Jump to content
Tuts 4 You


  1. Teddy Rogers

    Teddy Rogers


    • Points


    • Content Count


  2. Trong



    • Points


    • Content Count


  3. Skarz


    Full Member

    • Points


    • Content Count


  4. Tracer


    Full Member

    • Points


    • Content Count


Popular Content

Showing content with the highest reputation since 07/09/2019 in Files

  1. 2 points


    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration 10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick 11. Intermediate patching using Olly's "pane window" 12. Guiding a program by multiple patching. 13. The use of API's in software, avoiding doublechecking tricks 14. More difficult schemes and an introduction to inline patching 15. How to study behaviour in the code, continued inlining using a pointer 16. Reversing using resources 17. Insights and practice in basic (self)keygenning 18. Diversion code, encryption/decryption, selfmodifying code and polymorphism 19. Debugger detected and anti-anti-techniques 20. Packers and protectors : an introduction 21. Imports rebuilding 22. API Redirection 23. Stolen bytes 24. Patching at runtime using loaders from lena151 original 25. Continued patching at runtime & unpacking armadillo standard protection 26. Machine specific loaders, unpacking & debugging armadillo 27. tElock + advanced patching 28. Bypassing & killing server checks 29. Killing & inlining a more difficult server check 30. SFX, Run Trace & more advanced string searching 31. Delphi in Olly & DeDe 32. Author tricks, HIEW & approaches in inline patching 33. The FPU, integrity checks & loader versus patcher 34. Reversing techniques in packed software & a S&R loader for ASProtect 35. Inlining inside polymorphic code 36. Keygenning 37. In-depth unpacking & anti-anti-debugging a combination packer / protector 38. Unpacking continued & debugger detection by DLL's and TLS 39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2 40. Obfuscation and algorithm hiding
  2. 2 points

    Version v1.1 & v2.0 & Sh


    OllyDbg with Plugin + OllyDBG v1.1 + OllyDBG v2.0.1 + OllyDBG Shadow GUI with Vic Plug-In Enjoy !
  3. 1 point

    Version 1.7


    REPT KeyGen Maker is an utility to make keygens easily without having a programming knowledges. Please report any bug/improve to make it better This is currently done in .NET so will need .NET Framework 3.5 or higher. Thanks for download it!
  4. 1 point

    Version 11.10.2017


    When using OllyDbg as a portable version (e.g. on an USB stick) there are always problems with the UDD/Plugin path not being set correctly. The features: DLL, which sets Plugins, UDD and win32.hlp paths automatically Dummy export so it's easy to add the DLL to your olly mod Open source Attached is DLL + Source, I hope it's useful for somebody. Feel free to modify to your needs, just credit where you think it's needed. P.S. To add the DLL to your mod: Use CFF explorer to add the import "dummy" (which does nothing) to ollydbg.exe, this will execute the DllMain function (which can be considered illegal) and set the paths in the INI file. OllyPath2.dll must be in the same directory than ollydbg.exe
  5. 1 point


    This is a complete archive (site rip) of all files on Tuts 4 You as of July 2011 except for the malware samples - you will need to download these directly from Tuts 4 You. I have created the torrent as directories and files rather than one archive which gives you the option to download files individually or in categories. The entire collection is 3.69 GB of which some sections may be of little interest to some but you have the option of downloading what you want. This collection will be updated annually so please check at the following link for the official and up-to-date torrent file. Base 32 Hash-ID magnet:?xt=urn:btih:slpgvubkpp4dyhxbaxpmogludkgmw7wi Base 16 Hash-ID magnet:?xt=urn:btih:92DE6AD02A7BF83C1EE105DEC719741A8CCB7EC8 Please remember to seed the torrent and help share the knowledge within the reversing community. I hope this satisfies the leechers, thank you! Tuts 4 You - Collection 2011.md5
  6. 1 point


    Today I release - finally - the series of unpacking tutorials about manually unpacking The Enigma Protector. I will discuss all protections of Enigma which are fully detailed as possible. I have to say thanks to LCF-AT, she helped me a lot with this. Introduction ~ 9:28 Unpacking with patterns ~ 33:03 Finding patch-places without patterns ~ 19:56 Dealing with SDK API's & Custom Emulated API's ~ 28:23 Internal & External VM's (Using Plugin) ~ 5:40 Enigma's Registration Scheme ~ 15:37 EN-DE-Cryption ~ 33:21 Inline patching + Final Words ~ 11:56
  7. 1 point

    Version 1.8


    OllyExt is a plugin for Olly 2.xx debugger. The main intention of this plugin is to provide the biggest anti-anti debugging features and bug fixes for Olly 2.xx. VMProtect support! The currently available commands are the following: Code Rip to Clipboard Code Rip to Clipboard Recursive Data Rip to Clipboard Signature Rip to Clipboard The currently supported protections are the following: IsDebuggerPresent NtGlobalFlag HeapFlag ForceFlag CheckRemoteDebuggerPresent OutputDebugString NtClose SeDebugPrivilege BlockInput ProcessDebugFlags ProcessDebugObjectHandle TerminateProcess NtSetInformationThread NtQueryObject FindWindow NtOpenProcess Process32First Process32Next ParentProcess GetTickCount timeGetTime QueryPerformanceCounter ZwGetContextThread NtSetContextThread KdDebuggerNotPresent KdDebuggerEnabled NtSetDebugFilterState ProtectDRX HideDRX DbgPrompt CreateThread NtSystemDebugControl Custom ( Write your own ) The currently supported bug fixes are the following: Caption change Kill Anti-Attach ( dll integrity check ) Requirements: Microsoft Visual C++ 2010 Redistributable Package (x86) OS support: Windows XP Windows Server 2003 R2 Windows Server 2008 R2 Windows 7 Windows Server 2012 Windows 8 Windows Server 2012 R2 Windows 8.1 Limitations: Because of missing PDK function data ripping is ONLY on 2.01 latest supported If you have any problem just notify me.
  8. 1 point

    Version 1.1


    Improved LoadDLL for use with OllyDbg. It uses LoadLibraryEx with DONT_RESOLVE_DLL_REFERENCES to load the dll without calling DllMain.
  9. 1 point


    A x86/Win32 reverse engineering cheat-sheet.
  10. 1 point


    This tutorial will explain how to use the Execute Till User Code function to trace MessageBoxes in Delphi, which is a little different than other programming languages. I try to explain it in a way beginners can understand it! I hope you will enjoy this tutorial, and that will come in handy once!
  11. 1 point


    This is my 2nd tutorial for BiW-Reversing that will discuss about MUP with ollydbg + ollydump. BTW, my 2nd tute should be about the truth lies behind a keygen. But i need more time to get as much as ideas to discuss about it deeply. For this tute, i just want to unpack UPXed file and as a bonus, FSG 1.33 packed one. I assume the reader has a little knowledge about PE like Entry Point (EP), Original Entry Point (OEP) in packed PE executables. BTW, I want to recommend you to read 'Peering Inside the PE: A Tour of the Win32 Portable Executable File Format' by Matt Pietrek, but other manual/docs about PE also recommended to read (and to learn too).
  12. 1 point


    This project I made by myself, because I needed to constantly consult the opcodes to several of the assembly codes at the same time, wasting my attention from what I really needed to accomplish. Now with only one opened window I have access to all opcodes that I use when I am working in reversing engineering or developing, I hope it is useful for you. If you have some opcode that you want that I place in this help file, please send the text file. Intel 8086 Family Microsoft .NET Java SQLite
  13. 1 point


    The default windows API functions to load external libraries into a program (LoadLibrary, LoadLibraryEx) only work with files on the filesystem. It's therefore impossible to load a DLL from memory. But sometimes, you need exactly this functionality (e.g. you don't want to distribute a lot of files or want to make disassembling harder). Common workarounds for this problems are to write the DLL into a temporary file first and import it from there. When the program terminates, the temporary file gets deleted. In this tutorial, I will describe first, how DLL files are structured and will present some code that can be used to load a DLL completely from memory - without storing on the disk first.
  14. 1 point


    I created a video tutorial where you can see how to use my script. I also added some UnpackMe's which you can also test. If something not works then post a reply in my topic.
  15. 1 point


    A premier collection of articles compiled by Fly from the now defunct UnPack China forum dated in 2007. Note that most of the content contained in this compilation is in Chinese, you may need to use a translator to fully understand some of the information it contains.
  16. 1 point


    A quick video tutorial on keygenning TccT KeygenMe #2 by Tarequl.
  17. 1 point


    Video tutorial on keygenning Kurapica KeygenMe 2011.
  18. 1 point


    A Shockwave Flash movie tutorial showing a method of keygenning Kurapica's CrackMe #15. It includes the source code for the keygen.
  19. 1 point


    A video tutorial on keygenning CloneTrone KeygenMe #1.
  20. 1 point


    A video tutorial on keygenning BadSector CrackMe #1.
  21. 1 point


    I made a video presenting an interesting keygenme. In this video you can see what is done and how is done to reverse a keygenme. If is too fast please press pause. Steps: 1. Running for the first time the keygenme 2. Detecting protection 3. Unprotecting 4. Analyse of the algo 5. Creating the keygen in VB. NET Express 2010 6. Bug testing 7. Finalising keygen 8. Testing keygen Hope someone will find this useful.
  22. 1 point


    RSA Tutorial 01 - Keygenning RSA RSA Tutorial 02 - Serial Fishing RSA RSA Tutorial 03 - How to Find RSA Primes
  23. 1 point


    A Shockwave Flash movie tutorial showing a method of keygenning a simple KeygenMe. Example code is in Delphi.
  24. 1 point


    MD5 Keygenning (Part 1) MD5 Keygenning (Part 2)
  25. 1 point


    The goal of this project is to create a .NET decompiler. Decompiler is a tool that translates machine code back to source code. That is, it does the opposite of a compiler – it takes the executable file and it tries to recreate the original source code. In general, decompilation can be extremely difficult or even impossible. Therefore this project focuses on something slightly simpler – decompilation of .NET executables. The advantage of .NET executables is that they consist of processor independent bytecode which is easier to decompile then the traditional machine code because the instructions are more high level and the code is less optimized. The .NET executables also preserve a lot of metadata about the code like type information and method names. Note that despite its name, the .NET Framework is unrelated to networking or the Internet and it is basically the equivalent of Java Development Kit. To succeed, the produced decompiler is required to successfully decompile a console implementation of a quick-sort algorithm back to C# source code.
  26. 1 point


    This article is the obvious culmination of the previous effort of writing the Rebel.NET application and the first of a two series of articles about the .NET framework internals and the protections available for .NET assemblies. The next article will be about .NET native compiling. As the JIT inner workings haven't been analyzed yet, .NET protections are quite naïf nowadays. This situation will rapidly change as soon as the reverse engineering community will focus its attention on this technology. These two articles are aimed to raise the consiousness about the current state of .NET protections and what is possible to achieve but hasn't been done yet. In particular, the current article about .NET code injection represents, let's say, the present, whereas the next one about .NET native compiling represents the future. What I'm presenting in these two articles is new at the time I'm writing it, but I expect it to become obsolete in less than a year. Of course, this is obvious as I'm moving the first steps out from current .NET protections in the direction of better ones. But this article isn't really about protections: exploring the .NET framework internals can be useful for many purposes. So, talking about protections is just a means to an end.
  27. 1 point


    In patching .Net, you could disassemble/decompile the executable with ildasm and when done patching you would assemble/compile it again with ilasm. In this tutorial I will show you how to patch the executable with hex editor.
  28. 1 point


    .NET Reversing Tips - Chapter 1 .NET Reversing Tips - Chapter 2 .NET Reversing Tips - Chapter 3 .NET Reversing Tips - Chapter 4 .NET Reversing Tips - Chapter 5 .NET Reversing Tips - Chapter 6
  29. 1 point


    Decompilation is the process of converting executable binary code ready for execution on a physical or virtual machine into comprehensible high-level language code. Typically compilation has been to the instructions executed by the CPU of the target architecture, e.g. x86, ARM etc. Another possibility is to compile to an intermediate 'virtual machine', which then interprets each instruction one at a time or compiles it to the underlying machine code in a process known a Just In Time compilation (JIT). One of the earliest examples of this is the O-code machine, developed by Martin Richards in the late 1960s to give platform independence to BCPL. The most prevalent example of this sort of virtual machine in existence today is the Java Virtual Machine (JVM), written by Sun Microsystems to execute intermediate code compiled from their Java language. When a program is compiled to the machine instructions of the underlying architecture, it becomes very difficult for someone to understand the code if they only have the binary — this is after all the whole reason compilers exist. Decompilation is the process of converting a binary back to some high-level language, although not necessarily the same language that the code was compiled from. Compilation almost always loses information such as local variable names and explicit identification of control structures. As well as this many compilers perform optimisations which cause the compiled code to bear even less resemblance to the original code. For example, loop unrolling is a technique used to remove the number of branches a program must make.
  30. 1 point


    Sometimes after you manual unpack a .NET program when you run the program will complain that some dlls are missing, we simply get .NET dlls using a .NET Generic Unpacker (also we could dump the memory of them from Olly) while native dlls are still missing. This tutorial will teach you how to dump native dlls from any .NET packed program. The basic rule: we should stop when the dll is under memory and we should dump the dll before is executed the entry point of him; is not absolutely necessary to stop exactly at entry point of dll.
  31. 1 point


    This easy tutorial will teach you how to unpack various DotNet packed files.
  32. 1 point


    As you know, the main purpose of using packers was to decrease the size of executable files, but nowadays most of packers are protectors too! For 32bit packed executables, reversers usually use OllyDbg to unpack them, but OllyDbg is only able to debug 32bit PE files. So what we can do in case of .NET targets? In this short article you'll see how to unpack .NET EXEs in few steps using great OllyDbg. Believe me, it's piece a cake.
  33. 1 point


    Anti-unpacking tricks can come in different forms, depending on what kind of unpacker they want to attack. The unpacker can be in the form of a memory-dumper, a debugger, an emulator, a code-buffer, or a W-X interceptor. It can be a tool in a virtual machine. There are corresponding tricks for each of these, and they will be discussed separately. - A memory-dumper dumps the process memory of the running process, without regard to the code inside it. - A debugger attaches to the process, allowing single-stepping, or the placing of breakpoints at key locations, in order to stop execution at the right place. The process can then be dumped with more precision than a memory-dumper alone. - An emulator, as used within this paper, is a purely software-based environment, most commonly used by anti-malware software. It places the file to execute inside the environment and watches the execution for particular events of interest. - A code-buffer is similar to, but different from, a debugger. It also attaches to a process, but instead of executing instructions in-place, it copies each instruction into a private buffer and executes it from there. It allows fine- grained control over execution as a result. It is also more transparent than a debugger, and faster than an emulator. - A W-X interceptor uses page-level tricks to watch for write-then-execute sequences. Typically, an executable region is marked as read-only and executable, and everything else is marked as read-only and non-executable (or simply non-present, depending on the hardware capabilities). Then the code is allowed to execute freely. The interceptor intercepts exceptions that are triggered by writes to read-only pages, or execution from non-executable or non-present pages. If the hardware supports it, a read-only page will be replaced by a writable but non-executable page, and the write will be allowed to continue. Otherwise, the single-step exception will be used to allow the write to complete, after which the page will be restored to its non-present state. In either case, the page address is kept in a list. In the event of exceptions triggered by execution of non-executable or non-present pages, the page address is compared to the entries in that list. A match indicates the execution of newly-written code, and is a possible host entrypoint.
  34. 1 point


    Anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target binary. Within this paper we will present a number of the known methods of anti-debugging in a fashion that is easy to implement for a developer of moderate expertise. We will include source code, whenever possible, with a line by line explanation of how the anti-debugging technique operates. The goal of the paper is to educate development teams on anti-debugging methods and to ease the burden of implementation.
  35. 1 point


    The Immortal Descendants started out as members of an IRC group on irc.prodigy.net called "Deadmen.Society" way back in 1995. As we gained skills, we realized that there were better, and more productive ways to spend our time. We (TR0YB0Y, Volatility, Raven, Mortis, Yakuza) left the Deadmen.Society and formed a new group, with new principles and theologies under the name "Immortal Descendants". Our goal for this new group, was a collective for friends to learn, and showcase their talent together. Things were good for awhile, but people lost interest, and three of the founding members, Yakuza, Raven And Mortis disappeared. TR0YB0Y and Volatility kept things running for a while, but eventually "REAL LIFE" caught up with them. March 1998, The Immortal Descendants Were No More. ...Seven months later... Volatility signed back online, and regained interest while looking through the old site. What you see now, is a "re-birth" of the Immortal Descendants. We've come a long way since the old lame IRC group days, to become a premiere knowledge group. Update 10-23-2001. Sadly as interest waned, The Immortal Descendants have moved forward onto other endeavors. Treasure this knowledge, expand on it, be inspired to share your knowledge with others.
  36. 1 point

    Version 0.0.1


    Thx all guys for creating AT4RE - my crazy skin "The Game"
  37. 1 point

    Version 1.0.0


    Hello friends. I try to prepare a classic logo for the forum. -Feel free to use in your projects or documents. I hope you will like it. note:Source file only xcf format. for GIMP. sory for photoshop users. Detailed previw ( click to support button in forum page.)
  38. 1 point


    Turntableized Skin...
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
  • Create New...