OpenRCE: Blog

Virtual Section Dumper v1.0 x86

Fri, 17 Feb 2012 17:56:08 -0600

Hi All!,

I just want to share my latest tool: VSD x86.

You can get it here: http://code.google.com/p/virtualsectiondumper/

"""
VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits process in many ways. For example, you can dump the entire process and fix it PE Header, dump a given range of memory or even list and dump every virtual section present in the process.
"""

BR,
NCR

aadp4olly v0.2

Mon, 29 Nov 2010 18:35:02 -0600

Hi!,

i want to let you know that a new version of aadp4olly was released (v0.2).

v0.2 (29/11/2010)
--

- added Anti-Antidebugging features for the following tricks:
* BlockInput
* SuspendThread
* UnhandledExceptionFilter
* Process32Next
* Module32Next
* ZwQuerySystemInformation
* ZwQueryObject
* TerminateProcess
* ZwOPenProcess
* FindWindow

- now, the plugin should support XP (ALL), Windows Vista (ALL) and Windows 7 (ALL) OS.

You can download it at: http://code.google.com/p/aadp/

Some bugs still remain from v0.1.3 but will be fixed in v0.3, i'm currently working on it.

BR,
NCR

aadp4olly

Tue, 16 Nov 2010 13:11:47 -0600

http://code.google.com/p/aadp/

aadp is a collection of plugins that aims to hide most of the well knowns debuggers from most of anti-debugging techniques.
Latest Changes¶
aadp4olly¶

Version 0.1.1

    * Fixed a bug when the plugin's window is closed (reported by marciano).

Version 0.1

aadp4olly hide Ollydbg from the following tricks:

    * IsDebuggerPresent (via PEB patching, BeingDebugged flag)
    * NtGlobalFlags
    * HeapFlags
    * GetTickCount
    * ZwQueryInformationProcess
    * ZwSetInformationThread
    * OutputDebugStringA

FUU v0.1.1b - Minor Release Update

Thu, 08 Jul 2010 08:25:54 -0500

Hi!,

this email is to let you know about the latest release (minor release) of FUU:

[quote]
v0.1.1 (29/06/2010)
--

- Minor release

fixed bugs:

- Avoid the resize of the main GUI window.
- Fixed an inconsistency between the about showed in the "About" menu and the one showed in the "About" button.
- Fixed the problem with "Refresh" button.
- The open file dialog now has filter strings.
- Editbox is now editable so, you can type the path of the file.

enhancements:

- Updated the TitanEngine library (current version 2.0.3).
- Added a clickable blogspot link and email address.
- Added a save file dialog in every included plugin.
- Added "Drag&Drop" for .exe and .dll files.
- Added a "Copy Overlay Data" button.
- Added "Auto Scroll" to the browse file edit box.

code refactoring:

- Added comments to every function in the main GUI and every plugin (see SVN).
- Added a "GetControlHandles" function (see SVN).
- Improved the way we check for Windows Messages.

new features:

- Added a simple signatures identifier using PETools signatures database (thanks marciano!)
- Added three newer plugins for nPack, Packman and dePack.
[/quote]

BR,
NCR