OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Friday, February 17 2012 17:56.08 CST

Direct Link, View / Make / Edit Comments

Virtual Section Dumper v1.0 x86

Author:

NCR

# Views: 3553

Hi All!,

I just want to share my latest tool: VSD x86.

You can get it here: http://code.google.com/p/virtualsectiondumper/

"""
VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits process in many ways. For example, you can dump the entire process and fix it PE Header, dump a given range of memory or even list and dump every virtual section present in the process.
"""

BR,
NCR

Created: Monday, November 29 2010 18:35.02 CST

Modified: Monday, November 29 2010 18:35.49 CST

Direct Link, View / Make / Edit Comments

aadp4olly v0.2

Author:

NCR

# Views: 4544

Hi!,

i want to let you know that a new version of aadp4olly was released (v0.2).

v0.2 (29/11/2010)
--

- added Anti-Antidebugging features for the following tricks:
* BlockInput
* SuspendThread
* UnhandledExceptionFilter
* Process32Next
* Module32Next
* ZwQuerySystemInformation
* ZwQueryObject
* TerminateProcess
* ZwOPenProcess
* FindWindow

- now, the plugin should support XP (ALL), Windows Vista (ALL) and Windows 7 (ALL) OS.

You can download it at: http://code.google.com/p/aadp/

Some bugs still remain from v0.1.3 but will be fixed in v0.3, i'm currently working on it.

BR,
NCR

Created: Tuesday, November 16 2010 13:11.47 CST

Direct Link, View / Make / Edit Comments

aadp4olly

Author:

NCR

# Views: 5361

http://code.google.com/p/aadp/

aadp is a collection of plugins that aims to hide most of the well knowns debuggers from most of anti-debugging techniques.
Latest Changes�
aadp4olly�

Version 0.1.1

    * Fixed a bug when the plugin's window is closed (reported by marciano).

Version 0.1

aadp4olly hide Ollydbg from the following tricks:

    * IsDebuggerPresent (via PEB patching, BeingDebugged flag)
    * NtGlobalFlags
    * HeapFlags
    * GetTickCount
    * ZwQueryInformationProcess
    * ZwSetInformationThread
    * OutputDebugStringA

Created: Thursday, July 8 2010 08:25.54 CDT

Direct Link, View / Make / Edit Comments

FUU v0.1.1b - Minor Release Update

Author:

NCR

# Views: 3402

Hi!,

this email is to let you know about the latest release (minor release) of FUU:

[quote]
v0.1.1 (29/06/2010)
--

- Minor release

fixed bugs:

- Avoid the resize of the main GUI window.
- Fixed an inconsistency between the about showed in the "About" menu and the one showed in the "About" button.
- Fixed the problem with "Refresh" button.
- The open file dialog now has filter strings.
- Editbox is now editable so, you can type the path of the file.

enhancements:

- Updated the TitanEngine library (current version 2.0.3).
- Added a clickable blogspot link and email address.
- Added a save file dialog in every included plugin.
- Added "Drag&Drop" for .exe and .dll files.
- Added a "Copy Overlay Data" button.
- Added "Auto Scroll" to the browse file edit box.

code refactoring:

- Added comments to every function in the main GUI and every plugin (see SVN).
- Added a "GetControlHandles" function (see SVN).
- Improved the way we check for Windows Messages.

new features:

- Added a simple signatures identifier using PETools signatures database (thanks marciano!)
- Added three newer plugins for nPack, Packman and dePack.
[/quote]

BR,
NCR

Archived Entries for NCR

Subject	# Views	Created On
No archived blog entries found.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit