破解/汇编『Crack/Asm』

腾讯通RTX2011 破解补丁

2 条评论

废话不多说,介绍在下面:

腾讯通RTX(Real Time eXchange)是腾讯公司推出的企业级即时通信平台。企业员工可以轻松地通过服务器所配置的组织架构查找需要进行通讯的人员,并采用丰富的沟通方式进行实时沟通。文本消息、文件传输、直接语音会话或者视频的形式满足不同办公环境下的沟通需求。

Continue Reading

破解/汇编『Crack/Asm』

Hide Debugger for Immunity Debugger v1.8x

没有评论 
"""
(c) Mars Security. 2009-2012
Institute Of Information Serurity From Mars
Email:root@h4ck.ws
U{By obaby.}
"""
#sys.path.append("C:\\Program Files\\Immunity Inc\\Immunity Debugger\\Libs")

import immlib
import immutils
def main(args):
    imm = immlib.Debugger()
    #hide debugger by wipe the BeingDebugged flag in PEB struct.
    imm.writeMemory (imm.getPEBAddress() + 0x2,"\x00")
    #disable the process enume
    process32first = imm.getAddress("kernel32.Process32FirstW")
    process32next = imm.getAddress("kernel32.Process32NextW")
    function_list = [process32first, process32next]
    patch_bytes = imm.assemble("SUB EAX,EAX\nRET 8")
    for address in function_list:
        opcode = imm.disasmForward(address,nlines = 8)
        #imm.writeMemory(opcode.address,patch_bytes)
    
    return "[*] PEB BeingDebugged flag cleared ! Debugger Hided~!"

该脚本用于去掉基于IsDebugPresent函数的调试检测。将上面的内容保存为hidedbg.py放入immdbg的PyCommands目录下,然后在immdbg的命令窗口中执行即可。 smile

插件『IDA/OD/IMMDbg Plugin』

IDA SYNC For IDA 6.x

一条评论

IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information.

Continue Reading
Close Menu