01 February 2008

AutoIt Decompiler unpacker and script converter

13 comments
AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting. It uses a combination of simulated keystrokes, mouse movement and window/control manipulation in order to automate tasks in a way not possible or reliable with other languages (e.g. VBScript and SendKeys). AutoIt is also very small, self-contained and will run on all versions of Windows out-of-the-box with no annoying "runtimes" required!

AutoIt was initially designed for PC "roll out" situations to reliably automate and configure thousands of PCs. Over time it has become a powerful language that supports complex expressions, user functions, loops and everything else that veteran scripters would expect.

Features:

* Easy to learn BASIC-like syntax
* Simulate keystrokes and mouse movements
* Manipulate windows and processes
* Interact with all standard windows controls
* Scripts can be compiled into standalone executables
* Create Graphical User Interfaces (GUIs)
* COM support
* Regular expressions
* Directly call external DLL and Windows API functions
* Scriptable RunAs functions
* Detailed helpfile and large community-based support forums
* Compatible with Windows 95/98/ME/NT4/2000/XP/2003/Vista
* Unicode support
* Digitally signed for peace of mind
* Works with Windows Vista's User Account Control (UAC)

AutoIt has been designed to be as small as possible and stand-alone with no external .dll files or registry entries required making it safe to use on Servers. Scripts can be compiled into stand-alone executables with Aut2Exe.

Also supplied is a combined COM and DLL version of AutoIt called AutoItX that allows you to add the unique features of AutoIt to your own favourite scripting or programming languages!

Best of all, AutoIt continues to be FREE - but if you want to support the time, money and effort spent on the project and web hosting then you may donate using the link to your left in the menu.

Take me to the downloads page: http://www.autoitscript.com/autoit3/downloads.shtml

========================================================


*New* full support for AutoIT v3.2.6++ :)


... mmh here's what I merely missed in the 'public sources 3.1.0'
This program is for studying the 'Compiled' AutoIt3 format.

AutoHotKey was developed from AutoIT and so scripts are nearly the same.

Drag the compiled *.exe or *.a3x into the AutoIT Script Decompiler textbox.
To copy text or to enlarge the log window double click on it.



Supported Obfuscators:
'Jos van der Zande AutoIt3 Source Obfuscator v1.0.14 [June 16, 2007]' ,
'Jos van der Zande AutoIt3 Source Obfuscator v1.0.15 [July 1, 2007]' ,
'Jos van der Zande AutoIt3 Source Obfuscator v1.0.20 [Sept 8, 2007]' ,
'Jos van der Zande AutoIt3 Source Obfuscator v1.0.22 [Oct 18, 2007]' and
'EncodeIt 2.0'


Tested with:
AutoIT : v3.2.9.4 and
AutoHotKey: v1.0.47.4



The options:
===========

'Force Old Script Type'
Grey means auto detect and is the best in most cases. However if auto detection fails
or is fooled through modification try to enable/disable this setting

'Don't delete temp files (compressed script)'
this will keep *.pak files you may try to unpack manually with'LZSS.exe' as well as *.tok DeTokeniser files, tidy backups and *.tbl (<-Used in van Zande obfucation). Default:OFF 'Verbose LogOutput' When checked you get verbose information when decompiling(DeTokenise) new 3.2.6+ compiled Exe Default:OFF 'Restore Includes' will separated/restore includes. requires ';AUT2EXE INCLUDE-START' comment to be present in the script to work Default:ON 'Use 'normal' Au3_Signature to find start of script' Will uses the normal 16-byte start signature to detect the start of a script often this signature was modified or is used for a fake script that is just attached to distract & mislead a decompiler. When off it scans for the 'FILE' as encrypted text to find the start of a script Default:OFF 'Lookup Passwordhash' Copies current password hash to clipboard and launches http://md5cracker.de to find the password of this hash. I notice that site don't loads properly when the Firefox addin 'Firebug' is enabled. Disable it if you've problems 620AA3997A6973D7F1E8E4B67546E0F6 => cw2k

... you may also get an offline MD5 Cracker and paste the hash there like
DECRYPT.V2 Brute-Force MD5 Cracker
http://www.freewarecorner.de/download.php?id=7298
http://www.freeware.de/Windows/Tools_Utilities/Sicherheit_Backup/Ver__und_Entschluesselung/Detail_EDECRYPT_Brute_Force_MD5_Cracker_9832.html
http://www.shareware.de/Windows/Tools_Utilities/Sicherheit_Backup/Ver__und_Entschluesselung/Detail_EDECRYPT_Brute_Force_MD5_Cracker_9832.html


CommandLine:
===========

Ah yes to open a file you may also pass it via command line like this
myAutToExe.exe "C:\Program Files\Example.exe" -> myAutToExe.exe "%1"
So you may associate exe file with myAutToExe.exe to decompile them with a right click.

To run myAutToExe from other tools these options maybe helpful
options:
/q will quit myAutToExe when it is finished
/s [required /q to be enable] RunSilent will completly hide myAutToExe

Update 2011:
finally it also supports fully the new AutoIt 3.26++ files


Homepage | Forum
DownloadmyAutToExe2_10_src.7z 


Mirrors:

https://www.4shared.com/file/eObTW4ub/myAutToExe2_10_src.html
https://www.4shared.com/file/J3YEdvbg/myAutToExe2_2_AutoIt3_Decompil.html
https://www.4shared.com/file/Kn_2juN3/myAutToExe2_10_AutoIt3_Decompi.html


other files decoders, dezenders...

New Rapid$hare T00L$

0 comments

USD v1.34.8 BlackManos Pack v13.43
Rapid Uploader v1.2
FullURL v1.12

HaPPY CHinEse NeW YEaRuPdateD eXe Tools - pAcKer - UnPacKer


TeST:

xp-AntiSpy.exe {85.00 KB}
xp-AntiSpy.exe {75.50 KB} UPX LZMA
xp-AntiSpy.exe {76.16 KB} LZMA
xp-AntiSpy1.exe {78.00 KB} PECompact 2.80 highest comp. LZMA /Api hook

utorrent.exe {215.25 KB} snake doctor mod TransVestiteD unpacked :-)

more great stuff: http://web18.server10.nl.kolido.net/v3/
http://wt.3800hk.com/Soft/zhly/
http://scriptmafia.org/
http://www.exeinfo.go.pl/ - find urls : http:// & https:// in non exe detection .php .asp and .sql batch

Zeta Debugger v1.3 by Sapunov Vladimir

0 comments
Zeta Debugger - C/C++ source code debugger

At this moment the debugger supports a several number of debugging formats used by compilers of two most known companies - Borland and Microsoft. In the future we plan to add more formats to support.

In any case, we understand that it is impossible to create format loaders for all of existing compilers and their versions. So, we have provided a convenient way for programmers and compiler developers to create their own specific format loaders which implemented through plug-in modules. Read details here. Source files for already existing debug information loaders you can download here.

Partially or fully supported formats:
Compiler Format Marker Compiler Version
Borland C++ FB07, FB08, FB09, FB0A BCC4, BCC5, BCC5.5
Visual C++ NB09, NB11, NB10 VisualC 5.0, 6.0
Attention Some formats were not fully tested.

Website and Download

Armadillo Killer

0 comments
Armadillo Killer 2.6 build 5
--------------------------------------------------------------------------------
[x] Support Armadillo 2.60c version (CopyMemII too). Armadillo is fully defeated
again :)

--------------------------------------------------------------------------------
Armadillo Killer 2.6 build 4
--------------------------------------------------------------------------------
[x] Support Armadillo 2.60c versions (except CopyMemII only). Wait for few days please.
[x] One more Armadillo version is supported (http://www.bearshare.com)
[x] Now you see only one messagebox with final message (The dump is ready. Bla-bla-bla).
[x] Support of expired version was added :) So you can easy reset trial counters for every
Armadilled application! I'm gonna to write a special app that resets trial counters and
hides a nag-screen ;) Use Armadilled applications for free.


Information.
============
So, it's me again and my small dumper.

It's the new version for Armadillo versions 2.5x-2.6x
( ever for stupid custom builds :).

My app dumps the application, finds the OEP (sometimes :),
and prepares protected application for ImpRec
or Revigin session. I'm going to add my import rebuilder
later but now you have to do it yourself.

Here is the list of products that use Amadillo, so
you can play with them a bit :)

http://www.seba14.org (http://www.seba14.org/download-manager.php?id= xx)xx = number 01 - 99 Halite Armadilled and older eMule / Torrent Clients with Splash shit
http://www.sb-innovation.de All Sarim ( = Seba ) Productions Dr. Snake with / without Splash Screens (uTorrent 1.7x, 1.8x / BitTorrent 6.x)

jups they are the same: sarim / snakedoctor / seba14 / butcho - sb-innovation.de / seba14.org
from over 400 exe protectors used the same at the same time in the past 2006 till now 2008 by freeware:

1. > July 2007 - Themida (Splashscreen support)
2. > Aug. 2007 - y0da
3. > Sep. 2007 - now Armadillo 4 - 5.x (splashscreen support in exe protector) - works only stealthy for enduser by files in original size > 1,8 MB

http://www.bearshare.com/
http://www.med.uk.com
http://www.processcontrolsolutions.com
http://www.imserv.com
http://www.nzguide.co.nz
http://www.atalasoft.com
http://www.skidmonk.com
http://www.acusolv.com
http://www.insight-concepts.com
http://www.silicmdr.com
http://www.cablecalc.com
http://www.123loganalyzer.com
http://www.tradingpatterns.com
http://www.hard-code.com
http://www.cherrywoodsystems.com
http://www.autoimager.com
http://www.imptec.com
http://www.moonlight-software.com
http://www.lincolnbeach.com
http://www.mystikmedia.com
http://www.dvdidle.com/
http://www.collectorz.com
http://www.icetips.com
http://www.thethinktanksoftware.com
http://www.netscantools.com
http://www.demmel.com/cellular/english/
http://www.logipole.com
http://www.wealth-lab.com
http://www.dynastorelight.com
http://www.tickermymail.com
http://www.logiware.de/
http://www.mtcpro.com/
http://www.iopus.com/download.htm
http://www.lonewolf-software.com
http://www.longfine.com/
http://www.bradsoft.com/topstyle/download/index.asp
http://thelearningpit.com/lp/logixpro.html

If you know others sites with armadilled applications
just drop me e-mail (armkiller2002#yahoo'com), I'll check
how they work :)

DON'T SEND ME ATTACHMENTS PLEASE - LINKS ONLY !!!

And few words about CopyMem-II - it's terrible thing,
it makes applications slow and unstable, runs two copies
in the RAM. My small multithread test works 45 (!!!)
times slower. So ArmKiller can help you to increase
applications' speed.

If you have any questions about work with Armadilled applications,
post them (with a link of course) on these forums:

http://fraviamb.cjb.net/
http://www.exetools.com/forum

ArmKiller.

Download:
http://www.team-x.ru/guru-exe/index.php?path=Tools%2FUnpackers%2FArmadillo/

more usefull t00lz:

Guru.eXe Website

PEdiy Website

Programmer's Tools Website

Seek n' Destroy Website

The Collaborative RCE Tool Library Website

Tuts 4 You Website

29 January 2008

eMule 0.48a VeryCD 080126

0 comments
eMule 0.48a VeryCD 080126 Build 26. Jan. 2008

Changelog:
Source: VeryCD.cOM
* Close eMule offline problems solved
* Nat servers congestion problems solved
* Solve network congestion problems LowId
* Amended several memory leak bugs
* Regulation 3.5 parameter optimization upload
* Reduce the source NAT exchange network load Crash three minutes after the resumption nobody will automatically ignored.

Changelog: http://www.emule.org.cn/download/changelog.txt
Download site: http://www.emule.org.cn/download
BetaSite: http://www.verycd.com/groups/eMuleBeta/

Download: http://download.verycd.com/eMule-VeryCD-Setup.exe - Mirror
SRC: http://download.verycd.com/eMule-VeryCD-Beta-src.rar

eMule v0.48a Applejuice v2.3 the eXe shield/steahlt Mule entcrypted

0 comments
eMule Applejuice Main Features which give you more SPEED and SECURITY include it self for possible dissembling:
----------------------------------------------------------------------
- Applejuice Community with many Community Clients advanced Community Features
- Applejuice Creditsystem: you can "buy" download Slots from other Community Clients with Applejuice you get for your Upload
- Community Topfile List: Search and Find the Files with most Community Clients
- advanced Upload Managament, Upload Protection and Boost Clients
- many Hacks, Community Fakes and Client Emulations
- security Features like 'no complete Files' and 'Filename Obfuscation'
- AES (256 bit) encrypted File-Transfers for more Security
- many other useful Features
- all eMule Xtreme Features


Changelog eMule v0.48a Applejuice v2.3:
-----------------------------------------
January, 2008
Protection crypts removed for a better look inside the binary.
Import sect. needz 2 adjust if u wanna change graphics ;)

December, 31. 2007

FEATURES:
Security:
- Country-Block
--- Select up to 3 Countries of which you want to block all upload and download

Other:
- improved Anti modified Applejuice Clients
- updated file comment spam list of Anti-Leecher system
- minor memory fixes and improvements on Community code
- create crashdump file without asking

Changelog eMule v0.48a Applejuice v2.2.1:
-----------------------------------------
December, 1. 2007

FEATURES:
- Anti modified Applejuice Clients
- changed default AES setting to Support AES
- fixed bug manual adding client to IPFilter
- minor fixes on AES and bzip2

GUI:
- download status column in queuelist and uploadlist
- better adjusted Applejuice Clientdetails for displaying AES setting

RELEASE-INFOS:
Country-Block from Bu$hMule WhitE/BlacK HouSe Edition:
This Feature is only for Security purposes. Be aware that by enabling this Feature you will
lose many Sources (including Applejuice Community Clients) and so downloading will be a lot
slower but more safety (depending in which Country you are and which Countries you block).
If Country-Block is enabled you will be asked on every startup of eMule Applejuice if you
want to keep it enabled. After 3 sessions it will automatically be disabled (you can manually
enable it again). To use Country-Block the ip-to-country.csv file has to be in your config folder.

http://www.applejuice.redp.de/eMule-Appeljuice/eMule.v0.48a.Applejuice.v2.3.bin.zip

Descargas/Telechargment:
unopacked - will not run in this status: eMule.v0.48a.Applejuice.v2.3.bin.rar (4.10 MB)

Archive