This engine source is included.
Đây là một engine rất tốt mà các cao thủ trong làng reverse ai cũng biết. Tác giả ap0x cũng là một cao thủ và rất rành về masm đã viết engine này. Năm 2009 tác giả đã quyết định public source code masm. Nếu các bạn nghiên cứu virus và reversing ko thể thiếu bộ engine này. Hảy download về và ngâm cứu chúng ta học rất nhiều trong engine này. Lúc trước tôi cũng bắt chước viết 1 engine tương tự nhưng chưa đi đến đâu do ko có tgian và trình độ giới hạn. Thanz u very much to ap0x.
Benina
http://ap0x.jezgra.net/sdk.html
Benina
This unpack engine covers everything one unpacker needs. It has debugger, dumper and importer modules which enable coding unpackers with ease. SDK is free and can be used by anyone but make sure you mention my name or include logo.bmp somewhere in About dialog. SDK v.1.5 - Added C SDK - Updated Delphi and MASM SDK - Fixed all .dll LIB files in Engine folder - Fixed memory problems for all modules - Tested on over 100+ unpackers build on it! - Listing major changes only... v.1.7 [Debugger.dll] - Added new API: GetExitCode - Added new API: DebugLoopEx - Added new API: GetDebugData - Added new API: AttachDebugger - Added new API: DetachDebugger - Added new API: GetTerminationData - Added new API: LengthDisassembleEx - Added new API: GetDebuggedDLLBaseAddress - Added new API: GetDebuggedFileBaseAddress - Fixed: CommandLine parameter passing for InitDebug - Fixed: Wrong hex to dec conversion for some numbers - Fixed: LengthDisassemble crashing while getting length for some addresses - Fixed: Not releasing open handles for some files v.1.6 [Dumper.dll] - Added new API: IsFileDLL - Added new API: DumpProcessEx - Added new API: PastePEHeaderEx - Added new API: DeleteLastSection - Added new API: SetSharedOverlay - Added new API: GetSharedOverlay - Added new API: StaticLengthDisassemble - Fixed: Crashes releated to overlay when trying to extract the overlay - Fixed: ConvertVAtoFileOffset not converting addresses correctly with some files - Fixed: Crashes with PastePEHeader when PE32 header is not below 0x1000 - Fixed: Not releasing open handles for some files v.1.6 [Importer.dll] - Added new API: ImporterAutoSearchIATEx - Added new API: ImporterGetRemoteAPIAddress - Added new API: ImporterRelocateWriteLocation - Added new API: ImporterGetDLLNameFromDebugee - Fixed: ImporterGetAPINameFromDebugee not returning names for APIs - Fixed: ImporterFindAPIWriteLocation returning wrong values if API is not found v.1.1 [Tracer.dll] - Added support for following redirections: SVK Protector 1.x, tELock 0.8x-0.99 - Fixed: Memory leak for tracing large ammount of data in the same session - Improved tracing for all levels (added a trace into near jumps) v.1.0 [Realigner.dll] - Added new API: RealignPE - Added new API: IsPE32FileValid v.1.0 [Relocater.dll] - Added new API: RelocaterInit - Added new API: RelocaterAddNewRelocation - Added new API: RelocaterExportRelocation - Added new API: RelocaterChangeFileBase - Added new API: RelocaterEstimatedSize - Added new API: RelocaterMakeSnapshoot - Added new API: RelocaterCompareTwoSnapshots - Added new API: RelocaterGrabRelocationTable - Added new API: RelocaterGrabRelocationTableEx v.1.1 [HideDebugger.dll] - Added check for Windows version before patching APIs - Fixed: ASLR and Vista compatibility (Importer must be present) v.1.2 [Updater.dll] - Added return value to UpdateEngine - Added support for Tracer.dll updating - Added support for Realigner.dll updating - Added support for Relocater.dll updating - Changed update location to http://www.reversinglabs.com/ |