23 January 2009

Everest v4.60.1629 Beta

0 comments

Homepage: http://www.lavalys.com/forum/index.php?showtopic=3515&st=40

EVEREST v5.00 is not ready yet. But latest beta:

http://www.lavalys.com/beta/everestultimate_build_1629_bvk7jtzy0xc.zip

Universal Tcpip.sys Patch V1.0 Build 20090122

0 comments


x64 (64 bit) Windows


x86 (32 bit) Windows



Project Name: Universal Tcpip.sys Patch
Support OS: Windows XP/2003/2008/Vista/Windows 7, All SP*, All 32bit (x86) / 64bit (x64)
Author: deepxw#126.com
Blog: http://deepxw.lingd.net
http://deepxw.blogspot.com (English)

Increase the limited value of half-open (incomplete outbound) TCP connection.
"Universal Tcpip.sys Patch" is a File Patch. It direct modifies the file tcpip.sys on hard disk.

If you want to modify Tcpip.sys in memory, you can choose another tool "TCP-Z".

More information about tcpip.sys File Patch, you can visit:
http://deepxw.blogspot.com/2008/12/on-internet-there-are-all-kinds-of-tcp.html


Notes:

1) In 32-bits and 64-bits Vista / Windows 7, testsigning must set to on, don't try to disable it.
If "Test Mode" exists on the desktop, you can run "mcbuilder.exe" again to rebuild MUI cache. Or apply the patch once again.

2) In the Windows Server Edition, you can also find the limited value. However, this value is not active; the server will not compare this number.


History:
2009.01.22 V1.0.0.5
+ First release.

Homepage: http://deepxw.blogspot.com/

Download: UniversalTcpipPatch_20090122.zip
Mirror: TCPZ_20090108.zip

22 January 2009

Protection ID v6.1.6 (18th jan 2009) - Mixed New Reverse Engineering Stuff

0 comments
Protection ID 6.1.6

Core Code changes:

- new: enabled the PE Stuff dialog (still in early stages)
- new: smbios reporting added (misc tools portion)
- update: pid entrypoint code optimised
- update: updated resizing core, and squashed a few bugs
- update: false positive with some anti virus programs is now fixed (gdata and avast)
- update: folderwatch, task manager, cd/dvd filter driver report, services report and folder
locations all have right click context menus allowing the data to be saved to file
- update: uninstaller code tweaked - various fixes on some entries that would not uninstall
- update: update portion is now tweaked, a bit better and more futureproof
- update: windows 7 is now detected right and everything is functional (we are windows 7 compatible)

- bugfix: gui issue when run from context menu (log window will be shown)
- bugfix: file open doing nothing bug fixed - happened on WinXP with no service packs
- bugfix: folderwatch - bugfix in window handler, could have caused a lockup in 9x/me systems


detection additions / changes

- new: check_protectdisc.asm - added ProtectDisc exact v9.0.0, v9.1.0 & v9.2.0 detection
- new: check_g4wl.asm - added Games for Windows Live detection (xlive)
- new: check_steam.asm - added Steam (basic stub) detection
- new: check_activemark.asm - added ActiveMARK v6.50.767 detection

- new: check_breakpointcrypter.asm - added Breakpoint Crypter v0.0.79 detection
- new: check_expressor.asm - added exPresor v1.6.1 (Pro) detection
- new: check_fearzcrypter.asm - added fEaRz Crypter v2.2.0 detection
- new: check_hellcrypter.asm - added HellCrypter v1 detection
- new: check_kratoscrypter.asm - added Kratos Crypter detection
- new: check_npack.asm - added nPack v1.1.800.2008 + unknown version detection
- new: check_obsidium.asm - added Obsidium v1.3.6.1 detection
- new: check_pespin.asm - added PeSpin v0.1 (x64) detection
- new: check_rdgpack.asm - added RDG Pack Lite Edition v0.4 detection
- new: check_roguepack.asm - added RoguePack v4.0 Beta 1 detection
- new: check_rlpack.asm - added RLPack v1.21 detection
- new: check_simplecrypter.asm - added Simpl3 CrYpT3R detection
- new: check_xcrypter.asm - added X-Crypter v2.01 detection
- new: check_zprotect.asm - added in *generic* ZProtect detection

- new: dongle_softdog.asm - added SoftDog Dongle detection

- update: check_protectdisc.asm - removed protection level output (basic/pro) when detecting v9
(this version is all 'Pro', no more 'Basic' v9 games)
- update: check_activemark.asm - ActiveMark v6.1.335 detection rewritten
(thx Nacho_dj for reporting a bug in American McGee's Grimm Bundle)


CD/DVD/Image file/sector scan

- update: sector scan updated to handle various movie protections
(css/cpmm, cprm, aacs hddvd, aacs bd), this code is still in the experimental stage,
and needs testing, but seems to work

[I] Init cd/dvd sector scan for Drive O
[i] Detected CSS / CPMM Protection! (0x00000001)
[i] Region Lock Detected -> RegionBitMask: 00000002
[.] Region(s) allowed : 2 (Drive region will need to be changed, you have 2 changes remaining,
your current region is : 1)
- Scan Took : 0.828 Second(s)

- bugfix: fixed bug in cddvd sector scanning code (register got trashed) - not critical..

Homepage: http://pid.gamecopyworld.com/ProtectionID.html - http://pid.gamecopyworld.com/

Download: http://pid.gamecopyworld.com/ProtectionID_v6.1.6_2k9.rar
Mirror DDL: http://mods.xf.cz/dl/ProtectionID_v6.1.6_2k9.rar



-----------------------------------------


Themida - Winlicense ID 1.1 Support EXE / DLL / OCX
Author: goldsun

Supported versions: 1.0.0.8 - 2.0.5.0 or higher

Detects exact Themida-Winlicense version.
How to use: drag a themida protected file and drop it over the exe or use the PEiD plugin.

Download: Themida_Winlicense_ID.zip

-----------------------------------------


TheMida - WinLicense Info Script
, Show me the infos!

Author : LCF-AT
Environment : WinXP, OllyDbg V1.10, OllyScript v1.65.4
Date : 2009-20-01

========WILLST DU SPAREN,DANN MUßT DU SPAREN!=============

Hello together,

today I wanna share a new written script by me about to get some useful infos about TheMida / WinLicense protected targets.
-This script can get the exact version release year and the protection
-I also added to get the right section name,VA and name of the file summarized in nice message box for the user.
-Included diffrent search methods to get this informations for all TM / WL targets.

Homepage: http://kienmanowar.wordpress.com/category/re-tools/

Download: TheMida - WinLicense Info Script.txt 5.60 KB
DDL: http://mods.xf.cz/dl/TheMida - WinLicense Info Script.txt

-----------------------------------------



Exeinfo PE ver. 0.0.2.2 by A.S.L 470 sign 2009.01.10


Changelog:

compare gfx 3D RWA / Virtual Size section
added eof check - picture PNG format ( EOF ok - multi file scanner ) many similar info added ….
gfx rippers added ( BMP GIF JPG PNG )
overlay detector doc/msi/xls added [ ripper not included :-( ]
Header info Directory - new window added ( value bigger then 0000 are BOLD font )
many bug fixed , hints , copyClip fixed

470 signatures :

456. Free Pascal Lazarus Project v0.9.26 beta 2008-10-05 - http://sourceforge.net/projects/lazaru
457. DRPU Setup Creator v.2.0.1.5 ( C++ ) - www.setupcreator *ACM
458. ST Ultra Pack 2 v0.6s (2008.10.30) Created by Silent Software & Silent Shield - www.ssoft.wz.cz *ACM
459. Ionic Wind Software Compiler *EXE (Aurora 1.0 / Emergence Basic v1.67 ) - www.ionicwind.
460. Ionic Wind Software Compiler *DLL (Aurora 1.0 / Emergence Basic v1.67 ) - www.ionicwind.
461. Armadillo ver.4.20 min. compress - www.siliconrealms (exe)
462. GoAsm.Exe Version 0.56.4m - Copyright Jeremy Gordon 2001/9 - www.GoDevTool (exe)
463. Mew 10 packer v1.0 Coded by Northfox 2004.03.06 ( AVir : malicious packer ) - http://northfox.uw *ACM
464. www.elefun-games GameWrapper ( MSV C++ 8.0 ) v.1.0.0.1
465. RDG Tejon Crypter v0.4 ( MS VB 6.1 ) - www.rdgsoft.8k *ACM
466. NonstandarD - Microsoft Visual Basic 5.0 -6.x www.microsoft
467. DCrypt v.0.9b - drmist ( cryper )
468. HipACryp - 0.0.1 Coded By Departure! ( 2008.11.08 ) - www.Cheesydoodle *ACM
469. Armadillo ver.4.xx min. compress - Generic Detector - www.siliconrealms
470. Hying's PE-Armor v0.75 - www.ccg.org

DDL: http://mods.xf.cz/dl/exeinfope.zip
-----------------------------------------


IDA 5.4 beta
In addition to numerous small and not that small improvements, the new version will have hree debugger modules: bochs, gdb, and windbg, selectable on the fly (the active debugger session will be closed, though wink1.gif)

* With the bochs debugger, we offer three different worlds: run-any-code-snippet facility, windows-like-environment for PE files, and any-bochs-image bare-bone machine emulation mode. You can read more about this module in our blog: http://hexblog.com/2008/11/bochs_plugin_goes_alpha.html
* With gdb, x86 and arm targets are supported. Among other things, it is possible to connect IDA to QEMU or debug a virtual machine inside VMWare. We tried it iPhone as well. However, while it works in some curcimstances, there were some problems on the gdbserver side. With windbg, user and kernel mode debugging is available. The debugger engine from Microsoft, which is currently the only choice for driver and kernel mode debugging, can be used from IDA. It can automatically load required PDB files and populate the listing with meaningful names, types, etc. Speaking of PDB files, IDA imports more information from them: local function variables and types are retrieved too, c++ base classes are handled, etc.

The gdb and windbg debugger modules support local and remote debugging. We tried to make the debugger modules as open as possible: target-specific commands can be sent to all backend engines in a very easy and user-friendly way.

As usual, better analysis and many minor changes have been made. If you spend plenty of time analyzing gcc generated binaries, you’ll certainly appreciate that IDA handles its weird way of preparing outgoing function arguments. Now it can trace and find arguments copies to the stack with mov statements.

The new IDA will support Python out of box, thanks to Gergely Erdelyi, who kindly agreed the Python plugin to be included in the official distribution. In fact, the main IDA window will have a command line to enter any python (or other language) expressions and immediately get a result in the message window.

We will prepare the detailed list of improvements later this week.

Homepage: http://hexblog.com/2009/01/ida_v54_release_is_not_that_fa.html

Downloads:

ProtectionID_v6.1.6_2k9.rar 372.33 KB
Themida_Winlicense_ID.zip 19.46 KB
exeinfope.zip 534.44 KB

RatioMaster 2 Latest Beta | RatioBlaster Latest Version

2 comments


/ * RM2 is based on reverced engineered RatioMaster code.

Thanks a lot for Ratiomaster(the person) and JTS(plus all the others who helped build/run/test RM) for there grate work on RM. * /

/ * Why This?

The main dev of this program wanted to right this just for fun and learning. after all cheating the system is a lot of fun ;) * /

--Credits--

/ * Programming

me! phiscker(on www.moofdev.org/fourms) aka silentp33r (silentp33r.wordpress.com) * /

/ * Inspiration(lol)

zeebo * /

/ *Testing

zeebo
12345b
timmiychang
BigHead
abcabc
boom25
phonzie * /

Ratioblaster is a new spoofing program based heavily on ratiomaster with a whole bunch of new features:

• You can fake as many torrents as you wish while only one client is working
• consume less memory (because this does not use tabs)
• utorrent like UI
• skinnable
• automatic memory reader function
• have all most all the RM's features (like .client files made for RM, NRPG doesn't support these...)

And much more!

Visit us now @ Moofdev.org

SWF attachment files # 324 - 487 ( Oct 2008 - Jan 2009 )
Binary Release + all Plugins

Download content:
size - filename
======================================================
848 Azureus (Vuze)_3110.client
799 Azureus_2502.client
799 Azureus_2504.client
797 Azureus_3006.client
890 Azureus_3022.client
892 Azureus_3030.client
841 Azureus_3034.client
887 Azureus_3042.client
896 Azureus_3050.client
884 Azureus_3052.client
885 Azureus_3100.client
885 Azureus_3110.client
775 bitcomet 0.89.client
775 bitcomet 0.90.client
775 bitcomet 0.91.client
775 bitcomet 0.92.client
775 bitcomet 0.93.client
796 BitComet0103.client
663 BitSpirit3.1.0.077.client
663 BitTorrent 6.0.3 (8642).client
700 Deluge_0586.client
696 Deluge_0587.client
314.640 RatioBlasterB12.rar
382.931 RatioBlaster_Heb.zip
51.864 ratiomasterwt9.png
518.411 RBInstaller.exe
303.891 RM2.rar
662 utorrent 1.6 (474).client
675 utorrent 1.6.1 build (483).client
14.722 utorrent 1.8.0(all builds).rar
670 utorrent_1.6.1(489).client
670 utorrent_1.6.1(490).client
662 utorrent_1.6_(474).client
666 utorrent_1.7.0_build_(3265).client
666 utorrent_1.7.0_build_(3295).client
666 utorrent_1.7.0_build_(3341).client
666 utorrent_1.7.0_build_(3353).client
666 utorrent_1.7.1_build_(3360).client
666 utorrent_1.7.2_build_(3458).client
664 utorrent_1.7.3_build_(4470).client
666 utorrent_1.7.4_build_(4482).client
666 utorrent_1.7.5_build_(4602).client
666 utorrent_1.7.6_build_(7859).client
666 utorrent_1.7.7_build_(8179).client
686 utorrent_1.8.0_build_(10054).client
686 utorrent_1.8.0_build_(10085).client
686 utorrent_1.8.0_build_(10093).client
688 utorrent_1.8.0_build_(10181).client
688 utorrent_1.8.0_build_(10198).client
688 utorrent_1.8.0_build_(10364).client
688 utorrent_1.8.0_build_(10415).client
688 utorrent_1.8.0_build_(10431).client
688 utorrent_1.8.0_build_(10504).client
688 utorrent_1.8.0_build_(10524).client
688 utorrent_1.8.0_build_(11140).client
681 utorrent_1.8.0_build_(11200).client
681 utorrent_1.8.0_build_(11439).client
681 utorrent_1.8.0_build_(11464).client
681 utorrent_1.8.0_build_(11468).client
681 utorrent_1.8.0_build_(11549).client
681 utorrent_1.8.0_build_(11564).client
672 utorrent_1.8.0_build_(6102).client
672 utorrent_1.8.0_build_(6104).client
672 utorrent_1.8.0_build_(6171).client
672 utorrent_1.8.0_build_(6415).client
686 utorrent_1.8.0_build_(6723).client
686 utorrent_1.8.0_build_(7593).client
686 utorrent_1.8.0_build_(7660).client
686 utorrent_1.8.0_build_(7676).client
684 utorrent_1.8.0_build_(7785).client
684 utorrent_1.8.0_build_(7795).client
686 utorrent_1.8.0_build_(7834).client
686 utorrent_1.8.0_build_(7895).client
686 utorrent_1.8.0_build_(7928).client
686 utorrent_1.8.0_build_(8188).client
686 utorrent_1.8.0_build_(8205).client
686 utorrent_1.8.0_build_(8680).client
686 utorrent_1.8.0_build_(8682).client
686 utorrent_1.8.0_build_(8852).client
686 utorrent_1.8.0_build_(8855).client
686 utorrent_1.8.0_build_(8872).client
686 utorrent_1.8.0_build_(8891).client
686 utorrent_1.8.0_build_(8912).client
686 utorrent_1.8.0_build_(9137).client
684 utorrent_1.8.0_build_(9272).client
686 utorrent_1.8.0_build_(9360).client
686 utorrent_1.8.0_build_(9363).client
683 utorrent_1.8.0_build_(9578).client
686 utorrent_1.8.0_build_(9599).client
686 utorrent_1.8.0_build_(9704).client
685 utorrent_1.8.1_(build_12616).client
681 utorrent_1.8.1_(build_12639).client
685 utorrent_1.8_(build_11564).client
685 utorrent_1.8_(build_11705).client
685 utorrent_1.8_(build_11758).client
685 utorrent_1.8_(build_11813).client
0 ordnerliste.txt
97 File(s) 1.659.366 bytes - 1 temp
======================================================


Homepage:http://www.moofdev.org/
http://www.moofdev.org/ratioblaster
http://www.moofdev.org/ratiomaster

Download all files:
rm.zip 1.55 MB - DDL: http://mods.xf.cz/dl/rm.zip

Source code: http://ratiomaster2.googlecode.com/files/RatioBlaster.source.code.release.1.rar
Older public Version: http://www.moofdev.org/download/RatioMaster-1.7.5.zip
SVN Repo: https://ratiomaster2.googlecode.com/svn

Google Project: http://code.google.com/p/ratiomaster2

20 January 2009

The mod with no name

14 comments



The first given modname was a Joke to produce some more Forum trash with success. But there is much more trash in some plugin files like dlp un-moderated :-))

Features

Improvements and fixes are subject to be changed any time:

Improved: added more file types as any other known
Improved: removed hover tracking use a slider in TransferWnd.cpp
Improved/fixed: Argos System don't detect own custom modstr as modthief, selection levels: score reduced, no up to leecher, ipban extended to all kinds
Improved: Save some overhead
Improved: MediaInfo.dll support, if there is a mediainfo.dll, we don't care about the settings.
Improved: repaint preference window if needed

Fix: Check file by download if its known
Fix: server list disappearing number
Fix: perform inverse sorting in the queuelist
Fix: splitter position in server window
Fix: String Limit give the correct value back
Fix: Stats Total completed size
Fix: change to a pointer list when setting priority of server's
Fix: make code better vs 2008 compatible and work around/fix compiler warnings


Changed: Ligher code
Changed: Graphic and Icons optimizations
Changed: DLP + MA dlp update url
Changed: IPFilter update to use Ozzy P2P Ip filter
//Changed: Auto PowerShare (if enabled in options) by incomplete/partfiles too
Changed: seperate Country flag and Country name plus add show ip in al lists
Changed: add source thread safe
Changed/Added option: use modstring custom, you can give the mod any name what you like or select session names from FunnyNick code random, send no modstring/prot extension.
Added: to options selectable send modname after nickname on/off
Added: correct funnynicks to send and option to disable random nick addon
Changed: generation of included funny nick name generation/combination to use as modname with space 2 names or single names, written together with session or permanent modname to option selectable
Changed: remove all leecher features from source and done separate, user can by compiling select the features if he like to build a leecher mod. -> see automerge and source code files search add/replace patcher for automatization to include selectable features in other mods source code files.

Enhanced hidden prefs in advanced option: ShowActiveDownloadsBold
HistoryShowShared (Download History) + icon sorting fixed // ist off in MA
Added: Hidden prefs to options Gui enable/disable show sidebanner in Option/config page

// Added: add a entry of possible badclients hash and ip's to a list. Enhanced //security 3th freeware applications can be used with the 'debug' log output and //ping or disconnect connections of single connected clients ip's or isp range //(manual ban via 3th application) or adjustments of outgoing upload speed settings //to ip ranges.
//Added: Ask user by first start to enter a username (nickname) and modname (custom //modstr.) or select use funny names of his choice, if empty disable protocol //extensions, ensure in this case we don't send a modname and all known systems like //dlp ident as emule just.




All credits to Tuxman for great code parts and ideas.
I also changed/removed this crazy open a website for nodes.dat to get a downloadlink,... at the end we have to visit a site for ip filter update download one for download the right language files another one to download server met maybe one for ip-to-country.csv and can withdrawn all autoupdate and auto download code parts in mule so we get it even smaller or do the browser in emule and use the newsfeed feature to see when updates are available.

You get a gpl conform source code ready to compile within a few minutes for everyone who never used a compiler before. You need VS 2008 Test Version installed which is for free to download.

Changes and features you can later via drag n drop put in selected source code files.
The download will be available to the weekend

In the future enduser will only download source codes. Instructions how easy everybody can compile official emule open source codes and if like do his changes to make his/her own mod changes to get emule.exe
Most users will not more use the ready compiled binaries.


There will be source code pre changed files for all mods, the user can replace to get a result how he like to build his mod. Fix modname string replacement files can be taken from other open source compatible mods as well for custom modstrings the changes.

16 January 2009

The Alternative DLP

8 comments
Project Alternative Dynamic Leecher Protection

Dear all

As we all know the 'official DLP' don't protect from the most popular eMule mod Applejuice and co. which give mostly zero upload to non AJ Comm mods.

Removed from the ban are small comm mods which give upload to all emule mods outside of a community too.

We are proud to present an alternativ DLP with enhanced AJ protection. [for non AJ mod comms]

Its Beta, every suggestion is welcome.

Many users are very dissatisfied with the current DLP and the DLP has evolved with the times since it exists.
A File Sharing Network can not have a monopoly still maintained by about 2 people to create for all a ban list based on factors which are fetched from somewhere else.

The power to ban, to sort out the ed2k net judge between right and wrong eMule mods, without the DLP creater ever have fully tested over a longer time range periode all the mods what they ban with the DLP, if these emule mods and ed2k compatible clients give upload to all or not can not be the right thing.
If there is only one official DLP with this power made by one 'Team' called them the officials. A monopol in a shared network will remain about who have the saying and not with such ban lists. This is not suitable for eDonkey Net users are all over the world.

In the democracy there should be a public voting pool for about which mods users vote to ban and not and not a high promoted dictatorship DLP of eMule mods and compatible clients.


More than 70 % of all leecher mod users using leecher mods with enhanced features to the official mods for releasing file into the ed2k net.

The DLP can be used with all Dynamic Leecher Protection enabled mods such as:

- Mephisto
- ScarAngel
- Xtreme Mod
- Hardstyle XS
- CN Mod
- VeryCd mod
- MagicAngel
- ...
and all mods based on it

based on dlp v3.5

File Hashes from:
antiLeech.dll
antiLeech.dll.new

CRC32: ecf807cc
MD5: 248184a7e1eb0d65aa3704bf418fca91
SHA-1: b85126cb502f9a74ee3f6ad1bfacb4490d7fb6c7


Download and mirrors:
Web Site 1 - Web Site 2
antiLeech.dll | Mirror Berlin | Mirror Nuernberg | Mirror France | Mirror Russian Federation and Ukraine
antiLeech.dll.new | Mirror Berlin | Mirror Nuernberg | Mirror France | Mirror Russian Federation and Ukraine | Mirror USA

in addition to a good DLP we suggest the original Ozzy IP Filter for P2P - No repack or rip!
---Ozzy IP Filter---
Authors Download Ozzy's site host (not zipped)
http://ipfilter.tobby.eu/ozzy/ipfilter.dat

Download as zipped archive
eMule automaticaly unzip the content by update from this url:
http://mods.9tt.eu/dlp/ipfilter.zip 5.1 MB | Mirror | Mirror France



I want to thank the coder for this DLP very much!

Archive