+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : منتديات الهندسة العكسية - Reverse Engineering Forums (https://www.at4re.net/f/forum-4.html)
+--- قسم : البرامج و أدوات الهندسة العكسية - RCE Tools (https://www.at4re.net/f/forum-29.html)
+--- الموضوع : RozDll (The New Dynamic Proxy Dll Generator) (/thread-3667.html)
RE: RozDll (The New Dynamic Proxy Dll Generator) - DarkDeath - 19-09-2023
إقتباس :ضع بواسطة mounirsoltan - أمس, 12:12 PM
إقتباس :(أمس, 08:19 AM)KaMaN99 كتب : Compile Error
D3D11.DLL Wasn't Created
i already face this issue and i was able to fix it by moving the full folder to the
c : the local driver hope this will help you my friend
Yes correct Put in c: Drive
Must Run FixIt or RozDll in C: Drive
In my D: Dive = Compile Error
RE: RozDll (The New Dynamic Proxy Dll Generator) - ROZBUD - 19-09-2023
Dears Mounir, Kaman99 & DarkDeath
Your Notes and the video clip are much appreciated
Problem Solved! Please check the new version below and let me know
Dears all
Enjoy RozDll v1.1 with some Code improvement
https://www.mediafire.com/file/htvcnsviie5d7zk/RozDll.rar/file
Instructions (RozDll v1.1)
Browse your EXE then choose where you need to save your Proxy Dll (normally in the same EXE folder)
Write 'Patched Data'. Always select RVA for protected files. Select 'Prot' if EXE is Protected/Packed & UPX if you like to compress the Proxy Dll
Click on the 'Dll Options' Blue circular button
Click on the 'ANZ' or Analyze button. This will run your EXE in the Memory to search for all Dll's that can be Proxied (Dynamic Load)
Select the Proxy Dll from the ComboBox above, be WISE to select 'famous Proxy Dll's such as: (Version.dll, Winmm.dll, Msimg32.dll, Uxtheme.dll, Wtsapi32.dll, Shfolder.dll, D3d9.dll)
Select the Code Injection Method you like to follow (try all)
Select/Unselect your Magic Functions (Biginer: Try the 3 methods, or Advanced: As follows)
Advanced users, use Xdbg64, to choose a 'Proxy Nominated Dll' (see Instruction no.2 above), set BreakPoints on it's numbered/ordinal functions, then check which function will BreackPoint/Hit the 'Patched Code' first (Magic Function)
Patch Code will be written into the Magic Function, so select this Function in RozDll, and check if the EXE requires more functions to be selected (EXE will generate a Message Box with required/missing Function Name). Select all EXE-Requested functions in RozDll. This way is the most accurate one
Please use it Wisely and just at your home. Developer efforts deserve to be respected!
ROZBUD® 2023
Your Notes and the video clip are much appreciated
Problem Solved! Please check the new version below and let me know
Dears all
Enjoy RozDll v1.1 with some Code improvement
https://www.mediafire.com/file/htvcnsviie5d7zk/RozDll.rar/file
Instructions (RozDll v1.1)
Browse your EXE then choose where you need to save your Proxy Dll (normally in the same EXE folder)
Write 'Patched Data'. Always select RVA for protected files. Select 'Prot' if EXE is Protected/Packed & UPX if you like to compress the Proxy Dll
Click on the 'Dll Options' Blue circular button
Click on the 'ANZ' or Analyze button. This will run your EXE in the Memory to search for all Dll's that can be Proxied (Dynamic Load)
Select the Proxy Dll from the ComboBox above, be WISE to select 'famous Proxy Dll's such as: (Version.dll, Winmm.dll, Msimg32.dll, Uxtheme.dll, Wtsapi32.dll, Shfolder.dll, D3d9.dll)
Select the Code Injection Method you like to follow (try all)
Select/Unselect your Magic Functions (Biginer: Try the 3 methods, or Advanced: As follows)
Advanced users, use Xdbg64, to choose a 'Proxy Nominated Dll' (see Instruction no.2 above), set BreakPoints on it's numbered/ordinal functions, then check which function will BreackPoint/Hit the 'Patched Code' first (Magic Function)
Patch Code will be written into the Magic Function, so select this Function in RozDll, and check if the EXE requires more functions to be selected (EXE will generate a Message Box with required/missing Function Name). Select all EXE-Requested functions in RozDll. This way is the most accurate one
Please use it Wisely and just at your home. Developer efforts deserve to be respected!
ROZBUD® 2023
RE: RozDll (The New Dynamic Proxy Dll Generator) - DarkDeath - 19-09-2023
إقتباس :وضع بواسطة ROZBUD - منذ 1 ساعة
Dears Mounir, Kaman99 & DarkDeath
Your Notes and the video clip are much appreciated
Problem Solved! Please check the new version below and let me know
Dears all
Enjoy RozDll v1.1 with some Code improvement
Thanks My Pro ROZBUD
Msg Error Hide but File dll (D3D9.DLL)No Patch (easyduplicatefinder.exe) in D: Drive
c: Drive is OK
RozDll v1.1 = C: Drv Run Ok Target c: or D: Drv Patch DLL ok
RozDll v1.1 = D: Drv Run Ok Target c: or D: Drv Patch DLL Not ok
RE: RozDll (The New Dynamic Proxy Dll Generator) - ROZBUD - 19-09-2023
(19-09-2023, 04:25 PM)DarkDeath كتب : Msg Error Hide but File dll (D3D9.DLL)No Patch (easyduplicatefinder.exe) in D: Drive
c: Drive is OK
RozDll v1.1 = C: Drv Run Ok Target c: or D: Drv Patch DLL ok
RozDll v1.1 = D: Drv Run Ok Target c: or D: Drv Patch DLL Not ok
Dear DarkDeath
Check the new fixed version 'RozDll v1.11 and let me know if it's OK
Note that the Memory Address and RVA names were switched in this version (this is to address both Normal & Protected files)
.If something not working, then provide more clear Note
:Good luck
https://www.mediafire.com/file/htvcnsviie5d7zk/RozDll.rar/file
RE: RozDll (The New Dynamic Proxy Dll Generator) - DarkDeath - 20-09-2023
إقتباس :Check the new fixed version 'RozDll v1.11 and let me know if it's OK
RozDll v1.11 Not OK
No Patch in c: Or D: Drive
Retun to RozDll v1.1
keep note : put RozDll In c: Drive
Problem Solved!
RE: RozDll (The New Dynamic Proxy Dll Generator) - ROZBUD - 20-09-2023
(20-09-2023, 08:45 AM)DarkDeath كتب : RozDll v1.11 Not OK
No Patch in c: Or D: Drive
Retun to RozDll v1.1
keep note : put RozDll In c: Drive
Error Notes are not clear
You can write in Arabic
More clarification is required
I checked RozDll v1.11 on both C & D Drives and it can produce required Dll
RE: RozDll (The New Dynamic Proxy Dll Generator) - ROZBUD - 22-09-2023
:Important Notes about Analyzing Process (ANZ)
A- Analyzing EXE will EXECLUDE all the Dll's in its folder. Means, once RozDll generate a Dll, you need to delete it manually 'IF' you need to Analyze the EXE again, otherwise it will be excluded in the Dll's ComboBox
B- Once you Load your Saved Data, only the Dll you worked on before will appear. To get more Dll’s, Repeat the Analyze Process again (also consider above note)
V1.2 is on the way
A- Analyzing EXE will EXECLUDE all the Dll's in its folder. Means, once RozDll generate a Dll, you need to delete it manually 'IF' you need to Analyze the EXE again, otherwise it will be excluded in the Dll's ComboBox
B- Once you Load your Saved Data, only the Dll you worked on before will appear. To get more Dll’s, Repeat the Analyze Process again (also consider above note)
V1.2 is on the way
RE: RozDll (The New Dynamic Proxy Dll Generator) - ROZBUD - 22-09-2023
RozDll v1.2
What's New
O1 Now you can fully Save all your work (SAV), and Restore it again (LOD)
O2 UI and Code Enhancement
Provision
O1 Create a Tiny Proxy Dll's for your Personal Needs
O2 Generated Dll will have the Injection Code which will modify your Executable behavior
Main Features
O1 Fast, Portable & Small Size
O2 Created on Windows 10 LTSC & Visual Studio 2022 (should works on Windows 10 & Windows 11
O3 Uses Dynamic Loading of Executable Libraries, which means it will provide you with exact Dll's your Executable uses after it becomes in the Memory
Instructions
O01- Browse your target Executable (EXE)
O02- Choose where to save the Proxy Dll (normally within EXE folder)
O03- Write the Patched Data (Byte, Word, DWord). Always select RVA for protected files
O04- Select 'Prot' if EXE is Protected/Packed and UPX if you like to compress requested Proxy Dll
O05- If you Load (LOD) an already saved project/date, then RozDll will restore all previous saved options & settings
O06- Click on the 'Dll Options' circular button. This will take you to the Dll Option Panel
O07- To start a new Analysis session, click Analyze button (ANZ). This will run your EXE in the Memory to search for all Dll's that can be Proxied (Dynamic Load)
O08- Select the Proxy Dll and be WISE to select 'famous Proxy Dll's such as: (Version.dll, Winmm.dll, Msimg32.dll, Uxtheme.dll, Wtsapi32.dll, Shfolder.dll, D3d9.dll)
O09- Select the Code Injection Method you like to follow (try all)
O10- Select/Unselect your Magic Functions (SEL), Beginner: Try the 3 methods, or Advanced: As follows
O11- Advanced users, use Xdbg64, to choose the 'Proxy Dll' from 'Symbols' tab, set Breakpoints on its ‘Numbered/Ordinal Functions’, then check which function will 'Hit Patched Code first’ (Magic Function)
O12- Select the Magic Function in RozDll, run your EXE and check if it requires more functions to run (EXE will generate ‘Message Boxes’ with required Function Name). Add these functions to your selections in RozDll (Advanced)
Notes about Analyzing Process (ANZ)
OA: Analyzing EXE will EXECLUDE all the Dll's in its folder. Means, once RozDll generate a Dll, you need to delete it 'IF' you need to Analyze the EXE again (you can use X button), otherwise it will be excluded in the Dll's ComboBox
OB: Once you Load your Saved Data, only the Dll you worked on before will appear. To get more Dll’s, Repeat the Analyze Process again (also consider above note)
https://www.mediafire.com/file/htvcnsviie5d7zk/RozDll.rar/file
Quires and 'Error Notes' are welcomed, however please Make it CLEAR or send a link that explain it with the RozDll Saved file
ROZBUD® 2023
What's New
O1 Now you can fully Save all your work (SAV), and Restore it again (LOD)
O2 UI and Code Enhancement
Provision
O1 Create a Tiny Proxy Dll's for your Personal Needs
O2 Generated Dll will have the Injection Code which will modify your Executable behavior
Main Features
O1 Fast, Portable & Small Size
O2 Created on Windows 10 LTSC & Visual Studio 2022 (should works on Windows 10 & Windows 11
O3 Uses Dynamic Loading of Executable Libraries, which means it will provide you with exact Dll's your Executable uses after it becomes in the Memory
Instructions
O01- Browse your target Executable (EXE)
O02- Choose where to save the Proxy Dll (normally within EXE folder)
O03- Write the Patched Data (Byte, Word, DWord). Always select RVA for protected files
O04- Select 'Prot' if EXE is Protected/Packed and UPX if you like to compress requested Proxy Dll
O05- If you Load (LOD) an already saved project/date, then RozDll will restore all previous saved options & settings
O06- Click on the 'Dll Options' circular button. This will take you to the Dll Option Panel
O07- To start a new Analysis session, click Analyze button (ANZ). This will run your EXE in the Memory to search for all Dll's that can be Proxied (Dynamic Load)
O08- Select the Proxy Dll and be WISE to select 'famous Proxy Dll's such as: (Version.dll, Winmm.dll, Msimg32.dll, Uxtheme.dll, Wtsapi32.dll, Shfolder.dll, D3d9.dll)
O09- Select the Code Injection Method you like to follow (try all)
O10- Select/Unselect your Magic Functions (SEL), Beginner: Try the 3 methods, or Advanced: As follows
O11- Advanced users, use Xdbg64, to choose the 'Proxy Dll' from 'Symbols' tab, set Breakpoints on its ‘Numbered/Ordinal Functions’, then check which function will 'Hit Patched Code first’ (Magic Function)
O12- Select the Magic Function in RozDll, run your EXE and check if it requires more functions to run (EXE will generate ‘Message Boxes’ with required Function Name). Add these functions to your selections in RozDll (Advanced)
Notes about Analyzing Process (ANZ)
OA: Analyzing EXE will EXECLUDE all the Dll's in its folder. Means, once RozDll generate a Dll, you need to delete it 'IF' you need to Analyze the EXE again (you can use X button), otherwise it will be excluded in the Dll's ComboBox
OB: Once you Load your Saved Data, only the Dll you worked on before will appear. To get more Dll’s, Repeat the Analyze Process again (also consider above note)
https://www.mediafire.com/file/htvcnsviie5d7zk/RozDll.rar/file
Quires and 'Error Notes' are welcomed, however please Make it CLEAR or send a link that explain it with the RozDll Saved file
ROZBUD® 2023
RE: RozDll (The New Dynamic Proxy Dll Generator) - samoray - 23-09-2023
(22-09-2023, 09:26 PM)ROZBUD كتب : Created on Windows 10 LTSC & Visual Studio 2022 (should works on Windows 10 & Windows 11
Just to be sure! your application doesn't work on win 7 and 8, right?
I tried it on windows 7 x32 bit, cause I have some targets there, and it doesnt work.
RE: RozDll (The New Dynamic Proxy Dll Generator) - ROZBUD - 23-09-2023
(23-09-2023, 09:41 AM)samoray كتب : Just to be sure! your application doesn't work on win 7 and 8, right?
RozDll can run on any Windows have .Net Runtime files
Net Runtime is installed by default in Windows10 & Windows 11
:Net Run Time
https://download.visualstudio.microsoft.com/download/pr/66a7c4c6-8401-4799-864f-9afddf5a7733/4052f458f0266e25ab1b9c7959ca245f/windowsdesktop-runtime-6.0.22-win-x64.exe
Net Runtime is installed by default in Windows10 & Windows 11
:Net Run Time
https://download.visualstudio.microsoft.com/download/pr/66a7c4c6-8401-4799-864f-9afddf5a7733/4052f458f0266e25ab1b9c7959ca245f/windowsdesktop-runtime-6.0.22-win-x64.exe