Leaderboard

A basic .NET loader stub used as a learning project. Goal: unpack and extract the real .NET app.

OllyDbg moded for ExeCryptor & THEMIDA Add the possibility of deleting all points of stopping Remove all breakpoints Auto path UDD & plugin Reference search directly from the toolbar Show offset in status bar Amendment to show the number of additions to the list Additions located 1 - advancedolly.dll 2 - analyzethis.dll 3 - API_Break.dll 4 - bookmarks2.dll 5 - cmdbar.dll 6 - HideOD.dll 7 - NonaWrite.dll 8 - ODbgScript.dll 9 - OllyBugfix.dll 10 - OllyDump.dll 11 - OllyMoreMenu.dll 12 - PhantOm.dll 13 - Poison.dll 14 - ustrref.dll 15 - StrongOD.dll This amendment took me time so there is no difference between them and the original They accept each others additions modified Do not forget pray for me and my family

A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration 10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick 11. Intermediate patching using Olly's "pane window" 12. Guiding a program by multiple patching. 13. The use of API's in software, avoiding doublechecking tricks 14. More difficult schemes and an introduction to inline patching 15. How to study behaviour in the code, continued inlining using a pointer 16. Reversing using resources 17. Insights and practice in basic (self)keygenning 18. Diversion code, encryption/decryption, selfmodifying code and polymorphism 19. Debugger detected and anti-anti-techniques 20. Packers and protectors : an introduction 21. Imports rebuilding 22. API Redirection 23. Stolen bytes 24. Patching at runtime using loaders from lena151 original 25. Continued patching at runtime & unpacking armadillo standard protection 26. Machine specific loaders, unpacking & debugging armadillo 27. tElock + advanced patching 28. Bypassing & killing server checks 29. Killing & inlining a more difficult server check 30. SFX, Run Trace & more advanced string searching 31. Delphi in Olly & DeDe 32. Author tricks, HIEW & approaches in inline patching 33. The FPU, integrity checks & loader versus patcher 34. Reversing techniques in packed software & a S&R loader for ASProtect 35. Inlining inside polymorphic code 36. Keygenning 37. In-depth unpacking & anti-anti-debugging a combination packer / protector 38. Unpacking continued & debugger detection by DLL's and TLS 39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2 40. Obfuscation and algorithm hiding

The Entry Point is virtualized. 2 Parts of the codes are also virtualized. [Your Mission] Just unpack this file and make it run well without any errors or termination. No devirtualiztion are necessary.

After a longer time I created a new SnD - version 2.2 - by request from our board member DMichael. Normally I still do not like to use Olly 2 version [many basic features missing / changed etc] but anyway... I have taken some time to create all patches in OllyDbg 2.01h like in my older version + some little more checks etc. So now you can use this version with Windows 8 [testing done by DMichael - thanks again] without any problems. If there are any problems with ASLR (for example) then you will get a message with info about the problem and what to do. I also changed the look a little, maybe you like it as I do. All is ready to go and is setup by me [.ini file like I prefer] so that you can start directly after unpacking the .rar file. Some information can be read in the info text file. Have fun with the new 2.2 version [odbg201h] and post some feedback on the board if you like it or if there is any problem. Modifications: Added PEB Hide patch Added ZWQIP patch Changed OllyDBG names Changed CPU Added SnD patch section where you can see my patches Added some new resources Added manifest for XP style [just rename manifest if you get problem to use it on other OS etc] Added quick origin pop if you press the "C" button Added Win7 | Win8 support only with static original base of SnD 2.2 Added quick self check of loaded SnD 2.2 base. If not original or a problems comes at startup then you get info message Setup of SnD .ini file + color-scheme So all was again patched like in my older SnD 2.0 / 2.1 versions plus some more checks and different patching ways of the intern ZWQIP API. Testing by me on XP SP3. Testing by DMichael on Windows 8. Thanks again. Info: If you want to use int3 breakpoints instead of HWBPs [Debugging Options] then do not set a HWBP on ZWQIP API before you did stop at TLS or EP. Don't set the HWBP at systemBP. Int3 + HWBP on ZWQIP before TLS or EP = No API patch! Int3 + No HWBP on ZWQIP before TLS or EP = Ok HWBP + HWBP = All ok no problems. Just keep this info in your mind if you wanna change the option. Info: So I also insert the original Olly version which you will also need to read all plugins so that you don't need to change the OllyDBG.exe to SND.exe name in the plugins itself.

Virtualization is being widely adopted in today's computing systems. Its unique security advantages in isolating and introspecting commodity OSes as virtual machines (VMs) have enabled a wide spectrum of applications. However, a common, fundamental assumption is the presence of a trustworthy hypervisor. Unfortunately, the large code base of commodity hypervisors and recent successful hypervisor attacks (e.g., VM escape) seriously question the validity of this assumption. In this paper, we present HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control-flow integrity. Specifically, we propose two key techniques. The first one "non-bypassable memory lockdown" reliably protects the hypervisor's code and static data from being compromised even in the presence of exploitable memory corruption bugs (e.g., buffer overflows), therefore successfully providing hypervisor code integrity. The second one "restricted pointer indexing" introduces one layer of indirection to convert the control data into pointer indexes. These pointer indexes are restricted such that the corresponding call/return targets strictly follow the hypervisor control flow graph, hence expanding protection to control-flow integrity. We have built a prototype and used it to protect two open-source Type-I hypervisors: BitVisor and Xen. The experimental results with synthetic hypervisor exploits and benchmarking programs show HyperSafe can reliably enable the hypervisor self-protection and provide the integrity guarantee with a small performance overhead.

This is my version of OllyDBG. I removed all useless plugins and put my preferred ones, and also I set-up a good configuration. With it you should be able to load any protected file (Themida for example). Sometimes you have to change some options inside plugins (with Obsidium for example), but the current setting is good in 90% of cases. It has also a more advanced loaddll.exe that allows you to load dll's in different memory locations, so you can rebuild relocations in an easy way.

This engine isn't intentionally called ExeCryptor Edition its actually called ODbyDYK (after the author) but since its been commonly used for ExeCryptor and more generally known as such thats how I've named it here. I think there has been quite a few modifications to it but not being Chinese I'm unable to read and understand the information within the archive correctly to discover exactly what. Maybe a native or Chinese literate person could pass on to me further details about this engine or translate the included .txt file for me, please.

A version of OllyDbg specifically modified to allow debugging of Themida protected applications. Functions: 1.Hide IsDebuggerPresent 2.Hide NtGlobalFlag 3.Hide ProcessHeapFlag 4.Patch ZwQueryInformationProcess (==patch UnhandledExceptionFilter) 5.Patch ZwSetInformationThread 6.Patch CheckRemoteDebuggerPresent 7.Patch OutputDebugStringA 8.Anti heap-checking (For themida1.9.5.0) V1.02: ! Fixed the bug of patching ZwSetInformationThread (For themida 1.9.5.0) + ADD heap-checking. Debug themida1.9.5 1.Modify window caption in the file ollydbg.exe (CPU,OLLYDBG...) 2.Click "Hide ALL" (choose HideDBG plugin)

It is a version of "Emergency" is the basics to make a good crackeo, this is a package "Reduced", but I want to make portable versions of several programs, and As ultraedit and others that require installation and makes heavy. THIS OLLYSND PORTABLE NOT NEED CONFIGURARSE, THE ROUTE OF THIS PLUGINS AUTO-CONFIGURADA. So he can run from anywhere without the need to change Nothing is prepared and ready for use.