[PB] I3ExecOnTheFly 1.0. PointBlank.i3Exec And ProjectBlackout.i3Exec.
Product Name : I3ExecOnTheFly Creator : RCD a.k.a richardiy
==================================Compiler : LCC Win32
DUMPING TUTORIAL
1.
C&P I3ExecOnTheFly ke directory dimana PB berada,,,,dan jalankan
2.
Jalanin aja petunjuknya sampe sukses, .i3Exec ter-load
3.
Tinggal diDump, Enjoy
============================================
Kalau udah diDump, kamu bisa mencari offset dengan OllyDBG, scan AOB dari CE [Open Process : LOADLL.EXE], dan lain lain,,,,
SCAN AOB TUTORIAL
Load File hasil Dump pake OllyDBG, trus buka CE, Open Process [LOADDLL.EXE],,,,
Centang “Also Scan Read Only Memory”,,,,,,trus pilih value type jadi “Array Of Bytes”
Contoh :
SYGNATURE : 55 74 00 00 E9 EB C4 00 00 C3
MASK : x x ? ? x x ? ? ? x
MASK : x x ? ? x x ? ? ? x
55 74 ?? ?? E9 EB ?? ?? ?? C3
Download Here. I3ExecOnTheFly 1.0.
Download Here. PE Tool
Tambahan : [-] I3ExecOnTheFly Harus ada di File PB.
SUMBER DARI : http://richardyusan.wordpress.com/
Ficture PE TOOL :
New in this version:
- Added Generic OEP Finder
- DumpFixer added to Section Editor
- New signatures added (Tnx: .Cryorb/dyn!o/DeMoNiX/Aster!x/FEUERRADER)
- PE Sniffer code is optimized
- Ability to increment SizeOfHeaders added
- New plugin added - Recover UPX by Quantum
- Added ToolBar
- All options are saved in INI file now
- Control elements are changed a little in Sections Editor and Directory Editor
- Examples of plugins in MASM32/Delphi are added to SDK
- Signature creation utility (SignMan) is now distributed along with the main package
- PE Tools won't allow to edit IMAGE_DOS_HEADER if offset on IMAGE_OPTIONAL_HEADER is less than size of IMAGE_DOS_HEADER
- New version of update module (UUpdateSystem.dll)
- MMF functions are re-written
- Bug in File Location Calculator removed (Tnx: cyberbob)
- Bug in Kill Section (from file) removed
- Small bug in process dumper is removed
- Bug in Task Viewer removed
- Bug in Break & Enter removed
- Bug with options saving is removed
- PE Tools now works fine on Win95 (Tnx: Lepton)
- Sections processing algorithm is significantly changed
This is a fully-functional utility for working with PE/PE +(64bit) files. Including: Editor PE of files, Task Viewer, Win32 PE files optimizer, detector of compiler/packer and many other things.
The basic functions of the program:- Task Viewer
- Process dump
- Dump Full
- Dump Partial
- Dump Region
- Ability to dump .NET CLR processes
- Automatic removal of protection " Anti Dump Protection "
- Change of a priority of process
- Kill process
- Loading of process into PE Editor and PE Sniffer
- Generic OEP Finder
- Process dump
- PE Sniffer
- Search of the compiler/packer used
- Ability to update signature base
- Ability to scan directories
- PE Rebuilder
- Optimization of a PE file
- Change of PE address base of a file
- PE Editor
- Editing of DOS heading
- Support of new PE+(64bit) format
- CRC correction
- Viewing and editing tables of import/export
Posting Komentar