I wan to share my OllyDbg v2 (shared by Vic) that i used for my RCE hobby :).
Download here:
Regards,
m4n0w4r
I wan to share my OllyDbg v2 (shared by Vic) that i used for my RCE hobby :).
Download here:
Regards,
m4n0w4r
PeStudio is a free tool performing the static investigation of any Windows executable binary. A file being analyzed with PeStudio is never launched. Therefore you can evaluate unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system or leaves anything behind.Among very famous security tools, PeStudio has proudly obtained Rank 4 on the Best 2013 Security Tools.
PeStudio shows Indicators as a human-friendly result of the analyzed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analyzed. The classifications are based on XML files provided with PeStudio. By editing the XML file, one can customize the Indicators shown and their severity. Among the indicators, PeStudio shows when an image is compressed using UPX or MPRESS. PeStudio helps you to define the trustworthiness of the application being analyzed.
PeStudio can query Antivirus engines hosted by Virustotal for the file being analyzed. This feature only sends the MD5 of the file being analyzed. This feature can be switched ON or OFF using an XML file included with PeStudio. PeStudio helps you to determine how suspicious the file being analyzed is.
And more…
Download here:
http://www.winitor.com/tools/PeStudio801.zip
Regards,
Features of release VIII:
Regards,
September 27, 2013 – version 2.01
New version with many new features, among them:
Plugins compiled for OllyDbg 2.01 beta are 100% compatible with v2.01. PDK will be updated… soon…
Preliminary version of Disassembler 2.01 is almost ready. That is, the sources are more or less final but documentation and ready-to-use DLLs are still missing. I release Disasm 2.01 under GPL v3. Commercial licenses are also possible.
Download: http://www.ollydbg.de/odbg201.zip
Author : Deathway (Lo*eXeTools*rd)
This tool will help conversion VirtualOpcodes -> Assembly Instruction restoring the original code of your virtualized Application, the basic engine
was from CodeUnvirtualizer, my other tool
[Features]
– Supports WinLicense/Themida/CodeVirtualizer Cisc Machines
– Supports almost all common opcodes
– Supports CHECK_MACRO_PROTECTION
– Supppots MultiBranch Tech
[Use]
– Right-click on the jump leading to the Virtual Machine Area and press Unvirtualize (If machine isn’t found you have to click again, after checking that the full machine was correctly deofuscated)
[v1.5]
– Fixed Unvirtualize with Jump on CISC machines
– Fixed some errors when handling signed constants on RISC
– Fixed an issue when processing MOVS instrution on CISC machine
– Fixed some inversion data when processing COMM, REGX, REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI)
– Fixed a problem when handling AH CH DH BH registers on COMM2 instructions
– Added MOVSX – MOVZX – XCHG – IMUL – MUL – DIV – IDIV – PUSHFD – POPFD instructions on RISC
– Added CALL [ESP+IMMC] on Cisc Machine
– Added support of dump files on RISC machines
– OreansAssember_Risc.cfg updated
– DLL Support on CISC and RISC machines
There is a fix regarding Risc machines, if you unvirtualized the opcodes, there is a high chance that you obtain the inversed form of this opcodes COMM REGX,REGX (like XOR EDI,ESI was decoded as XOR ESI,EDI). This errrors is fixed on the latest version
DLL support is now avaible, however Risc machines must be initialized first (not a problem, since risc machines are always encrypted).
On both machines, it’s recommended the devirtualization once the eip reach the oep.
Thanks Deathway for sharing his plugin.
Download here: