قوانين المنتدى | إعلانات هامة | صفحة المبتدئين | كتاب الفريق الأول | كتاب الفريق الثاني | مجلة الفريق | أسطوانتين للمبتدئين | إصدارات الفريق | من نحن ؟ | تبرع للموقع

الفريق العربي للهندسة العكسية منتديات البرمجة - Programming Forums البرمجة بلغة باسكال و الدلفي - Pascal & Delphi v
Delphi] ap0x Unpack Engine SDK 1.5]

تقييم الموضوع :
  • 13 أصوات - بمعدل 3.31
  • 1
  • 2
  • 3
  • 4
  • 5
ادوات الموضوع
Delphi] ap0x Unpack Engine SDK 1.5]
M!X0R غير متصل
.: عضو سابق بـ AT4RE :.
*****
Retired
المشاركات : 1,439
المواضيع : 279
الإنتساب : Oct 2018
السمعة : 43
الإعجاب المعطى : 1388
الإعجاب المحصل : 4553
#1
29-03-2019, 12:19 PM (آخر تعديل لهذه المشاركة : 22-04-2020, 01:37 PM بواسطة M!X0R. تعديل السبب: اعادة رفع المرفق )
المشاركة الأصلية كتبت بواسطة Sn!per X‏ يوم 14-08-2015 على الساعة 12:57 PM 
 
SDK 1.5 
--------------------------------------------------------------------------------
 
- Updated Delphi and MASM SDK
- Fixed all .dll LIB files in Engine folder 
- Fixed memory problems for all modules
- Tested on over 100+ unpackers build on it!
- Listing major changes only...


v.1.7 [Debugger.dll]
- Added new API: GetExitCode
- Added new API: DebugLoopEx 
- Added new API: GetDebugData
- Added new API: AttachDebugger
- Added new API: DetachDebugger 
- Added new API: GetTerminationData
- Added new API: LengthDisassembleEx
- Added new API: GetDebuggedDLLBaseAddress
- Added new API: GetDebuggedFileBaseAddress
- Fixed: CommandLine parameter passing for InitDebug
- Fixed: Wrong hex to dec conversion for some numbers
- Fixed: LengthDisassemble crashing while getting length for some addresses
- Fixed: Not releasing open handles for some files 


v.1.6 [Dumper.dll]
- Added new API: IsFileDLL
- Added new API: DumpProcessEx
- Added new API: PastePEHeaderEx
- Added new API: DeleteLastSection
- Added new API: SetSharedOverlay
- Added new API: GetSharedOverlay
- Added new API: StaticLengthDisassemble
- Fixed: Crashes releated to overlay when trying to extract the overlay from non PE32 file
- Fixed: ConvertVAtoFileOffset not converting addresses correctly with some PE32 files
- Fixed: Crashes with PastePEHeader when PE32 header is not below 0x1000 (UPX 0.8x) 
- Fixed: Not releasing open handles for some files


v.1.6 [Importer.dll]
- Added new API: ImporterAutoSearchIATEx
- Added new API: ImporterGetRemoteAPIAddress
- Added new API: ImporterRelocateWriteLocation 
- Added new API: ImporterGetDLLNameFromDebugee
- Fixed: ImporterGetAPINameFromDebugee not returning names for APIs inside comctrl32.dll
- Fixed: ImporterFindAPIWriteLocation returning wrong values if API is not found


v.1.1 [Tracer.dll]
- Added support for following redirections: SVK Protector 1.x, tELock 0.8x-0.99
- Fixed: Memory leak for tracing large ammount of data in the same session
- Improved tracing for all levels (added a trace into near jumps)


v.1.0 [Realigner.dll]
- Added new API: RealignPE
- Added new API: IsPE32FileValid 


v.1.0 [Relocater.dll]
- Added new API: RelocaterInit
- Added new API: RelocaterAddNewRelocation
- Added new API: RelocaterExportRelocation
- Added new API: RelocaterChangeFileBase
- Added new API: RelocaterEstimatedSize
- Added new API: RelocaterMakeSnapshoot
- Added new API: RelocaterCompareTwoSnapshots
- Added new API: RelocaterGrabRelocationTable
- Added new API: RelocaterGrabRelocationTableEx


v.1.1 [HideDebugger.dll]
- Added check for Windows version before patching APIs
- Fixed: ASLR and Vista compatibility (Importer must be present)


v.1.2 [Updater.dll]
- Added return value to UpdateEngine
- Added support for Tracer.dll updating
- Added support for Realigner.dll updating
- Added support for Relocater.dll updating
- Changed update location to http://www.reversinglabs.com/




 
:: SDK 1.4  
--------------------------------------------------------------------------------
 
- Updated Delphi and MASM SDK
- Fixed memory problems for all modules


v.1.6 [Debugger.dll]
- Added new ldex86
- Rewritten DebugLoop
- Added new API: ForceClose
- Added new API: SehGoneWildProtection
- Fixed: Handling custom exceptions
- Fixed: In case breakpoint is fired in second thread context gets read from the main thread (because of this engine requires Windows ME or newer)
- Fixed: Not releasing loaded .dll file handles on process terminate
- Fixed: Find crashing on some searches with an access violation


v.1.5 [Dumper.dll]
- Fixed: PastePEHeader not writting header on some files
- Fixed: DumpProcess crash on file with PE header moved above SectionAligment
- Fixed: DumpProcess not rebuilding header correctly on files which have larger last section virtual size then raw size
- Fixed: ConvertVAtoFileOffset on files which have code inside PE header
- Fixed: AddNewSection resizing the new section size to fit FileAligment
- Fixed: AddNewSection not aligning raw offset correctly


v.1.0 [Tracer.dll] (just for internal use by RL!dePacker, next version will be public!)
- Added support for following redirections: SLVc0deProtector 1.1x, Perplex PE-Protector 1.01dev 
- Added support for following redirections: tELock 0.8x-0.99, PeX 0.99, ReCrypt 0.74
- Added support for following redirections: yC 1.x, Goat's PE Mutilator 1.6, EXEStealth 2.7x, Orien 2.11
- Added support for following redirections: RLP 0.7x, ACProtect 1.x, CryptoPeProtector 0.9x
- Added new API: TracerGetAPIAdressByHashing
- Added new API: TracerAutoFixImportElimination
- Added new API: TracerDetectRedirection
- Added new API: TracerAutoFixIAT
- Added new API: HashTracerLevel1
- Added new API: TracerLevel1
- Added new API: TracerInit 


v.1.5 [Importer.dll]
- Fixed: StrToInt conversion
- Added new API: ImporterCleanup
- Added new API: ImporterMoveIAT
- Added new API: ImporterGetAddedDllCount 
- Added new API: ImporterGetAddedAPICount 
- Added new API: ImporterFindAPIWriteLocation 
- Fixed: ImporterAddNewAPI ordinal import handleing
- Fixed: ImporterAutoFixIAT check already loaded .dll files code (problem with WinSxS folder)
- Fixed: ImporterAutoSearchIAT to correctly find IAT in case of invalid near jumps and calls 
- Fixed: Not unloading loaded .dll files with ImporterAutoFixIAT and ImporterGetAPINameFromDebugee 
- Fixed: ImporterGetAPINameOrOrdinal API to handle cases when export table points to function instead of name
- Fixed: Ordinal processing in ImporterGetAPIName, ImporterGetAPINameEx and ImporterGetAPINameFromDebugee 
- Fixed: ImporterAutoFixIAT to get all .dll files(s) libraries and calculate relative path to executable if needed
- Fixed: ImporterGetAPINameFromDebugee to get API names from all libraries not just the system ones 
- Fixed: ImporterAutoFixIAT to get all .dll files(s) libraries not just the system ones


:: SDK 1.3  
--------------------------------------------------------------------------------
 
- Fixed Delphi SDK
- Updated Delphi and MASM SDK
- Debugger.dll is psapi.dll independent!
- Added Engine update checker application 


v.1.1 [Updater.dll]
- Made updater check for updates just once a day
- Added support for HideDebugger.dll updateing (optional, smallest priority since my unpackers don't use it) 


v.1.5 [Debugger.dll]
- Fixed: API breakpoint manipulation APIs to calculate the real API address inside debugee (only on systems with psapi.dll)
- Fixed: SafeDeleteAPIBreakPoint API to unload loaded .dll file
- Fixed: DeleteAPIBreakPoint API to unload loaded .dll file
- Fixed: SetAPIBreakPoint API to unload loaded .dll file
- Fixed: LengthDisassemble API to disassemble addresses from debugee


v.1.0 [HideDebugger.dll]
- Added hide from: ZwQueryObject (Thanks to Markus TH-DJM for this code!)
- Added hide from: ZwQuerySystemInformation (Thanks to Markus TH-DJM for this code!)
- Added hide from: ZwSetInformationThread (Thanks to Markus TH-DJM for this code!)
- Added hide from: ZwQueryInformationProcess (Thanks to SHub-Nigurrath for this code!)
- Added hide from: GetTickCount
- Added hide from: CheckRemoteDebuggerPresent
- Added hide from: ProcessHeap
- Added hide from: NtGlobalFlag
- Added hide from: PEB.BeingDebugged


v.1.4 [Importer.dll]
- Fixed Importer 9x/Me compatibility issues [you still need psapi.dll]
- Added new API: ImporterGetAPINameFromDebugee [only one API to get API name or ordinal from debugee]
- Fixed bug in all ImporterGetAPIName APIs which did not return API name when .dll is unloaded
- Fixed ImporterAutoSearchIAT if size to search is larger then memory page
- Implemented StrToInt (ripped from Borland Delphi 7) to add compatibility for someDll.#247 forwarding
- Recoded forwarder dll(s) so correct name will be get by APIs ImporterGetAPIName and ImporterGetAPINameEx
- Removed lstrcmp to determine the correct name of the forwarder, and therefor engine is 1kb smaller.
- Fixed ImporterAutoFixIAT, ImporterGetAPIName, ImporterGetAPINameEx functions to relocate loaded .dll(s)
- Made ImporterGetAPIName function unload all loaded .dll files
- Made ImporterGetAPINameEx function unload all loaded .dll files
- Made ImporterAutoFixIAT function compatible with ordinal imports


v.1.4 [Dumper.dll]
- Fixed Dumper 9x/Me compatibility issues
- Added new API: GetPE32DataFromMappedFileEx
- Added new API: GetPE32DataFromMappedFile
- Added new API: ConvertFileOffsetToVA
- Added new API: ConvertVAtoFileOffset
- Added new API: AddNewSection
- Added new API: GetPE32DataEx
- Added new API: GetPE32Data
- Added new API: CopyOverlay
- Added new API: AddOverlay
- Added new API: ExtractOverlay
- Added new API: FindOverlay


:: SDK 1.2  
--------------------------------------------------------------------------------
 
- Added APIs to SDK.pas {But didn't follow the Delphi structure, fixed in 1.3 SDK}


v.1.4 [Debugger.dll]
- Fixed the way debugger terminates the debugee
- Fixed wierd file locking bug on first WaitForDebugEvent call
- Now you can set Memory breakpoint only once and the same CALLBACK will be called each time
- Fixed not closing handle on debugee file


v.1.3 [Importer.dll]
- Added new API: ImporterAutoSearchIAT
- Added new API: ImporterAutoFixIAT
- Added new API: ImporterGetDLLIndexEx
- Added new API: ImporterGetAPINameEx
- Added new API: ImporterGetAPIName
- Made ImporterAddNewDll function compatibile with NULL as FirstThunk parameter


:: SDK 1.1  
--------------------------------------------------------------------------------
 
- Fixed all .dll LIB files in Engine folder {not realy, fixed from 1.3 SDK}


v.1.3 [Debugger.dll]
- Added constants and APIs to SDK.pas
- Added new API: Find
- Added new API: LengthDisassemble
- Added new API: SafeDeleteAPIBreakPoint
- Added new API: SafeDeleteBPX
- Added new constants in xInclude.inc
- Added custom handler(s) for OUTPUT_DEBUG_STRING_EVENT
- Added custom handler(s) for LOAD_DLL_DEBUG_EVENT, UNLOAD_DLL_DEBUG_EVENT
- Added custom handler(s) for CREATE_PROCESS_DEBUG_EVENT, EXIT_PROCESS_DEBUG_EVENT
- Added custom handler(s) for CREATE_THREAD_DEBUG_EVENT, EXIT_THREAD_DEBUG_EVENT
- Added Invalid lock sequence exception handler
- Fixed documentation issues
- Cleaned unimportant exports
- Fixed ContinueDebug event failing of exceptions in other thread than main 


v.1.3 [Dumper.dll]
- Added new API: DumpMemory 

Download
https://www.mediafire.com/file/17tqyeyir0lzezn/ap0x_Unpack_Engine_SDK_v1.5.7z/file

Password
www.at4re.net
لَّا إِلَٰهَ إِلَّا أَنتَ سُبْحَانَكَ إِنِّي كُنتُ مِنَ الظَّالِمِينْ.
عن أبي هريرة -رضي الله عنه- أن رسول الله -صلى الله عليه وسلم- كانَ يقولُ في سجودِهِ: «اللَّهُمَّ اغْفِرْ لي ذَنْبِي كُلَّهُ: دِقَّهُ وَجِلَّهُ، وَأَوَّلَهُ وَآخِرَهُ، وَعَلاَنِيَتَهُ وَسِرَّهُ».
(صحيح - رواه مسلم).
البحث
أعضاء أعجبوا بهذه المشاركة : Agmcz , Gu-sung18 , [email protected] , mribraqdbra , Polia


التنقل السريع :


يقوم بقرائة الموضوع: بالاضافة الى ( 1 ) ضيف كريم