Hiển thị các bài đăng có nhãn Tools. Hiển thị tất cả bài đăng
Hiển thị các bài đăng có nhãn Tools. Hiển thị tất cả bài đăng

> OllyTTF v1.10 Mod by ttamfree (update 20/02/2010)

Người đăng: http://ttamfree.blogspot.com/ on 20 tháng 2, 2010
Nhãn: , , / Comments: (0)
Author: ttamfree

Phiên bản OllyTTF cập nhật ngày 20/02/2010 bởi ttamfree, bao gồm 629 scrripts và 13 plugins mới nhất, thịnh hành nhất hiện nay. Ngoài ra bộ biểu tượng trong chương trình hoàn toàn được đổi mới cộng với cách phối hợp màu sắc rất sáng và dễ nhìn >> rất đáng sử dụng

OllyTTF download

> OllyTTF v1.10 Mod by ttamfree

Người đăng: http://ttamfree.blogspot.com/ on 26 tháng 1, 2010
Nhãn: , / Comments: (0)
Author: ttamfree

Đây là bản Ollydbg v1.10 được mod lại bởi ttamfree (kèm theo plugins).

OllyTTF Download

> OllyTiper 1.2

Người đăng: http://ttamfree.blogspot.com/ on 15 tháng 1, 2010
Nhãn: / Comments: (0)

Author : Ryokou

OllyTiper is a plugin for OllyDbg v1.10, to improve OllyDbg’s operation. Most of the content from the KanXue patch features the “to Ollydbg increase in operating functions useful shortcut keys,” a text, in which pairs of KanXue and heXer, and other features provide practical recommendations friend expressed his gratitude In addition, the note most of the content is copied from the kanxue’s “to Ollydbg increase in operating functions useful shortcut keys,” a paper and made the appropriate changes, in this in a right kanxue grateful.

1. Disassembly Window
(1) View data
push A480033 / / If you press Shift, then the data window to display the data A480033
mov eax, 401000 / / this line by Shift, the data window to display data on 401,000
mov eax, [401000] / / this line by Shift, the data window to display data on 401,000
mov [ebp-4], esp / / this line press Shift, then the data window to display the value of ebp-4 (note the EIP must point to the current line)
mov eax, [esp +10] / / this line by Shift, the data window to display the value of esp +10 (Note that the EIP must point to the current line)
JNZ 401000 / / this line by Shift, the data window to display data on 401,000

(2) copies of current address
00401092 68 00000080 PUSH 80000000 / / select this going-rate, press Ctrl + X, will address “00,401,092″ copy to the clipboard.

(3) Calculate the size of holding down the CTRL to select data link, and drag the mouse, you can select data to calculate the size of the
———————————————
2. Data Window
(1) Fast positioning
00406000 00 10 40 00 00 00 00 00 00 00 00 00 CA 2E 40 00
^
Move the cursor to “00.104 million” first byte 00, double-click, disassembly window displays 00.406 million, according to SHIFT, disassembly window displays 401,000.

(2) Calculate the size of selecting data and hold in the data window, hold down the left button, drag the column can be prompted to select data to see the start address and end address, and choose the size of the data.
———————————————
3. Stack Window
0012FF44 00401D8A / / double-click, disassemble the window displays the contents of the address 0401D8A; or Shift, Data window displays the contents of the address 0401D8A
0012FF48 00000000

Download here

> AnalyzeThis+ 0.24

Người đăng: http://ttamfree.blogspot.com/
Nhãn: / Comments: (0)

Author: SMK

I made some improvements to AnalyzeThis mainly to analyze a memory section which originally reports “this section is not associated with any module”…..

Sometimes (especially when dealing with packers) you may need to run OllyDbg’s code analysis function, only to find it’s not available to you because the EIP is currently outside the code segment as defined by the PE header. AnalyzeThis! is an OllyDbg plugin to allow OllyDbg’s analysis function to operate outside of the marked code segment, by telling OllyDbg the current segment *is* the code segment.

Caveats: OllyDbg can only store one analysis table, so if you analyze a new segment, it will remove any existing analysis that has been done.

Source code has not been included; not because I don’t want to release it at this time, but because I can’t find it offhand. If you really need it, email me and I’ll look harder for it.

Download here

> ExeInfo PE

Người đăng: http://ttamfree.blogspot.com/ on 8 tháng 1, 2010
Nhãn: , / Comments: (1)
ExeInfo PE là phần mềm miễn phí có công dụng kiểm tra file PE (exe, dll, ocx...) xem các file này được viết bằng ngôn ngữ lập trình nào, có được pack hay hay bảo vệ gì không. Ngoài ra chương trình còn đưa ra những gợi ý về cách thức thao tác với file PE này.



Tùy mục đích sử dụng mà đây là 1 tool không thể thiếu đối với dần IT

ExeInfo PE download
ttamfree

> P32Dasm v2.6

Người đăng: http://ttamfree.blogspot.com/
Nhãn: , / Comments: (0)
Author : Darker

Hi folks, i prepare for you some Christmas gift – new release of P32Dasm. This release add some powerful features that allow you to analyze VB5/6 apps more detailed. More objects/classes are resolved, more procedures are identified with their real names, in some cases of .ocx, .dll files also added parameters with real names and types plus additional information as Enumerators, Constants, Events and Properties. So a lot of work was done here and i hope you enjoy this release. Your best tool for reversing VB5/6 apps is ready to use.

2.6 – [24.12.2009] – Christmas Release
+ Added procedure names identification
+ More objects recognition
+ Added reading more details (Enumerators, Constants, Events and Properties)
+ Added new Events icon for better resolution
+ Internal code tidy up and changes for displaying better debug info
+ More procedures details identified on some strange type apps (NCode)
- Removed displaying of procedure names list in output (moved to real names)
* fixed working of MRU files
* Fixed bug: missing end address in one procedure NCode object
* Fixed some GUI problems when app use visual styles

P32Dasm v2.6 Download