New Rapid$hare T00L$

USD v1.34.8 BlackManos Pack v13.43
Rapid Uploader v1.2
FullURL v1.12

uPdateD eXe Tools - pAcKer - UnPacKer


TeST:

xp-AntiSpy.exe {85.00 KB}
xp-AntiSpy.exe {75.50 KB} UPX LZMA
xp-AntiSpy.exe {76.16 KB} LZMA
xp-AntiSpy1.exe {78.00 KB} PECompact 2.80 highest comp. LZMA /Api hook

utorrent.exe {215.25 KB} snake doctor mod TransVestiteD unpacked :-)

more great stuff: http://web18.server10.nl.kolido.net/v3/
http://wt.3800hk.com/Soft/zhly/
http://scriptmafia.org/
http://www.exeinfo.go.pl/ - find urls : http:// & https:// in non exe detection .php .asp and .sql batch

Zeta Debugger v1.3 by Sapunov Vladimir

Zeta Debugger - C/C++ source code debugger

At this moment the debugger supports a several number of debugging formats used by compilers of two most known companies - Borland and Microsoft. In the future we plan to add more formats to support.

In any case, we understand that it is impossible to create format loaders for all of existing compilers and their versions. So, we have provided a convenient way for programmers and compiler developers to create their own specific format loaders which implemented through plug-in modules. Read details here. Source files for already existing debug information loaders you can download here.

Partially or fully supported formats:

Compiler	Format Marker	Compiler Version
Borland C++	FB07, FB08, FB09, FB0A	BCC4, BCC5, BCC5.5
Visual C++	NB09, NB11, NB10	VisualC 5.0, 6.0
Attention Some formats were not fully tested.

Website and Download

Armadillo Killer

Armadillo Killer 2.6 build 5
--------------------------------------------------------------------------------
[x] Support Armadillo 2.60c version (CopyMemII too). Armadillo is fully defeated
again :)

--------------------------------------------------------------------------------
Armadillo Killer 2.6 build 4
--------------------------------------------------------------------------------
[x] Support Armadillo 2.60c versions (except CopyMemII only). Wait for few days please.
[x] One more Armadillo version is supported (http://www.bearshare.com)
[x] Now you see only one messagebox with final message (The dump is ready. Bla-bla-bla).
[x] Support of expired version was added :) So you can easy reset trial counters for every
Armadilled application! I'm gonna to write a special app that resets trial counters and
hides a nag-screen ;) Use Armadilled applications for free.


Information.
============
So, it's me again and my small dumper.

It's the new version for Armadillo versions 2.5x-2.6x
( ever for stupid custom builds :).

My app dumps the application, finds the OEP (sometimes :),
and prepares protected application for ImpRec
or Revigin session. I'm going to add my import rebuilder
later but now you have to do it yourself.

Here is the list of products that use Amadillo, so
you can play with them a bit :)

http://www.seba14.org (http://www.seba14.org/download-manager.php?id= xx)xx = number 01 - 99 Halite Armadilled and older eMule / Torrent Clients with Splash shit
http://www.sb-innovation.de All Sarim ( = Seba ) Productions Dr. Snake with / without Splash Screens (uTorrent 1.7x, 1.8x / BitTorrent 6.x)

jups they are the same: sarim / snakedoctor / seba14 / butcho - sb-innovation.de / seba14.org
from over 400 exe protectors used the same at the same time in the past 2006 till now 2008 by freeware:

1. > July 2007 - Themida (Splashscreen support)
2. > Aug. 2007 - y0da
3. > Sep. 2007 - now Armadillo 4 - 5.x (splashscreen support in exe protector) - works only stealthy for enduser by files in original size > 1,8 MB

http://www.bearshare.com/
http://www.med.uk.com
http://www.processcontrolsolutions.com
http://www.imserv.com
http://www.nzguide.co.nz
http://www.atalasoft.com
http://www.skidmonk.com
http://www.acusolv.com
http://www.insight-concepts.com
http://www.silicmdr.com
http://www.cablecalc.com
http://www.123loganalyzer.com
http://www.tradingpatterns.com
http://www.hard-code.com
http://www.cherrywoodsystems.com
http://www.autoimager.com
http://www.imptec.com
http://www.moonlight-software.com
http://www.lincolnbeach.com
http://www.mystikmedia.com
http://www.dvdidle.com/
http://www.collectorz.com
http://www.icetips.com
http://www.thethinktanksoftware.com
http://www.netscantools.com
http://www.demmel.com/cellular/english/
http://www.logipole.com
http://www.wealth-lab.com
http://www.dynastorelight.com
http://www.tickermymail.com
http://www.logiware.de/
http://www.mtcpro.com/
http://www.iopus.com/download.htm
http://www.lonewolf-software.com
http://www.longfine.com/
http://www.bradsoft.com/topstyle/download/index.asp
http://thelearningpit.com/lp/logixpro.html

If you know others sites with armadilled applications
just drop me e-mail (armkiller2002#yahoo'com), I'll check
how they work :)

DON'T SEND ME ATTACHMENTS PLEASE - LINKS ONLY !!!

And few words about CopyMem-II - it's terrible thing,
it makes applications slow and unstable, runs two copies
in the RAM. My small multithread test works 45 (!!!)
times slower. So ArmKiller can help you to increase
applications' speed.

If you have any questions about work with Armadilled applications,
post them (with a link of course) on these forums:

http://fraviamb.cjb.net/
http://www.exetools.com/forum

ArmKiller.

Download:
http://www.team-x.ru/guru-exe/index.php?path=Tools%2FUnpackers%2FArmadillo/

more usefull t00lz:

Guru.eXe Website

PEdiy Website

Programmer's Tools Website

Seek n' Destroy Website

The Collaborative RCE Tool Library Website

Tuts 4 You Website

eMule 0.48a VeryCD 080126

eMule 0.48a VeryCD 080126 Build 26. Jan. 2008

Changelog:
Source: VeryCD.cOM
* Close eMule offline problems solved
* Nat servers congestion problems solved
* Solve network congestion problems LowId
* Amended several memory leak bugs
* Regulation 3.5 parameter optimization upload
* Reduce the source NAT exchange network load Crash three minutes after the resumption nobody will automatically ignored.

Changelog: http://www.emule.org.cn/download/changelog.txt
Download site: http://www.emule.org.cn/download
BetaSite: http://www.verycd.com/groups/eMuleBeta/

Download: http://download.verycd.com/eMule-VeryCD-Setup.exe - Mirror
SRC: http://download.verycd.com/eMule-VeryCD-Beta-src.rar

eMule v0.48a Applejuice v2.3 the eXe shield/steahlt Mule entcrypted

eMule Applejuice Main Features which give you more SPEED and SECURITY include it self for possible dissembling:
----------------------------------------------------------------------
- Applejuice Community with many Community Clients advanced Community Features
- Applejuice Creditsystem: you can "buy" download Slots from other Community Clients with Applejuice you get for your Upload
- Community Topfile List: Search and Find the Files with most Community Clients
- advanced Upload Managament, Upload Protection and Boost Clients
- many Hacks, Community Fakes and Client Emulations
- security Features like 'no complete Files' and 'Filename Obfuscation'
- AES (256 bit) encrypted File-Transfers for more Security
- many other useful Features
- all eMule Xtreme Features


Changelog eMule v0.48a Applejuice v2.3:
-----------------------------------------
January, 2008
Protection crypts removed for a better look inside the binary.
Import sect. needz 2 adjust if u wanna change graphics ;)

December, 31. 2007

FEATURES:
Security:
- Country-Block
--- Select up to 3 Countries of which you want to block all upload and download

Other:
- improved Anti modified Applejuice Clients
- updated file comment spam list of Anti-Leecher system
- minor memory fixes and improvements on Community code
- create crashdump file without asking

Changelog eMule v0.48a Applejuice v2.2.1:
-----------------------------------------
December, 1. 2007

FEATURES:
- Anti modified Applejuice Clients
- changed default AES setting to Support AES
- fixed bug manual adding client to IPFilter
- minor fixes on AES and bzip2

GUI:
- download status column in queuelist and uploadlist
- better adjusted Applejuice Clientdetails for displaying AES setting

RELEASE-INFOS:
Country-Block from Bu$hMule WhitE/BlacK HouSe Edition:
This Feature is only for Security purposes. Be aware that by enabling this Feature you will
lose many Sources (including Applejuice Community Clients) and so downloading will be a lot
slower but more safety (depending in which Country you are and which Countries you block).
If Country-Block is enabled you will be asked on every startup of eMule Applejuice if you
want to keep it enabled. After 3 sessions it will automatically be disabled (you can manually
enable it again). To use Country-Block the ip-to-country.csv file has to be in your config folder.

http://www.applejuice.redp.de/eMule-Appeljuice/eMule.v0.48a.Applejuice.v2.3.bin.zip

Descargas/Telechargment:
unopacked - will not run in this status: eMule.v0.48a.Applejuice.v2.3.bin.rar (4.10 MB)

ap0x R.C.E. RL!dePacker 1.41 (101+) Reversing Labs

RLKit - Reversing Labs (first aid) Kit
----------------------------------------
After seeing a lot of so called crackers kits being spread around which weight overcomes 10 and sometimes 20 MB. I decided to create a real minimum reverser kit. That kind of first aid kit would contain only the most used applications by all crackers. So this is a bear bone kit that proves that all you can need during reversing of 90% of applications can be packed in one package that weighs lesser than 2 MB. This kit contains:

+ OllyDBG 1.10
+ LordPE 1.4
+ ImpRec 1.6
+ PeID 0.94
+ 32bit Calculator 1.7
+ RepairPE 0.4
+ FileMon 4.28
+ RegMon 6.06
+ FSG 2.0
+ WinUPack 0.39
+ R!SC`s Process Patcher 1.5.1
+ IIDKing 2.0
+ dUP 2.10
+ Tola`s Patching Engine 2.03

Reversing Labs RL!dePacker has a build in option to detect OEP. However this option does not work with VB (always use FindOEP! function with VB applications and Force to manual OEP?) and some packers. So if RL!dePacker can not unpack the file use FindOEP! function to detect correct OEP, but use it only as a second resort since it can be jammed!
° Option Force OEP to manual address is used to force stopping on manual OEP address, use this option ONLY if packer can not be unpacked (the target runs instead of breaking at OEP or dumps at wrong OEP).
° Option Correct OEP to manual address is used correct OEP in PE header of the unpacked file.
° Option Hide unpacker from detection is used hide debugger from being detected by antiTricks. Option Use tracer to correct IAT is used to remove all known redirection types.
° Option Fix Import elimination is used on applications that relocate import table in memory outside PE32 file. This option has been tested with AlexProtector 1.0 and RLPack TE 1.18. Please note that even dow this option is in testing it should give good results on all known redirection types (see ap0x unpacker SDK).

Generic unpacker can unpack ONLY packers that do not use IAT redirection, that don’t steal APIs and which fill out IAT table in correct order. All ordinals that can be converted to API names are converted, others are inserted into IAT as ordinals! Designed for NT systems, Windows 2000 or later but it should work on Windows 9x if you have psapi.dll file!
If you don’t want to update the software and therefore wait few seconds before you can use this program delete Updater.dll file.

RL!dePacker 1.41 is tested with 101+ packers

aUS [Advanced UPX Scrambler] 0.4 - 0.5
ASPack 1.x - 2.x
AHPack 1.x
AlexProtector 1.x
ARMProtector 0.x
BamBam 0.x
BJFNT 1.3
BeRoEXEPacker 1.x
CryptoPeProtector 0.9x
CodeCrypt 0.16x
dot Fake Signer 3.x
dePack
DragonArmour
eXPressor 1.2.x - 1.5.x
EZip 1.0
EP Protector 0.3
ExeSax 0.x
EXEStealth 2.x
FSG 1.xx & 2.0
Goat's PE Mutilator 1.6
hmimys-Packer 1.x
HidePX 1.4
HidePE 2.1
JDPack 1.x
JDProtect 0.9
JeyJey UPX Protector
KByS Packer 0.2x
Krypton 0.x
LameCrypt 1.0
MEW 1.x
nSPack 2.x - 3.x
nSPack Scrambler
nPack 1.x
NeoLite 1.0 & 2.0
NWCC
ORiEN 2.12
OrIEN 2.1x
PECompact 0.9x - 2.x
PeX 0.99
PC Shrink 0.71
Polyene 0.01
Pack 4.0
PackMan 0.0.0.1 & 1.0
PE Diminisher 0.1
PolyCrypt PE 2.1.5
PeTite 1.x
PEStubOEP 1.6
PELockNT 2.x
PePack 1.0
PC PE Encryptor alpha
PackItBitch
PEncrypt 4.0
PEnguinCrypt 1.0
PeLockNt 2.x
PeLock 1.0x
Perplex PE-Protector 1.x
RLP 0.6.9 - 0.7.x
RLPack Basic Edition 1.x
ReCrypt 0.15 - 0.80
Stone`s PE Encryptor 2.0
StealthPE 2.1
Software Compress 1.x
SPLayer 0.08
ShrinkWarp 1.4
SPEC b3
SmokesCrypt 1.2
Simple UPX-Scrambler
SimplePack 1.x
SLVc0deProtector 1.x
tELock 0.x
UPX 0.8x - 2.x
UPolyX 0.4 & 0.5
UPXRedir
UPXCrypt
UPX Inkvizitor
UPXFreak 0.1
UPolyX 0.x
UPXLock 1.x
UG Chruncher 0.x
UPX-Scrambler RC 1.x
UPX Protector 1.0x
UPXShit 0.06 & 0.0.1
UPXScramb 2.x
VirogenCrypt 0.75
WWPack32 1.x
WinUPack 0.2x - 0.3x
WinUPack Mutanter 0.1
Winkript 1.0
yC 1.x
32Lite 0.3a
!ExE Pack 1.x
!EP (ExE Pack) 1.x
[G!X]`s Protector 1.2


This unpack engine covers everything what unpacker needs. It has debugger, dumper and importer modules which enable coding unpackers with ease. SDK is free and can be used by anyone but make sure you mention my name or include logo.bmp somewhere in About dialog.

SDK v.1.4
- Updated Delphi and MASM SDK
- Fixed memory problems for all modules

v.1.6 [Debugger.dll]
- Added new ldex86
- Rewritten DebugLoop
- Added new API: ForceClose
- Added new API: SehGoneWildProtection
- Fixed: Handling custom exceptions
- Fixed: In case breakpoint is fired in second thread context doesn't get read
- Fixed: Not releasing loaded .dll file handles on process terminate
- Fixed: Find crashing on some searches with an access violation

v.1.5 [Dumper.dll]
- Fixed: PastePEHeader not writting header on some files
- Fixed: DumpProcess crash on file with PE header moved above SectionAligment
- Fixed: DumpProcess not rebuilding header correctly on files which have larger...
- Fixed: ConvertVAtoFileOffset on files which have code inside PE header
- Fixed: AddNewSection resizing the new section size to fit FileAligment
- Fixed: AddNewSection not aligning raw offset correctly

v.1.0 [Tracer.dll] (just for internal use by RL!dePacker, next version will be public!)
- Added support for following redirections: SLVc0deProtector 1.1x...
- Added support for following redirections: tELock 0.8x-0.99, PeX 0.99, ReCrypt 0.74
- Added support for following redirections: yC 1.x, Goat's PE Mutilator 1.6...
- Added support for following redirections: RLP 0.7x, ACProtect 1.x...
- Added new API: TracerGetAPIAdressByHashing
- Added new API: TracerAutoFixImportElimination
- Added new API: TracerDetectRedirection
- Added new API: TracerAutoFixIAT
- Added new API: HashTracerLevel1
- Added new API: TracerLevel1
- Added new API: TracerInit

v.1.5 [Importer.dll]
- Fixed: StrToInt conversion
- Added new API: ImporterCleanup
- Added new API: ImporterMoveIAT
- Added new API: ImporterGetAddedDllCount
- Added new API: ImporterGetAddedAPICount
- Added new API: ImporterFindAPIWriteLocation
- Fixed: ImporterAddNewAPI ordinal import handleing
- Fixed: ImporterAutoFixIAT check already loaded .dll files code
- Fixed: ImporterAutoSearchIAT to correctly find IAT in case of invalid near jumps
- Fixed: Not unloading loaded .dll files with ImporterAutoFixIAT
- Fixed: ImporterGetAPINameOrOrdinal API...
- Fixed: Ordinal processing in ImporterGetAPIName, ImporterGetAPINameEx...
- Fixed: ImporterAutoFixIAT to get all .dll files(s) libraries and calculate relative...
- Fixed: ImporterGetAPINameFromDebugee to get API names from all libraries....
- Fixed: ImporterAutoFixIAT to get all .dll files(s) libraries not just the system ones

w/o internal modules: http://ap0x.jezgra.net/SDK.rar
Homepage: http://ap0x.jezgra.net/index.html
Tracer.dll & GenOEP.dll Downloads:
Mirror1 - Mirror2

Homepage: http://ap0x.jezgra.net/programs_2.html

Download all-in-on full (4.68 MB): RL!de.zip
AV's may report it as False Positive