01 February 2008

Armadillo Killer

Armadillo Killer 2.6 build 5
[x] Support Armadillo 2.60c version (CopyMemII too). Armadillo is fully defeated
again :)

Armadillo Killer 2.6 build 4
[x] Support Armadillo 2.60c versions (except CopyMemII only). Wait for few days please.
[x] One more Armadillo version is supported (http://www.bearshare.com)
[x] Now you see only one messagebox with final message (The dump is ready. Bla-bla-bla).
[x] Support of expired version was added :) So you can easy reset trial counters for every
Armadilled application! I'm gonna to write a special app that resets trial counters and
hides a nag-screen ;) Use Armadilled applications for free.

So, it's me again and my small dumper.

It's the new version for Armadillo versions 2.5x-2.6x
( ever for stupid custom builds :).

My app dumps the application, finds the OEP (sometimes :),
and prepares protected application for ImpRec
or Revigin session. I'm going to add my import rebuilder
later but now you have to do it yourself.

Here is the list of products that use Amadillo, so
you can play with them a bit :)

http://www.seba14.org (http://www.seba14.org/download-manager.php?id= xx)xx = number 01 - 99 Halite Armadilled and older eMule / Torrent Clients with Splash shit
http://www.sb-innovation.de All Sarim ( = Seba ) Productions Dr. Snake with / without Splash Screens (uTorrent 1.7x, 1.8x / BitTorrent 6.x)

jups they are the same: sarim / snakedoctor / seba14 / butcho - sb-innovation.de / seba14.org
from over 400 exe protectors used the same at the same time in the past 2006 till now 2008 by freeware:

1. > July 2007 - Themida (Splashscreen support)
2. > Aug. 2007 - y0da
3. > Sep. 2007 - now Armadillo 4 - 5.x (splashscreen support in exe protector) - works only stealthy for enduser by files in original size > 1,8 MB


If you know others sites with armadilled applications
just drop me e-mail (armkiller2002#yahoo'com), I'll check
how they work :)


And few words about CopyMem-II - it's terrible thing,
it makes applications slow and unstable, runs two copies
in the RAM. My small multithread test works 45 (!!!)
times slower. So ArmKiller can help you to increase
applications' speed.

If you have any questions about work with Armadilled applications,
post them (with a link of course) on these forums:




more usefull t00lz:

Guru.eXe Website

PEdiy Website

Programmer's Tools Website

Seek n' Destroy Website

The Collaborative RCE Tool Library Website

Tuts 4 You Website

29 January 2008

eMule 0.48a VeryCD 080126

eMule 0.48a VeryCD 080126 Build 26. Jan. 2008

Source: VeryCD.cOM
* Close eMule offline problems solved
* Nat servers congestion problems solved
* Solve network congestion problems LowId
* Amended several memory leak bugs
* Regulation 3.5 parameter optimization upload
* Reduce the source NAT exchange network load Crash three minutes after the resumption nobody will automatically ignored.

Changelog: http://www.emule.org.cn/download/changelog.txt
Download site: http://www.emule.org.cn/download
BetaSite: http://www.verycd.com/groups/eMuleBeta/

Download: http://download.verycd.com/eMule-VeryCD-Setup.exe - Mirror
SRC: http://download.verycd.com/eMule-VeryCD-Beta-src.rar

eMule v0.48a Applejuice v2.3 the eXe shield/steahlt Mule entcrypted

eMule Applejuice Main Features which give you more SPEED and SECURITY include it self for possible dissembling:
- Applejuice Community with many Community Clients advanced Community Features
- Applejuice Creditsystem: you can "buy" download Slots from other Community Clients with Applejuice you get for your Upload
- Community Topfile List: Search and Find the Files with most Community Clients
- advanced Upload Managament, Upload Protection and Boost Clients
- many Hacks, Community Fakes and Client Emulations
- security Features like 'no complete Files' and 'Filename Obfuscation'
- AES (256 bit) encrypted File-Transfers for more Security
- many other useful Features
- all eMule Xtreme Features

Changelog eMule v0.48a Applejuice v2.3:
January, 2008
Protection crypts removed for a better look inside the binary.
Import sect. needz 2 adjust if u wanna change graphics ;)

December, 31. 2007

- Country-Block
--- Select up to 3 Countries of which you want to block all upload and download

- improved Anti modified Applejuice Clients
- updated file comment spam list of Anti-Leecher system
- minor memory fixes and improvements on Community code
- create crashdump file without asking

Changelog eMule v0.48a Applejuice v2.2.1:
December, 1. 2007

- Anti modified Applejuice Clients
- changed default AES setting to Support AES
- fixed bug manual adding client to IPFilter
- minor fixes on AES and bzip2

- download status column in queuelist and uploadlist
- better adjusted Applejuice Clientdetails for displaying AES setting

Country-Block from Bu$hMule WhitE/BlacK HouSe Edition:
This Feature is only for Security purposes. Be aware that by enabling this Feature you will
lose many Sources (including Applejuice Community Clients) and so downloading will be a lot
slower but more safety (depending in which Country you are and which Countries you block).
If Country-Block is enabled you will be asked on every startup of eMule Applejuice if you
want to keep it enabled. After 3 sessions it will automatically be disabled (you can manually
enable it again). To use Country-Block the ip-to-country.csv file has to be in your config folder.


unopacked - will not run in this status: eMule.v0.48a.Applejuice.v2.3.bin.rar (4.10 MB)

28 January 2008

ap0x R.C.E. RL!dePacker 1.41 (101+) Reversing Labs

ap0x R.C.E. RL! de Packer 1.41 unpackerap0x R.C.E. RL!dePacker 1.41 Unpacker EngineRLKit - Reversing Labs (first aid) Kit
After seeing a lot of so called crackers kits being spread around which weight overcomes 10 and sometimes 20 MB. I decided to create a real minimum reverser kit. That kind of first aid kit would contain only the most used applications by all crackers. So this is a bear bone kit that proves that all you can need during reversing of 90% of applications can be packed in one package that weighs lesser than 2 MB. This kit contains:

+ OllyDBG 1.10
+ LordPE 1.4
+ ImpRec 1.6
+ PeID 0.94
+ 32bit Calculator 1.7
+ RepairPE 0.4
+ FileMon 4.28
+ RegMon 6.06
+ FSG 2.0
+ WinUPack 0.39
+ R!SC`s Process Patcher 1.5.1
+ IIDKing 2.0
+ dUP 2.10
+ Tola`s Patching Engine 2.03

Reversing Labs RL!dePacker has a build in option to detect OEP. However this option does not work with VB (always use FindOEP! function with VB applications and Force to manual OEP?) and some packers. So if RL!dePacker can not unpack the file use FindOEP! function to detect correct OEP, but use it only as a second resort since it can be jammed!
° Option Force OEP to manual address is used to force stopping on manual OEP address, use this option ONLY if packer can not be unpacked (the target runs instead of breaking at OEP or dumps at wrong OEP).
° Option Correct OEP to manual address is used correct OEP in PE header of the unpacked file.
° Option Hide unpacker from detection is used hide debugger from being detected by antiTricks. Option Use tracer to correct IAT is used to remove all known redirection types.
° Option Fix Import elimination is used on applications that relocate import table in memory outside PE32 file. This option has been tested with AlexProtector 1.0 and RLPack TE 1.18. Please note that even dow this option is in testing it should give good results on all known redirection types (see ap0x unpacker SDK).

Generic unpacker can unpack ONLY packers that do not use IAT redirection, that don’t steal APIs and which fill out IAT table in correct order. All ordinals that can be converted to API names are converted, others are inserted into IAT as ordinals! Designed for NT systems, Windows 2000 or later but it should work on Windows 9x if you have psapi.dll file!
If you don’t want to update the software and therefore wait few seconds before you can use this program delete Updater.dll file.

RL!dePacker 1.41 is tested with 101+ packers
aUS [Advanced UPX Scrambler] 0.4 - 0.5
ASPack 1.x - 2.x
AHPack 1.x
AlexProtector 1.x
ARMProtector 0.x
BamBam 0.x
BeRoEXEPacker 1.x
CryptoPeProtector 0.9x
CodeCrypt 0.16x
dot Fake Signer 3.x
eXPressor 1.2.x - 1.5.x
EZip 1.0
EP Protector 0.3
ExeSax 0.x
EXEStealth 2.x
FSG 1.xx & 2.0
Goat's PE Mutilator 1.6
hmimys-Packer 1.x
HidePX 1.4
HidePE 2.1
JDPack 1.x
JDProtect 0.9
JeyJey UPX Protector
KByS Packer 0.2x
Krypton 0.x
LameCrypt 1.0
MEW 1.x
nSPack 2.x - 3.x
nSPack Scrambler
nPack 1.x
NeoLite 1.0 & 2.0
ORiEN 2.12
OrIEN 2.1x
PECompact 0.9x - 2.x
PeX 0.99
PC Shrink 0.71
Polyene 0.01
Pack 4.0
PackMan & 1.0
PE Diminisher 0.1
PolyCrypt PE 2.1.5
PeTite 1.x
PEStubOEP 1.6
PELockNT 2.x
PePack 1.0
PC PE Encryptor alpha
PEncrypt 4.0
PEnguinCrypt 1.0
PeLockNt 2.x
PeLock 1.0x
Perplex PE-Protector 1.x
RLP 0.6.9 - 0.7.x
RLPack Basic Edition 1.x
ReCrypt 0.15 - 0.80
Stone`s PE Encryptor 2.0
StealthPE 2.1
Software Compress 1.x
SPLayer 0.08
ShrinkWarp 1.4
SmokesCrypt 1.2
Simple UPX-Scrambler
SimplePack 1.x
SLVc0deProtector 1.x
tELock 0.x
UPX 0.8x - 2.x
UPolyX 0.4 & 0.5
UPX Inkvizitor
UPXFreak 0.1
UPolyX 0.x
UPXLock 1.x
UG Chruncher 0.x
UPX-Scrambler RC 1.x
UPX Protector 1.0x
UPXShit 0.06 & 0.0.1
UPXScramb 2.x
VirogenCrypt 0.75
WWPack32 1.x
WinUPack 0.2x - 0.3x
WinUPack Mutanter 0.1
Winkript 1.0
yC 1.x
32Lite 0.3a
!ExE Pack 1.x
!EP (ExE Pack) 1.x
[G!X]`s Protector 1.2

This unpack engine covers everything what unpacker needs. It has debugger, dumper and importer modules which enable coding unpackers with ease. SDK is free and can be used by anyone but make sure you mention my name or include logo.bmp somewhere in About dialog.

SDK v.1.4
- Updated Delphi and MASM SDK
- Fixed memory problems for all modules

v.1.6 [Debugger.dll]
- Added new ldex86
- Rewritten DebugLoop
- Added new API: ForceClose
- Added new API: SehGoneWildProtection
- Fixed: Handling custom exceptions
- Fixed: In case breakpoint is fired in second thread context doesn't get read
- Fixed: Not releasing loaded .dll file handles on process terminate
- Fixed: Find crashing on some searches with an access violation

v.1.5 [Dumper.dll]
- Fixed: PastePEHeader not writting header on some files
- Fixed: DumpProcess crash on file with PE header moved above SectionAligment
- Fixed: DumpProcess not rebuilding header correctly on files which have larger...
- Fixed: ConvertVAtoFileOffset on files which have code inside PE header
- Fixed: AddNewSection resizing the new section size to fit FileAligment
- Fixed: AddNewSection not aligning raw offset correctly

v.1.0 [Tracer.dll] (just for internal use by RL!dePacker, next version will be public!)
- Added support for following redirections: SLVc0deProtector 1.1x...
- Added support for following redirections: tELock 0.8x-0.99, PeX 0.99, ReCrypt 0.74
- Added support for following redirections: yC 1.x, Goat's PE Mutilator 1.6...
- Added support for following redirections: RLP 0.7x, ACProtect 1.x...
- Added new API: TracerGetAPIAdressByHashing
- Added new API: TracerAutoFixImportElimination
- Added new API: TracerDetectRedirection
- Added new API: TracerAutoFixIAT
- Added new API: HashTracerLevel1
- Added new API: TracerLevel1
- Added new API: TracerInit

v.1.5 [Importer.dll]
- Fixed: StrToInt conversion
- Added new API: ImporterCleanup
- Added new API: ImporterMoveIAT
- Added new API: ImporterGetAddedDllCount
- Added new API: ImporterGetAddedAPICount
- Added new API: ImporterFindAPIWriteLocation
- Fixed: ImporterAddNewAPI ordinal import handleing
- Fixed: ImporterAutoFixIAT check already loaded .dll files code
- Fixed: ImporterAutoSearchIAT to correctly find IAT in case of invalid near jumps
- Fixed: Not unloading loaded .dll files with ImporterAutoFixIAT
- Fixed: ImporterGetAPINameOrOrdinal API...
- Fixed: Ordinal processing in ImporterGetAPIName, ImporterGetAPINameEx...
- Fixed: ImporterAutoFixIAT to get all .dll files(s) libraries and calculate relative...
- Fixed: ImporterGetAPINameFromDebugee to get API names from all libraries....
- Fixed: ImporterAutoFixIAT to get all .dll files(s) libraries not just the system ones

w/o internal modules: http://ap0x.jezgra.net/SDK.rar
Homepage: http://ap0x.jezgra.net/index.html
Tracer.dll & GenOEP.dll Downloads:
Mirror1 - Mirror2

Homepage: http://ap0x.jezgra.net/programs_2.html

Download all-in-on full (4.68 MB): RL!de.zip
AV's may report it as False Positive

µTorrent 1.8 build 8188

µTorrent Version 1.8 alpha build 8188 Changelog:
- Change: Removed the two pixel gap on both sides of the main toolbar
- Change: Add properties to torrent category menu
- Change: Give delete torrent confirmation dialog "always show this dialog"-style functionality
- Change: Give search button a style more conformant to the Vista UI guidelines if available
- Change: Make delete torrent button look pressed while its menu is up
- Change: make Search and Remove buttons consistant with IE7 search button behaviour
- Change: removed 10 pixel gap on the right side of the searchbox
- Change: Alternate listview background color to be roughly the same color as the selected column, rather then a constant gray
- Change: Increase maximum waiting time from five seconds to one minute for UAC subprocess when installing on Vista
- Change: Add confirm deletion of trackers option to UI Settings
- Change: Show graphical progress bar option is now in advanced settings
- Change: Delete key now deletes trackers in the trackers tab
- Change: Remove label setting from torrent properties dialog
- Change: Note that port 0 in the speed guide is a signal for uTorrent itself to choose the port
- Change: Make about dialog non-modal
- Change: Change text of a few updater-related checkboxes in preferences to be more specific about what they effect
- Change: Always show the selection in the tracker and file listviews, even if they don't have focus
- Change: Move items in add torrent dialog listview left a bit if there are no directories in the torrent
- Change: Max Up and Max Down have been renamed to Up Limit and Down Limit
- Fix: Some cases of controls, such as listviews, not properly updating on Windows theme change
- Fix: potential remote crash exploit
- Fix: Opening dialog on Windows 95
- Fix: Modal dialogs now correctly disable and return focus to the window they were launched from, not the main window
- Fix: Various tiny memory leaks
- Fix: Leaking of memory when closing non-modal dialogs (existed in both 1.6 and 1.7)
- Fix: corrupted URL/messsage in Add Torrent by URL dialog
- Fix: incorrect column highlighting after hiding/showing columns
- Fix: disable webui relative path parsing

µTorrent 1.8 alpha 8188

26 January 2008

Azureus Beta 12


Azureus Vuze

FEATURE: Core | Added µTorrent PEX support [amc1]
FEATURE: UI | Added option for "Open Containing Folder" menu action - which may integrate better with non-standard file browsers [amc1]

CHANGE: Core | Further memory footprint reductions; for additional tweaks see http://www.azureuswiki.com/index.php/Reduce_memory_usage [The 8472]
CHANGE: Core | Reimplemented LT extension protocol code [amc1]
CHANGE: Core | Queuing rules now don't start any further torrents if the global up/download speed limits are reached [The 8472]
- makes "don't count torrent ..." minimum speed rules more useful to dynamically regulate the queue lengths
- prevents runaway chain reactions in case of connection loss
CHANGE: Core | Made the crypto handshake a bit less predictable [The 8472]
CHANGE: Core | Added support for plugins which implement mainline DHT [amc1]

BUGFIX: UI | Shells no longer use the low-res frog icon, the normal main window icon is now used instead [amc1]
BUGFIX: UI | Limiting comments in General View to 5k characters under WinXP to avoid crashes due to faulty comctl32.dll [The 8472]

To use, rename the downloaded AzureusXxxx-Bxx.jar file to Azureus2.jar to replace your old jar in the Azureus program dir: ChangeTheAzureusTwoJarFile
Azureus v2 vs. v3 (Vuze) FAQ
Snapshot RSS Feed
Beta Site: http://azureus.sourceforge.net/index_CVS.php

★ Download:
Azureus3043-B12.jar - 23 Jan 2008 07:40:33 AM [10021745 bytes]
