complete collection of public and private builds of Imports Fixer (mainly a collection of private builds). I am uploading all of these for posterity reasons before they are deleted and for those people who like to look over this stuff. Most of these old builds will not work on modern Windows OS's and IF is no longer being developed so do not expect them to function correctly. If you need to use an imports fixer I suggest turning to a publically accessible imports builder such as Scylla. It is more feature complete, supports modern OS builds and is open source - so you can fix an…

hi, this mainly is a bug fix release, as I currently don't have enough time pushing stuff... v0.8 -new: 'pack and execute' button in after-patch-created-dialog -fix: exceptions while creating patch into 'visible' folder (desktop or any other folder opended in explorer.exe) -fix: crashes after applying file drop -fix: offset patch dialog file comparison with huge amount of diffs slow/deadlocks -fix: slow comparison of original and patched files in 'offset patch' dialog -fix: packer console output not shown Here we go => uPPP.v0.8.7z ps: keep on posting suggestions and bug reports! greets

Overview:TitanHide is a driver intended to hide debuggers from certain processes.The driver hooks various Nt* kernel functions (using inline hooks at themoment) and modifies the return values of the original functions.To hide a process, you must pass a simple structure with a ProcessID andthe hiding option(s) to enable to the driver. The internal API isdesigned to add hooks with little effort, which means adding featuresis really easy.Features:- ProcessDebugFlags (NtQueryInformationProcess)- ProcessDebugPort (NtQueryInformationProcess)- ProcessDebugObjectHandle (NtQueryInformationProcess)- DebugObject (NtQueryObject)- SystemKernelDebuggerInformation (NtQuerySystemInformat…

Features: -Use of PNG images with multiple levels of transparency -Supports 4 types of patches: offset, search pattern, registry, filedrop -(Sine-)Scroller instead of about box -XM player, custom fonts, custom cursor, custom sh!t,... -Simple encryption of patch-data-resources -Hyperlink function (of target url) Note: To run the GUI you will need the .NET 2.0 Runtime, but not for running a created patch !! Download uPPP v0.5: uPPP_0.5.rar Download 'uPPP GUI Guide': uPPP_Guide.rar Download 'A Skin Guide for uPPP': A_Skin_Guide_for_uPPP.rar Download 3 running examples: Patch_Examples.rar Download additional cursors and fonts (with fixed filenames !!): Cursor_N_Fo…

Hey folks, here comes something not very new but polished up (DLL existed since 2009 but now its usable with the TitanEngine Community Edition) What is TitanScript: TS is a plugin for the TitanEngine debugging framework. It completly implements the famous OllyDbgScript language and even enhances it with TitanEngine commands for things like IAT AutoSearch, fixing etc.. Basically this means you can load and run your beloved OllyDbgScripts with TitanEngine without rewriting them (well ok, few minor tweaks might be necessary) It supports OllyDbgScript up to version 1.77. We might bump that to 1.83 but with no ETA How to "install": - Grab TitanEngine…

lo folks, here's a new version. I've added and changed too much these days, so that there might be new bugs.I'm too lazy to sort it out what has changed since the last beta version.. please checkout the whole changelog again: v0.6 -new: 'Win64' option for all patch types (disables Wow64 redirections on 64 bit systems) to allow proper patching of x64 targets -new: grouping of patch entries via try-next-on-failure functionality.. some examples: a) multiple (future) versions of a target: add multiple search and replace patterns. as soon as 1 pattern hits, the rest of the group ge…

hi, here's another update: v0.7 -new: multiple file drops with same resource -new: combobox 'Execution level': 'requireAdministrator' or 'asInvoker' -new: subfolder 'Tools' in package (uPPP SkinHelper, Upack, pngout, conv2m) --> pngout: best tool for compressing PNGs --> conv2m: for converting .v2m tunes into newer format -new: byte pattern text formats when copying to clipboard: normal, for OllyDbg or for WinHex -fix: anti-aliasing of scroller with ttf fonts on vista/win7 (and XP if font smoothing enabled) Here we go => uPPP.v0.7.7z /EDIT: Here's…

Hello everyone,Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems. Various changes: Fixed hardware breakpoints (various problems in x32 and not working in x64);Fixed memory breakpoints (still needs some checks);Changed exception handling (now only non-debugger-handled exceptions are reported);Fixed TitanEngine64 (never started debugging);Pieces of code rewritten;Fixed DumpPr…

Hi, Imports Fixer 1.5a beta is finally ready for a first public release. You can get it here Fixes and updates since last version : If you want to know what has been done in previous versions, go to history directly in IF (Help -> History) If you want additional information about functionalities, visit my blog here For a more detailed help, see the documentation provided with the release (Help -> Documentation) (please don't consider fully all what is written in the help file as there are some functionalities that are not implemented yet or may never exist, a complete help file will be written within the final public build of IF) A final word, this subforum is for …

Hi all, Whenever I tried to use any import fixer on windows 10 64bit and once the process ID was inserted in the fixer I got this error: Process ID is invalid or Process is Protected I have googled for that but fruitless. Is there any one know how to overcome this issue?

(Sorry, I may have posted this in the wrong section. I believed this is the TitanHide section -.-) Hey. I wanna use TitanHide driver to hide x64dbg/ollydbg from certain protectors. As Reverse Engineering environment I have set up a virtual machine (VMware Workstation 12.1.1 build-3770994) with Windows 7 Professional x64 (SP1). Moreover, I compiled TitanHide myself on my host operating system Windows 10 Pro x64 using Win7 Release configuration and x64 platform without errors or warnings. (used WDK 8.1 Update 1) Since I got an UEFI mainboard I also had to enable Intel VT-x to get the virtual machine to work (idk if this is really important but just lis…

What's the solution?

Hi, I have gathered here some important features that will be included in next version (or future versions). It is a mixture of what testers have reported and wanted to see in IF : You don't find your feature here? Well post your idea and if approved will be added to the list of updates. You can access to the approved update list directly in IF (Help -> Next version update list) I am waiting few days to let time to people to test, report bugs and post ideas. I will begin coding new features very soon, so hurry up Please don't post bug reports in this topic, it is only meant for ideas. SC.

New Imports Fixer v1.5a (Public Beta) by SnD - virus-free. Thanks team SnD for such wonderful tool. Imports Fixer v1.5a (Public Beta).rar

Hello everyone, Here is a small SDK example for TitanEngine Community Edition. It covers far from all features, but enough to get you started. This is the code: #include <windows.h>#include <stdio.h>#include <psapi.h>#include "TitanEngine\TitanEngine.h"PROCESS_INFORMATION* fdProcessInfo;LPVOID lpBaseOfImage;char szDumpName[MAX_PATH]="";static void log(const char* format, ...){ va_list args; va_start(args, format); char msg[1024]=""; vsprintf(msg, format, args); puts(msg);}static void cbOep(){ long long rip=GetContextData(UE_RIP); log("> OEP 0x%llX reached!", rip); log("> Dumping..."); DeleteFileA(szDumpName); //Dump t…

How to Make skins for uPPP ?

Hello everyone!I am trying at the moment to code an unpacker for several different compressors and packers using the TitanEngine Community edition. One of the things which I am trying to do is to set a breakpoint on an API (GetProcAddress). However, my callback code seems to be called only in cases where the breakpoint is placed at the begining of the API : SetAPIBreakPoint("KERNEL32.DLL","GetProcAddress",UE_BREAKPOINT,UE_APISTART,(void*)cbCallBack); If I am change the UE_APISTART with APIEND, the callback never gets called. The thing is that I would need to be able to land somewhere near the end of the API call and return from there. Does anyone know how I can do thi…

Hi, SupperCRacker There is some thing wrong when fixing the dumped file, I set the IAT address RVA manually.("Add new section unchecked") I press the "fix dump" button and choose the dumped file IF can not create the fixed file and not show the messagebox

My uPPP skin collection all worKIng perfect

Hi, You can find here some nice movie tuts made by LCF-AT on how to unpack themida apps using LCF-AT script and using Imports Fixer 1.6 Thanks LCF-AT for the effort of making the videos , indeed very well explained. I want just to add that it is not always necessary to enter manually iat, the auto scan is enough, the only case when you are supposed to add manually iat is on apps that use direct calls and on which you want to preserve the original iat (themida targets for example) and also you can take a look at your iat entries to have an idea about eventual protections (splitted iats, import elmination, ...). Also don't forget to play with rebuilding options in prefe…

Hi, If you are interested in testing private beta versions of IF before public release, please put your name here and if possible your email too (just edit this post or add a reply). If you don't want to make your email public just PM me. I have already a list of testers that tested previous versions, I will post them here, and for any changes please express yourself. ? means I don't have emails of these persons. It will be easier for me to send an email at once to all testers. ! means I am not sure if these persons are willing to continue to be beta testers, please inform me... Cheers, SC

Opening this thread for all discussion and feedback related to the TE update by Mr.Exodia in general to keep other threads more clean. Source: https://bitbucket.org/mrexodia/titanengine-update/overview Issue / Bug Tracker: https://bitbucket.org/mrexodia/titanengine-update/issues Please also create issue tickets there if you have an account.

Hi, Mr.eXoDia I have found a bug in TitanEngine.dll, but this may not be a bug~ __declspec(dllexport) void TITCALL ImporterAutoSearchIATEx(DWORD ProcessId, ULONG_PTR ImageBase, ULONG_PTR SearchStart, LPVOID pIATStart, LPVOID pIATSize); This api definition comes from file"x64dbg-master\x64_dbg_dbg\TitanEngine\TitanEngine.h". the first parameter should not be 'ProcessId' as a 'DWORD', but 'hProcess' as a 'HANDLE' ! The inner routine: ImporterAutoSearchIATEx -> DumpProcessW -> ReadProcessMemory... It(pIATStart) shows nothing when execute script with right parameter, then search a lot, finally got the reason. So this might …

WordBeast's uPPP Skin Guide For people who are new to uppp Soon more guide for making advanced skins PDF file in AttachmentWordBeast.pdf

Hey, Currently the PDF file included in TitanEngine isn't up to date, so the help needs updating. First I converted the PDF file to RTF with UniPDF and then we used word to convert it to DOCX. Attached the current DOCX file. This topic will be updated once I started working on the help. Greetings, Mr. eXoDia PS No copyright harm or whatever intended (ReversingLabs company name is included in the document). TitanEngine - SDK.rar