I started to manually check and moderate all comments on Tuts 4 You about a week ago before they could be approved for viewing. I made no announcement because I did not think anyone would notice but I was wrong, some of you have and asked what was going on. So for the others out there who may be wondering this is what will be happening in future.
The reason why I want to review all comments is because I am a bit disappointed with the level of English grammar, punctuation and short form used by people these days. To be honest I think there is no need for it and I find it sloppy, untidy and just laziness by posters who choose to do this. I may be getting old but I have always found this to be my pet hate on any site on the internet where I find it.
Just to clarify comments will not be changed or edited for any other reason. Your comments will only be edited to correct grammatical, spelling, and punctuation errors.
If anyone has any questions or queries please feel welcome to ask me...
With the weather being bad today and having some hours to kill (watching some movies) I decided to check out the new LZMA2 (64-bit) compression which will be included in the up-coming 7-ZIP v9 release. You may ask why version 9 and not 4, I think it is to reference the year it will be released. Please correct me if I am wrong
I also decided to compress the same files using the up-coming release of WinRAR64. It has an improved and updated compression engine to support more modern multi-core and multi-threaded CPU's, instructions and memory. It all sounds promising on paper but can this old yet updated compression algorithm really stand up against its more modern counterpart?
Today I added a lot of new unpackme formats and versions that I had been building up for a while. I intended on uploading a large majority of these to Tuts 4 You before Christmas unfortunately time got the better of me. However since then I managed to keep adding to the list, 57 new formats and versions in all:
You will not see these listed in the Latest Downloads menu because I thought it better to leave some of the current listings on top. These unpackme's are however available for download if you go look for them, I added the upload dates as being 19/12/2008.
There are a couple of (old version) .NET unpackme's and some file binders in the list. I kept a couple of those file binders in the list simply for signatures so don't expect any unpacking challenges there...
It has been over a year since I last prompted users of this site for their thoughts and ideas of the things they like and dislike and encourage all of you to post feedback. If there are things you would like to see changed (or added) across any part of the site please put those ideas forward for 2009. In the past members who have made sensible suggestions have had their ideas implemented or concerns/dislikes acted on.
Debuggy 1.02 Author: Vanja Fuckar Debuggy is a Windows debugger, disassembler, Windows resource extractor, file hex editor, window sniffer and API spy all rolled into one.
[ Note: This is some years old but still added to the database. It contains the source code, some may find it [more...] Date: 16 Jun : 05:43 Filesize: 2.25 mb Total Downloads: 583
Date: 16 Jun : 05:41 Filesize: 1.53 kb Total Downloads: 57
(IDA Pro Disassembler and Debugger:)
IDA Pro Disassembler 5.5 Author: Hex-Rays IDA Pro is a programmable, interactive, multi-processor disassembler combined with a local and remote debugger and augmented by a complete plugin programming environment.
IDA Pro is in many ways unique. Its interactivity allows you to improve disa [more...] Date: 12 Jun : 20:10 Filesize: 25.78 mb Total Downloads: 1044
(OllyDbg Plugins:)
DebugAsUser 0.2b Author: Fox I can assure you reverse lovers, I am more or less experienced in this situation:
Finding software online there is no guarantee of their safety for fear of malicious code. Our usual approach in general is:
1. Using a virtual machine
2. Wit [more...] Date: 10 Jun : 06:16 Filesize: 200.7 kb Total Downloads: 220
(OllyDbg Plugins:)
Window Maximizer 1.0 Author: BobSoft This plugin keeps all windows maximized, so opening a new window - eg. log window - the window will automatically maximize. Date: 10 Jun : 06:08 Filesize: 11.35 kb Total Downloads: 82
(OllyScript - Editors:)
OllyScriptEditor 0.23 Author: BriteDream An editor for creating and editing scripts which can be used with the OllyScript plugin for OllyDbg. Date: 10 Jun : 03:17 Filesize: 3.31 mb Total Downloads: 2256
Date: 10 Jun : 03:13 Filesize: 381.46 kb Total Downloads: 94
(UnpackMe:)
InsaneFIDO UnWrapMe2 Author: InsaneFIDO After several months inactivity I now present my second unwrapme. It differs from the first in that the wrapped file is inside the wrapper rather than a seperate file. I hope you will find it interesting. Date: 10 Jun : 03:11 Filesize: 144.21 kb Total Downloads: 44
(OllyScript - Scripts:)
OllySubScript 1.1 Author: Sub Xero This is my initial release of OllySubScript, which is a program designed to help in writing scripts for use with the OllyScript/OdbgScript plugin. I tried some similar applications when I started scripting, but they were lacking a lot of features (ev [more...] Date: 10 Jun : 03:09 Filesize: 537.93 kb Total Downloads: 144
Date: 10 Jun : 03:08 Filesize: 327.89 kb Total Downloads: 84
(Anti-Debugging:)
Anti-Unpacker Tricks 2 - Part 6 Author: Peter Ferrie New anti-unpacking tricks continue to be developed as the older ones are constantly being defeated. This series of articles (see also [1–5]) describes some tricks that might become common in the future, along with some countermeasures.
This art [more...] Date: 07 Jun : 03:28 Filesize: 69.68 kb Total Downloads: 242
Date: 07 Jun : 03:25 Filesize: 1.93 kb Total Downloads: 95
(OllyDbg Plugins:)
ImmLabel 1.0 Author: 3070 New plugin for Ollydbg, you can use it to rename immediate addresses much like Rename command in IDA,
You'll find a short video in the attachment on how to use it. Date: 07 Jun : 03:22 Filesize: 533.82 kb Total Downloads: 108
(Programming / Coding:)
Microsoft Macro Assembler Reference Author: Microsoft The Microsoft Macro Assembler (MASM) provides you with several advantages over inline assembly. MASM contains a macro language with looping, arithmetic, text string processing, and so on, and MASM supports the instruction sets of the 386, 486, and Pe [more...] Date: 07 Jun : 03:20 Filesize: 468.98 kb Total Downloads: 163
(API Hooking / Rootkits:)
.NET Framework Rootkits – Backdoors Inside Your Framework Author: Erez Metula This paper introduces a new method that enables an attacker to change the .NET language.
The paper covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently th [more...] Date: 07 Jun : 03:18 Filesize: 302.2 kb Total Downloads: 122
Date: 07 Jun : 03:04 Filesize: 1.84 mb Total Downloads: 181
(Packers / Protectors:)
A Study of the Packer Problem and Its Solutions Author: Fanglu Guo + Peter Ferrie + Tzi-cker Chiueh An increasing percentage of malware programs distributed in the wild are packed by packers, which are programs that transform an input binary’s appearance without affecting its execution semantics, to create new malware variants that can evade sig [more...] Date: 22 May : 07:45 Filesize: 157.48 kb Total Downloads: 333
(Packers / Protectors:)
Armadillo 6.40 (CopyMem 2 + Debug Blocker) Author: Shkodran A Shockwave Flash movie tutorial showing a method of unpacking Armadillo 6.40 using CopyMem2 and Debug-Blocker. Date: 22 May : 07:43 Filesize: 7.7 mb Total Downloads: 984
(Reverse Code Engineering:)
CrackMe3 Hellsp@wn Solution Author: Gyver75 This tutorial doesn't want to describe the methods I used to reverse this crackme, but rather the questions born in the mind of novel reverser like me … ;-). So, you will ask: “Why did you choose this crackme?” The answer is simple: THE CH [more...] Date: 22 May : 07:40 Filesize: 2.52 mb Total Downloads: 289
(Packers / Protectors:)
Freex64 1.0 (Unpacking) Author: Shkodran A Shockwave Flash movie tutorial showing a method of unpacking Freex64 1.0. Date: 22 May : 07:37 Filesize: 3.15 mb Total Downloads: 187
(Inline Patching:)
Themida + WinLicense 2.0.6.5 (Inline Patching) Author: LCF-AT Again I have written a new script called "TM - WL HWID & BASIC Inline Patcher 1.0"
So maybe you have sometime trouble to unpack a TM / WL app and for this case I have written this new script. It writes the Inline automatically {+ add [more...] Date: 22 May : 07:35 Filesize: 7.96 mb Total Downloads: 819
Date: 22 May : 07:32 Filesize: 24.73 kb Total Downloads: 249
(OllyScript - Scripts:)
MoleBox 2.xx Unpacker + OEP Finder v1.10 Author: CherryDT 1. unpack the .rar file with WinRAR
2. make sure you have the ODbgScript plugin installed in OllyDbg
3. copy the files mbunpack.dll and filelen.exe from my archive into the folder where the target executable is located
4. make sure all exceptions [more...] Date: 16 May : 06:07 Filesize: 72.18 kb Total Downloads: 372
(Packers / Protectors:)
TGR Protector 1.0 (Unpacking) Author: AZMA A Shockwave Flash movie tutorial showing a method of unpacking TGR Protector 1.0. Date: 16 May : 06:00 Filesize: 795.36 kb Total Downloads: 101
(Miscellaneous Papers:)
LZMA vs LZMA2 vs WinRAR64 Author: Teddy Rogers With the weather being bad today and having some hours to kill (watching some movies) I decided to check out the new LZMA2 (64-bit) compression which will be included in the up-coming 7-ZIP v9 release. You may ask why version 9 and not 4, I think it [more...] Date: 16 May : 05:56 Filesize: 616.32 kb Total Downloads: 286
Date: 10 May : 06:28 Filesize: 179.24 kb Total Downloads: 170
(dotNET Reversing:)
.NET Reversing Tips - Chapter 6 Author: Kurapica This time we are unpacking, the target is an unpackme written by Rendari, thanks for him for this nice challenge, actually I want to thank my friend UFO-PU55Y for sending me this one, he told me that it has been hanging since summer without solution, [more...] Date: 10 May : 06:26 Filesize: 890.29 kb Total Downloads: 296
(Anti-Debugging:)
EventPairHandle as AntiDebug Trick Author: EvilCry An EventPair Object is an Event constructed by two _KEVENT structures which are conventionally named High and Low. EventPairs are used for synchronization in Quick LPC, they allow the called thread to continue the current quantum, reducing scheduling [more...] Date: 10 May : 06:25 Filesize: 99.15 kb Total Downloads: 188
Date: 10 May : 06:23 Filesize: 212 kb Total Downloads: 73
(Inline Patching:)
Inlining via TLS Callbacks Author: SunBeam Due to my immortal drive and addiction to EXECryptor, I've started learning a bit about TLS Callbacks and how we could make good use of them to achieve simple inlines, without having to worry about CRCs and custom protector checks. Date: 10 May : 06:20 Filesize: 143.85 kb Total Downloads: 319
[ Tuts 4 You ]
