I’ve created PE Format poster in A1 59,4 x 84,1 cm format, including almost all of the structures from PE/PE32+ format (with comments from WinNT.h header file), if you would like to buy a printed copy, please contact me.
PE Format Poster
Posted by on March 29th, 2012 in Tools · 0 Comments.netshrink v2.3
Posted by on March 29th, 2012 in Tools · 0 Comments.netshrink is an executable compressor and DLL binder for .NET applications. It uses LZMA compression library and can decrease your file size by 50%. It can also protect your files with a password.
Recent changes:
v2.3
- project files support added
- list of locally stored passwords added
- fixed bugs with handling x64 applications
v2.2
- original assembly CPU architecture preservation
- running compressed assembly from the UNC path fixed
Download links:
Installer – http://www.pelock.com/download.php?f=netshrink.exe
Zip Archive – http://www.pelock.com/download.php?f=netshrink.zip
.netshrink v2.0
Posted by on November 30th, 2010 in Tools · 0 CommentsFinally, something new. Today I’ve released a new version of .netshrink a .NET Framework application compressor and password protector.
List of changes:
v2.0
- resources preservation (all resources, including icons, manifests etc.)
- compression of command line executables
- support added for .NET Framework 3.0, 3.5 and 4.0
- .NET Framework auto detection
- updated password query dialogs
- enter password from the command line for protected files
- minor bugs fixed
- help file updated to .chm format
v1.0
- first public release
RCE Directory
Posted by on April 4th, 2008 in Uncategorized · 0 CommentsJust a small project of mine – a link directory to RCE tools, blogs and everything else more or less related to reverse engineering.
Feel free to add your own links!
Tags: links, rceSecurity News
Posted by on September 27th, 2007 in Uncategorized · 0 CommentsMy new project Security News has started. It’s a small news page in polish language focused on reverse engineering.
Tags: Reversing, secnewsReally easy scripting with ODbgScript
Posted by on September 6th, 2007 in Assembler and Tools · 0 CommentsODbgScript is an extension for OllyDbg debugger (note to myself: so mr smartass there’s life except SoftICE heh 
).
I was always a little bit afraid of using it becouse i thought it’s easier to write separate application than to code in this weird scripting language.
But today i need a tool to dump decrypted strings from one application (while it’s running). I wanted to start coding live dumper based on WinApi’s debug functions but i though what the heck, let’s try to do it in ODbgScript.
Here’s the result:
; declare variables var string_ptr var file_name var file_index var file_size var x ; set breakpoint at the instruction where we ; intercepts decrypted strings bp 401020 ; initialize file_index variable mov file_index, 0 ; run application after setting the breakpoint again: run ; if we're here, it means application hit the breakpoint ; continue to execute script after breakpoint is hit ; (don't stop in OllyDbg) cob ; pointer to the encrypted string is stored ; at [ebp-14] let's grab it mov x, ebp sub x, 14 mov x, [x] mov string_ptr, x ; strings are null terminated, let's find its ; size so we can dump it (LEN command didn't work ; here, it always returns 0FFh) find string_ptr, #00# cmp $RESULT, 0 je skip_file ; calculate string size mov x, $RESULT sub x, string_ptr mov file_size, x ; format file name for decrypted string, name it using ; file_index value and .txt extension, eval works almost ; like wsprintf eval "C:\Test\{file_index}.txt" mov file_name, $RESULT ; dump memory area to the file dm string_ptr, file_size, file_name ; log action eval "{file_index} - VA = {string_ptr}, SIZE = {file_size}" log $RESULT; ; increase index value inc file_index skip_file: ; run application again after dumping jmp again
At first it might look confusing, but after playing with it for 5 minutes you will love it, especially if you know how to code in assembler.
And if you make mistakes in the script, don’t worry, it has its own, built-in debugger, available directly from OllyDbg so you can spot every mistake you did, trace down the script, modify its variables etc.
In other words viva la ODbgScript
PS. And don’t ask me why i didn’t use it before 
MultiExtractor v2.6.0a is out
Posted by on September 4th, 2007 in Tools · 0 CommentsMultiExtractor v2.6.0a file ripper is out.
What’s new:
- Conversion to PNG format
- Corrections in interface and dump engine
- New skin (mxWood)
Screenshot:
SSE5 on the way
Posted by on September 2nd, 2007 in Assembler · 0 CommentsWith the introduction of SSE5, many new 128-bit instructions have been added to the existing instruction set detailed in the AMD64 Architecture Programmer’s Manuals. Included are 46 base instructions that expand to 170 total instructions, enabling improved performance and reduced loads.
Source:
http://developer.amd.com/sse5.jsp
PDF Documentation:
AMD64 Technology 128-Bit SSE5 Instruction Set
I wonder in how many years will it be used as a default set of instructions?
Tags: SIMD, SSE5MultiExtractor v2.50a is out
Posted by on July 10th, 2007 in Tools · 0 CommentsA new version of MultiExtractor has been released. What’s new in 2.5.0a?
- ICL icon extraction (now you can extract icons from ICL files)
- Added MID, MPG, TIFF, EMF, WMF formats
- Possibility of unpack CAB (also InstallShield CAB’s)
- Image buffering (faster displaying of visited images)
- Naming of files through numbering (Explorer option)
- Upgraded conversion support (bitmap to bitmap with another background color)
MultiExtractor vs C: drive
Case studies?
Posted by on June 23rd, 2007 in Fun · 0 CommentsWhat’s the reason to put case studies section on your web page, when none of your customers wants to share his story, to look more legitimate?
