Product Name : I3ExecOnTheFly
Creator : RCD a.k.a richardiy
Compiler : LCC Win32
==================================
DUMPING TUTORIAL
1.
[You must be registered and logged in to see this link.]C&P I3ExecOnTheFly ke directory dimana PB berada,,,,dan jalankan
2.
[You must be registered and logged in to see this link.]Jalanin aja petunjuknya sampe sukses, .i3Exec ter-load
3.
[You must be registered and logged in to see this link.]Tinggal diDump, Enjoy
============================================
Kalau udah diDump, kamu bisa mencari offset dengan OllyDBG, scan AOB dari CE [Open Process : LOADLL.EXE], dan lain lain,,,,
SCAN AOB TUTORIAL
Load File hasil Dump pake OllyDBG, trus buka CE, Open Process [LOADDLL.EXE],,,,
Centang “Also Scan Read Only Memory”,,,,,,trus pilih value type jadi “Array Of Bytes”
Contoh :
SYGNATURE : 55 74 00 00 E9 EB C4 00 00 C3
MASK : x x ? ? x x ? ? ? x
Maka di C***t Engine, Sygnature menjadi
55 74 ?? ?? E9 EB ?? ?? ?? C3
Download Here.
[You must be registered and logged in to see this link.]Download Here.
[You must be registered and logged in to see this link.]Tambahan : [-] I3ExecOnTheFly Harus ada di File PB.
SS PE
[You must be registered and logged in to see this link.]Ficture PE TOOL :
New in this version:
* Added Generic OEP Finder
* DumpFixer added to Section Editor
* New signatures added (Tnx: .Cryorb/dyn!o/DeMoNiX/Aster!x/FEUERRADER)
* PE Sniffer code is optimized
* Ability to increment SizeOfHeaders added
* New plugin added - Recover UPX by Quantum
* Added ToolBar
* All options are saved in INI file now
* Control elements are changed a little in Sections Editor and Directory Editor
* Examples of plugins in MASM32/Delphi are added to SDK
* Signature creation utility (SignMan) is now distributed along with the main package
* PE Tools won't allow to edit IMAGE_DOS_HEADER if offset on IMAGE_OPTIONAL_HEADER is less than size of IMAGE_DOS_HEADER
* New version of update module (UUpdateSystem.dll)
* MMF functions are re-written
* Bug in File Location Calculator removed (Tnx: cyberbob)
* Bug in Kill Section (from file) removed
* Small bug in process dumper is removed
* Bug in Task Viewer removed
* Bug in Break & Enter removed
* Bug with options saving is removed
* PE Tools now works fine on Win95 (Tnx: Lepton)
* Sections processing algorithm is significantly changed
Description:
This
is a fully-functional utility for working with PE/PE +(64bit) files.
Including: Editor PE of files, Task Viewer, Win32 PE files optimizer,
detector of compiler/packer and many other things.
The basic functions of the program:
* Task Viewer
o Process dump
+ Dump Full
+ Dump Partial
+ Dump Region
o Ability to dump .NET CLR processes
o Automatic removal of protection " Anti Dump Protection "
o Change of a priority of process
o Kill process
o Loading of process into PE Editor and PE Sniffer
o Generic OEP Finder
* PE Sniffer
o Search of the compiler/packer used
o Ability to update signature base
o Ability to scan directories
* PE Rebuilder
o Optimization of a PE file
o Change of PE address base of a file
* PE Editor
o Editing of DOS heading
o Support of new PE+(64bit) format
o CRC correction
o Viewing and editing tables of import/export
SUMBER DARI :
[You must be registered and logged in to see this link.]