Bit Detector v2.8.5.6 & ExeInfoPe v0.0.3.1

Exeinfo PE is a software that you can use to view various information on any executable file.

This product is portable, so installation is not necessary. It means that your Windows registry entries will remain intact but that you can also place the tool on a removable device and run it on any computer.

The user interface of Exeinfo PE is based on a small, standard window in which you can insert an EXE or DLL file by using the file browser or the “drag and drop” method.

So, you can view the entry point, file offset, linker information, file size, EP section, first bytes, sub-system and overlay. But you can also input HEX data to look into BIN information.

In addition, you can open a section viewer in which you can check out each virtual offset and size, RAW data offset and size, flags, name, first bytes (in HEX mode) and section status (executable, readable, writable).

Continue Reading

Armadillo V6.X Minimum Protection 【脱壳】

话说这个东西是前天拿到的,但是当时在家,东西也不全。平直接感觉是加壳了。去peid官方下载了个没有更新特征库的报了个什么都没发现,晕死。

今天重新查壳发现是Armadillo V6.X Minimum Protection -> Silicon Realms Toolworks * Sign.By.fly * 20081227 *,脱壳后发现程序是用bc++写的:

这个文章网上有的,这里只是做个类似笔记的东西,没别的用处(文章本身就是依样画葫芦。)。

Continue Reading

MEW 11 1.2 -> NorthFox/HCC 脱壳脚本

//////////////////////////////////////////////////
//  FileName    :  MEW 11 V1.0-V1.2.osc
//  Comment     :  MEW 11 V1.0-V1.2 OEP Find
//  Environment :  WinXP SP2,OllyDbg V1.10,OllyScript V0.92
//  Author      :  fly
//  WebSite     :  http://www.unpack.cn
//  Date        :  2005-10-03 20:30
//////////////////////////////////////////////////
#log

MSGYN "Plz Clear All BreakPoints  And  Set Debugging Option Ignore All Excepions Options  !"
cmp $RESULT, 0
je TryAgain

//GameStart――――――――――――――――――――――――――――――――

sti
find eip, #C30000#
cmp $RESULT, 0
je NoFind
eob Break
bp $RESULT
log $RESULT

esto
GoOn:
esto

Break:
cmp eip,$RESULT
jne GoOn
bc $RESULT
sto

//GameOver――――――――――――――――――――――――――――――――

log eip
cmt eip, "This is the OEP! Found By: fly"
MSG "Just : OEP !  Dump and Fix IAT.  Good Luck  "
ret

NoFind:
MSG "Error! Maybe It's not MEW 11 V1.0-V1.2 ! "
ret

TryAgain:
MSG " Please  Try  Again   !   "
ret