elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.


 


Tema destacado: Análisis del vídeo del hackeo al Sindicato de los Mossos de Esquadra


  Mostrar Temas
Páginas: [1] 2
1  Programación / Ingeniería Inversa / Pequeña charla de Ingeniería inversa como una taza de café 8 Septiembre 2020 en: 24 Agosto 2020, 20:51
Charla (ISC)² Chile Chapter / Septiembre 2020 (19hrs) Inscripción, Mar, 8 sep. 2020 a
 las 19:00 |

https://www.confederacionciberseguridad.cl/event/charla-ingenieria-inversa-como-una-taza-de-cafe/

hace un tiempo estuve preparando material para enseñar un tema básico, creo que es tiempo de dejar un poco el anonimato, para compartir con libertad de estos temas :)
Saludos Cordiales
Apuromafo
les dejo cordialmente invitado a los que puedan participar
a modo de referencia
17hrs Guatemala,
 19hrs chile,
 1am España


Si pudieras explicarme como preparas una taza de café, yo podría explicarte como funciona la Ingeniería Inversa, es una charla introductoria hacia la ingeniería inversa, mezclando elementos cotidianos , para dar origen a elementos mas técnicos, Inicialmente esta charla es una base antes de poder explorar algún curso o material del tema.

pd:no, no se regala café
2  Programación / Ingeniería Inversa / Haciendo el Curso by Apuromafo en: 21 Marzo 2018, 15:42
Hola a todos
está en mi web
www.apuromafo.net

Saludos
Apuromafo CLS
3  Programación / Ingeniería Inversa / Introducción al reversing con IDA Pro desde cero (en español) e Inglés en: 20 Noviembre 2016, 02:14
Hola, comparto con ustedes el sitio de ricardo

el cual actualmente está haciendo una serie de tutoriales para crackslatinos

Web: ricardonarvaja

NUEVO CURSO EN FASCICULOS SEMANALES DE REVERSING CON IDA PRO DESDE CERO EN WINDOWS 10 ANNIVERSARY UPDATE
->http://ricardonarvaja.info/WEB/INTRODUCCION%20AL%20REVERSING%20CON%20IDA%20PRO%20DESDE%20CERO/

español

english
http://ricardonarvaja.info/WEB/INTRODUCCION%20AL%20REVERSING%20CON%20IDA%20PRO%20DESDE%20CERO/EN%20INGLES/

espero que sirva, saludos Cordiales

pd: los medios de difusión de ricardo son https://twitter.com/ricnar456  y CLS

Apuromafo CLS

4  Programación / Ingeniería Inversa / Script PE Header & File Information Script 1.0 LCF en: 9 Julio 2013, 06:28
bueno, este codigo lo tengo guardado hace mucho, intentando buscar entre los cd, porque under ha estado preguntando bastante, espero le sirva este script, lo coloco publico pues sé que a mas de uno le puede servir.
Código:
////////////////////////Château-Saint-Martin/////////////////////////////////////////////////
//                                                                      ////////////////////
//  FileName    :  PE Header & File Information Script 1.0              ///////////////////
//  Features    :                                                       //////////////////
//                 Use this script to get all needed informations       /////////////////
//                 of your loaded target in OllyDBG on one view.        ////////////////
//                 Just open your Olly Log window after finish.         ///////////////
//                                                                      //////////////
//                  *************************************************** /////////////
//               ( 1.) Get All API´s & Module´s                       * ////////////
//                                                                    * ///////////
//               ( 2.) Programlanguage Scanner                        * //////////
//                                                                    * /////////
//               ( 3.) Compiler Appendix Exsamples                    * ////////
//                  *************************************************** ///////
//  Environment :  WinXP,OllyDbg V1.10,OllyScript v1.76.3               //////
//                                                                      /////
//  Author      :  LCF-AT                                               ////
//  Date        :  2009-23-11 | November                                ///
//                                                                      //
//                                                                     //
///////////////WILLST DU SPAREN,DANN MUßT DU SPAREN!////////////////////
BC
BPMC
BPHWC
call VARS
pause
LC
////////////////////
GPI PROCESSID
mov PROCESSID, $RESULT
GPI PROCESSNAME
mov PROCESSNAME, $RESULT
len PROCESSNAME
mov PROCESSNAME_COUNT, $RESULT
buf PROCESSNAME_COUNT
alloc 1000
mov PROCESSNAME_FREE_SPACE, $RESULT
mov PROCESSNAME_FREE_SPACE_2, $RESULT
mov EIP_STORE, eip
mov eip, PROCESSNAME_FREE_SPACE
mov [PROCESSNAME_FREE_SPACE], PROCESSNAME
////////////////////
PROCESSNAME_CHECK:
cmp [PROCESSNAME_FREE_SPACE],00
je PROCESSNAME_CHECK_02
cmp [PROCESSNAME_FREE_SPACE],#20#, 01
je PROCESSNAME_CHECK_01
cmp [PROCESSNAME_FREE_SPACE],#2E#, 01
je PROCESSNAME_CHECK_01
inc PROCESSNAME_FREE_SPACE
jmp PROCESSNAME_CHECK
////////////////////
PROCESSNAME_CHECK_01:
mov [PROCESSNAME_FREE_SPACE], #5F#, 01
jmp PROCESSNAME_CHECK
////////////////////
PROCESSNAME_CHECK_02:
readstr [PROCESSNAME_FREE_SPACE_2], 08
mov PROCESSNAME, $RESULT
str PROCESSNAME
mov eip, EIP_STORE
free PROCESSNAME_FREE_SPACE
/////
GMA PROCESSNAME, MODULEBASE
cmp $RESULT, 0
jne MODULEBASE
pause
pause
////////////////////
MODULEBASE:
mov MODULEBASE, $RESULT
mov PE_HEADER, $RESULT
GPI CURRENTDIR
mov CURRENTDIR, $RESULT
////////////////////
gmemi PE_HEADER, MEMORYSIZE
mov PE_HEADER_SIZE, $RESULT
add CODESECTION, MODULEBASE
add CODESECTION, PE_HEADER_SIZE
GMI MODULEBASE, MODULESIZE
mov MODULESIZE, $RESULT
add MODULEBASE_and_MODULESIZE, MODULEBASE
add MODULEBASE_and_MODULESIZE, MODULESIZE
////////////////////
gmemi CODESECTION, MEMORYSIZE
mov CODESECTION_SIZE, $RESULT
add PE_HEADER, 03C
mov PE_SIGNATURE, PE_HEADER
sub PE_HEADER, 03C
mov PE_SIZE, [PE_SIGNATURE]
add PE_INFO_START, PE_HEADER
add PE_INFO_START, PE_SIZE
////////////////////
mov PE_TEMP, PE_INFO_START
////////////////////
////////////////////
mov SECTIONS, [PE_TEMP+06], 01
itoa SECTIONS, 10.
mov SECTIONS, $RESULT
mov ENTRYPOINT, [PE_TEMP+028]
mov BASE_OF_CODE, [PE_TEMP+02C]
mov IMAGEBASE, [PE_TEMP+034]
mov SIZE_OF_IMAGE, [PE_TEMP+050]
mov TLS_TABLE_ADDRESS, [PE_TEMP+0C0]
mov TLS_TABLE_SIZE, [PE_TEMP+0C4]
mov IMPORT_TABLE_ADDRESS, [PE_TEMP+080]
mov IMPORT_TABLE_SIZE, [PE_TEMP+084]
mov IMPORT_ADDRESS_TABLE, [PE_TEMP+0D8]
mov IATSTORE, [PE_TEMP+0D8]
cmp IATSTORE, 0
jne NEXT_C
////////////////////
NEXT_B:
mov IATSTORE_SECTION, "IAT NOT PRESENT"
mov IATSTORE, [PE_TEMP+080]
add IATSTORE, IMAGEBASE
add IATSTORE, 10
mov IATSTORE, [IATSTORE]
add IATSTORE, IMAGEBASE
gmemi IATSTORE, MEMORYBASE
mov IATSTORE, $RESULT
sub IATSTORE, IMAGEBASE
mov IATSTORE_2, PE_TEMP+104
////////////////////
A1:
cmp IATSTORE, [IATSTORE_2]
je NEXT_1
add IATSTORE_2, 028
jmp A1
jmp NEXT
////////////////////
NEXT_C:
add IATSTORE, IMAGEBASE
gmemi IATSTORE, MEMORYBASE
mov IATSTORE, $RESULT
sub IATSTORE, IMAGEBASE
mov IATSTORE_2, PE_TEMP+104
////////////////////
A:
cmp IATSTORE, [IATSTORE_2]
je NEXT_1
add IATSTORE_2, 028
jmp A
////////////////////
NEXT_1:
sub IATSTORE_2, 0C
readstr [IATSTORE_2], 08
mov IATSTORE_SECTION, $RESULT
buf IATSTORE_SECTION
mov IATSTORE_SECTION, IATSTORE_SECTION
str IATSTORE_SECTION
mov IATSTORE_SECTION, IATSTORE_SECTION
////////////////////
NEXT:
mov IMPORT_ADDRESS_SIZE, [PE_TEMP+0DC]
mov SECTION_01, PE_TEMP+0F8
readstr [SECTION_01], 08
mov SECTION_01_NAME, $RESULT
buf SECTION_01_NAME
mov SECTION_01_NAME, SECTION_01_NAME
str SECTION_01_NAME
mov SECTION_01_NAME, SECTION_01_NAME
GPI PROCESSNAME
mov PROCESSNAME, $RESULT
mov MAJORLINKERVERSION, [PE_TEMP+01A], 01
mov MINORLINKERVERSION, [PE_TEMP+01B], 01
call PROGRAMLANGUAGE_COMPLIER
////////////////////
log "--------------------------------------------"
log "| LCF-AT       INFO [*] START   gRn & SnD  |"
log "--------------------------------------------"
eval "CURRENTDIR           |  {CURRENTDIR}"
log $RESULT,""
eval "PROCESSID            |  {PROCESSID}"
log $RESULT,""
eval "PROCESSNAME          |  {PROCESSNAME}"
log $RESULT,""
eval "PE_HEADER            |  {PE_HEADER}"
log $RESULT,""
eval "CODESECTION          |  {CODESECTION}"
log $RESULT,""
eval "CODESECTION_SIZE     |  {CODESECTION_SIZE}"
log $RESULT,""
log " "
eval "PE_SIGNATURE         |  {PE_SIGNATURE}"
log $RESULT,""
eval "PE_INFO_START        |  {PE_INFO_START}"
log $RESULT,""
eval "SECTIONS             |  {SECTIONS}"
log $RESULT,""
eval "ENTRYPOINT           |  {ENTRYPOINT}"
log $RESULT,""
eval "BASE_OF_CODE         |  {BASE_OF_CODE}"
log $RESULT,""
eval "IMAGEBASE            |  {IMAGEBASE}"
log $RESULT,""
eval "SIZE_OF_IMAGE        |  {SIZE_OF_IMAGE}"
log $RESULT,""
eval "TLS_TABLE_ADDRESS    |  {TLS_TABLE_ADDRESS}"
log $RESULT,""
eval "TLS_TABLE_SIZE       |  {TLS_TABLE_SIZE}"
log $RESULT,""
eval "IMPORT_TABLE_ADDRESS |  {IMPORT_TABLE_ADDRESS}"
log $RESULT,""
eval "IMPORT_TABLE_SIZE    |  {IMPORT_TABLE_SIZE}"
log $RESULT,""
eval "IMPORT_ADDRESS_TABLE |  {IMPORT_ADDRESS_TABLE}"
log $RESULT,""
eval "IMPORT_ADDRESS_SIZE  |  {IMPORT_ADDRESS_SIZE}"
log $RESULT,""
eval "SECTION_01           |  {SECTION_01}"
log $RESULT,""
eval "SECTION_01_NAME      |  {SECTION_01_NAME}"
log $RESULT,""
eval "IATSTORE_SECTION IS  |  {IATSTORE_SECTION}"
log $RESULT,""
log " "
eval "MAJORLINKERVERSION   |  {MAJORLINKERVERSION}"
log $RESULT,""
eval "MINORLINKERVERSION   |  {MINORLINKERVERSION}"
log $RESULT,""
eval "PROGRAMLANGUAGE      |  {PROGRAMLANGUAGE}"
log $RESULT,""
log " "
call IATREAD
call OEPROUTINE
////////////////////
eval "PE Header & File Information Script 1.0 \r\n****************************************************** \r\nScript finished & written \r\nby \r\n\r\nLCF-AT"
msg $RESULT
log ""
log "PE Header & File Information Script 1.0"
log "******************************************************"
log "Script finished & written"
log "by"
log ""
log "LCF-AT"
pause
ret
////////////////////
VARS:
var PROCESSID
var PROCESSNAME
var PROCESSNAME_COUNT
var PROCESSNAME_FREE_SPACE
var PROCESSNAME_FREE_SPACE_2
var EIP_STORE
var MODULEBASE
var PE_HEADER
var CURRENTDIR
var PE_HEADER_SIZE
var CODESECTION
var MODULESIZE
var MODULEBASE_and_MODULESIZE
var PE_SIGNATURE
var PE_SIZE
var PE_INFO_START
var ENTRYPOINT
var BASE_OF_CODE
var IMAGEBASE
var SIZE_OF_IMAGE
var TLS_TABLE_ADDRESS
var TLS_TABLE_SIZE
var IMPORT_ADDRESS_TABLE
var IMPORT_ADDRESS_SIZE
var SECTIONS
var SECTION_01
var SECTION_01_NAME
var MAJORLINKERVERSION
var MINORLINKERVERSION
var PROGRAMLANGUAGE
var IMPORT_TABLE_ADDRESS
var IMPORT_TABLE_ADDRESS_END
var IMPORT_TABLE_ADDRESS_CALC
var IMPORT_TABLE_SIZE
var IAT_BEGIN
var IMPORT_ADDRESS_TABLE_END
var API_IN
var API_NAME
var MODULE
var IMPORT_FUNCTIONS
var IATSTORE_SECTION
var IATSTORE
var IATSTORE_2
var TEMPER
var TEMPER_2
var IAT_SIZE
var IATBEGIN
var IATEND
var IAT_SIZE_GROSS
var TAFER

ret
////////////////////
PROGRAMLANGUAGE_COMPLIER:
cmp MAJORLINKERVERSION, 07
je MICRO
ja MICRO
cmp MAJORLINKERVERSION, 06
je VB_OR_MICRO
cmp MAJORLINKERVERSION, 05
je MICRO_OR_TASM_MASM
cmp MAJORLINKERVERSION, 04
je MICRO
cmp MAJORLINKERVERSION, 03
je MICRO
cmp MAJORLINKERVERSION, 02
jne PACK
cmp MINORLINKERVERSION, 19
je Borland Delphi
cmp MINORLINKERVERSION, 32
je MICRO_OLD_A
cmp MINORLINKERVERSION, 37
je MICRO_OLD_B
cmp MINORLINKERVERSION, 02
je Borland Delphi
pause
pause
////////////////////
PACK:
call PACKED
ret
////////////////////
MINORLINKERVERSION:
////////////////////
MICRO:
eval "Microsoft Visual C++ {MAJORLINKERVERSION}"
mov PROGRAMLANGUAGE, $RESULT
ret
////////////////////
VB_OR_MICRO:
eval "Microsoft Visual Basic {MAJORLINKERVERSION} or Microsoft Visual C++ {MAJORLINKERVERSION}"
mov PROGRAMLANGUAGE, $RESULT
ret
////////////////////
MICRO_OR_TASM_MASM:
eval "Microsoft Visual C++ {MAJORLINKERVERSION} or MASM32 / TASM32 {MAJORLINKERVERSION}"
mov PROGRAMLANGUAGE, $RESULT
ret
////////////////////
Borland Delphi:
eval "Borland Delphi {MAJORLINKERVERSION}.25"
mov PROGRAMLANGUAGE, $RESULT
ret
////////////////////
MICRO_OLD_A:
eval "Microsoft Visual C++ {MAJORLINKERVERSION}.50"
mov PROGRAMLANGUAGE, $RESULT
ret
////////////////////
MICRO_OLD_B:
eval "Microsoft Visual C++ {MAJORLINKERVERSION}.55"
mov PROGRAMLANGUAGE, $RESULT
ret
////////////////////
PACKED:
mov PROGRAMLANGUAGE, "NO PROGRAMM LANGUAGE FOUND! APP IS MAYBE MANIPULATED"
ret
////////////////////
OEPROUTINE:
cmp MAJORLINKERVERSION, 09
je MICRO_09
cmp MAJORLINKERVERSION, 08
je MICRO_09
cmp MAJORLINKERVERSION, 07
je MICRO_07
cmp MAJORLINKERVERSION, 06
je MICRO_VB
cmp MAJORLINKERVERSION, 05
je MICRO_TASM
cmp MAJORLINKERVERSION, 53
je MICRO_SHORT
cmp MAJORLINKERVERSION, 02
je BORLAND_MICRO
cmp MAJORLINKERVERSION, 03
je MICRO_3
pause
pause
////////////////////
MICRO_3:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "MOV EAX,DWORD PTR FS:[0]"
log "PUSH EBP"
log "MOV EBP,ESP"
log "PUSH -1"
log "PUSH 4C84218"
log "PUSH 4C82BC4"
log "PUSH EAX"
log "MOV DWORD PTR FS:[0],ESP"
log "SUB ESP,60"
log "PUSH EBX"
log "PUSH ESI"
log "PUSH EDI"
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "CALL DWORD PTR DS:[4C84094]     ; kernel32.GetVersion"
log ""
log "OR"
log ""
log "PUSH EBP"
log "MOV EBP,ESP"
log "SUB ESP,44"
log "PUSH ESI"
log "CALL DWORD PTR DS:[40D0B8]      ; kernel32.GetCommandLineA"
log "MOV ESI,EAX"
log "MOV AL,BYTE PTR DS:[EAX]"
log "CMP AL,22"
log "JNZ SHORT 004010F4"
log "INC ESI"
log "MOV AL,BYTE PTR DS:[ESI]"
log "TEST AL,AL"
log "JE SHORT 004010EC"
log "CMP AL,22"
log "JNZ SHORT 004010E1"
log "CMP BYTE PTR DS:[ESI],22"
log "JNZ SHORT 004010FE"
log "INC ESI"
log "JMP SHORT 004010FE"
log "CMP AL,20"
log "JLE SHORT 004010FE"
log "INC ESI"
log "CMP BYTE PTR DS:[ESI],20"
log "JG SHORT 004010F8"
log "CMP BYTE PTR DS:[ESI],0"
log "JE SHORT 0040110E"
log "CMP BYTE PTR DS:[ESI],20"
log "JG SHORT 0040110E"
log "INC ESI"
log "CMP BYTE PTR DS:[ESI],0"
log "JNZ SHORT 00401103"
log "MOV DWORD PTR SS:[EBP-18],0"
log "LEA ECX,DWORD PTR SS:[EBP-44]"
log "PUSH ECX"
log "CALL DWORD PTR DS:[40D0BC]      ; kernel32.GetStartupInfoA"
log "TEST BYTE PTR SS:[EBP-18],1"
log "MOV EAX,0A"
log "JE SHORT 0040112E"
log "MOVZX EAX,WORD PTR SS:[EBP-14]"
log "PUSH EAX"
log "PUSH ESI"
log "PUSH 0"
log "PUSH 0"
log "CALL DWORD PTR DS:[40D0C0]      ; kernel32.GetModuleHandleA"
ret
////////////////////
MICRO_09:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "CALL XXXXXXXX // A"
log "JMP  XXXXXXXX"
log "  "
log "MOV EDI,EDI   // A"
log "PUSH EBP"
log "MOV EBP,ESP"
log "SUB ESP,18"
log "MOV DWORD PTR SS:[EBP-8],0"
log "MOV DWORD PTR SS:[EBP-4],0"
log "CMP DWORD PTR DS:[75D494],BB40E"
log "JE SHORT 00680671"
log "MOV EAX,DWORD PTR DS:[75D494]"
log "AND EAX,FFFF0000"
log "JE SHORT 00680671"
log "MOV ECX,DWORD PTR DS:[75D494]"
log "NOT ECX"
log "MOV DWORD PTR DS:[75D498],ECX"
log "JMP 00680707"
log "LEA EDX,DWORD PTR SS:[EBP-8]"
log "PUSH EDX"
log "CALL DWORD PTR DS:[863310]      ; kernel32.GetSystemTimeAsFileTime"
ret
////////////////////
MICRO_07:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "PUSH 70"
log "PUSH 10015E0"
log "CALL 010127C8"
log "XOR EBX,EBX"
log "PUSH EBX"
log "MOV EDI,DWORD PTR DS:[1001020]  ; kernel32.GetModuleHandleA"
log "CALL EDI"
log "CMP WORD PTR DS:[EAX],5A4D"
log "JNZ SHORT 010124B2"
log "MOV ECX,DWORD PTR DS:[EAX+3C]"
log "ADD ECX,EAX"
log "CMP DWORD PTR DS:[ECX],4550"
log "JNZ SHORT 010124B2"
log "MOVZX EAX,WORD PTR DS:[ECX+18]"
log "CMP EAX,10B"
log "JE SHORT 010124CA"
log "CMP EAX,20B"
log ""
log "OR"
log ""
log "PUSH 60"
log "PUSH 1002B78"
log "CALL 01008D18"
log "MOV EDI,94"
log "MOV EAX,EDI"
log "CALL 01008D70"
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "MOV ESI,ESP"
log "MOV DWORD PTR DS:[ESI],EDI"
log "PUSH ESI"
log "CALL DWORD PTR DS:[10010A8]     ; kernel32.GetVersionExA"
log ""
log "OR"
log ""
log "PUSH 60"
log "PUSH 1005778"
log "CALL 0100C54C"
log "XOR EBX,EBX"
log "MOV DWORD PTR SS:[EBP-4],EBX"
log "LEA EAX,DWORD PTR SS:[EBP-5C]"
log "PUSH EAX"
log "CALL DWORD PTR DS:[100111C]     ; kernel32.GetStartupInfoA"
log ""
log "OR"
log ""
log "PUSH EBP"
log "MOV EBP,ESP"
log "SUB ESP,44"
log "PUSH ESI"
log "CALL DWORD PTR DS:[401000]      ; kernel32.GetCommandLineA"
ret
////////////////////
MICRO_VB:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "PUSH EBP"
log "MOV EBP,ESP"
log "PUSH -1"
log "PUSH 41DD30"
log "PUSH 409C98"
log "MOV EAX,DWORD PTR FS:[0]"
log "PUSH EAX"
log "MOV DWORD PTR FS:[0],ESP"
log "ADD ESP,-58"
log "PUSH EBX"
log "PUSH ESI"
log "PUSH EDI"
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "CALL DWORD PTR DS:[41C1A0]      ; kernel32.GetVersion"
log ""
log "OR"
log ""
log "PUSH ECX"
log "PUSH ESI"
log "PUSH 0"
log "CALL DWORD PTR DS:[414100]      ; kernel32.GetModuleHandleA"
log "MOV DWORD PTR DS:[41E75C],EAX"
log "CALL 00404410"
log "MOV ESI,DWORD PTR DS:[4190D8]   ; kernel32.ExitProcess"
log "TEST EAX,EAX"
log "JNZ SHORT 00404362"
log "PUSH -1"
log "CALL ESI"
log ""
log "OR IN VB"
log ""
log "PUSH 402720                     ; VB5!"
log "CALL 004013FA                   ; <JMP.&MSVBVM60.ThunRTMain>"
ret
////////////////////
MICRO_TASM:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "MOV EAX,DWORD PTR FS:[0]"
log "PUSH EBP"
log "MOV EBP,ESP"
log "PUSH -1"
log "PUSH 40A000"
log "PUSH 407548"
log "PUSH EAX"
log "MOV DWORD PTR FS:[0],ESP"
log "SUB ESP,60"
log "PUSH EBX"
log "PUSH ESI"
log "PUSH EDI"
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "CALL DWORD PTR DS:[40C428]      ; kernel32.GetVersion"
log ""
log "OR"
log ""
log "PUSH EBP"
log "MOV EBP,ESP"
log "PUSH -1"
log "PUSH 1002BD8"
log "PUSH 10114F0"
log "MOV EAX,DWORD PTR FS:[0]"
log "PUSH EAX"
log "MOV DWORD PTR FS:[0],ESP"
log "ADD ESP,-68"
log "PUSH EBX"
log "PUSH ESI"
log "PUSH EDI"                       
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "MOV DWORD PTR SS:[EBP-4],0"
log "PUSH 2"
log "CALL DWORD PTR DS:[1001208]     ; MSVCRT.__set_app_type"
log ""
log "OR IN TASM32 / MASM32"
log ""
log "PUSH 0"
log "CALL 00401E70                   ; <JMP.&KERNEL32.GetModuleHandleA>"
ret
////////////////////
MICRO_SHORT:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "PUSH EBP"
log "MOV EBP,ESP"
log "PUSH -1"
log "PUSH 40A000"
log "PUSH 407548"
log "PUSH EAX"
log "MOV DWORD PTR FS:[0],ESP"
log "SUB ESP,60"
log "PUSH EBX"
log "PUSH ESI"
log "PUSH EDI"
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "CALL DWORD PTR DS:[40C428]      ; kernel32.GetVersion"
ret
////////////////////
BORLAND_MICRO:
log "----------------------------------------------"
log "| OEP_ROUTINE_LOOK_EXSAMPLE_FOR_EXE_FILES:   |"
log "----------------------------------------------"
log "MOV EAX,DWORD PTR FS:[0]"
log "PUSH EBP"
log "MOV EBP,ESP"
log "PUSH -1"
log "PUSH 40A000"
log "PUSH 407548"
log "PUSH EAX"
log "MOV DWORD PTR FS:[0],ESP"
log "SUB ESP,60"
log "PUSH EBX"
log "PUSH ESI"
log "PUSH EDI"
log "MOV DWORD PTR SS:[EBP-18],ESP"
log "CALL DWORD PTR DS:[40C428]      ; kernel32.GetVersion"
log ""
log "OR IN BORLAND DELPHI"
log ""
log "PUSH EBP"
log "MOV EBP,ESP"
log "ADD ESP,-0C"
log "MOV EAX,56D710"
log "CALL 004063E4                  // GetModuleHandleA"
ret
////////////////////
IATREAD:
cmp IMPORT_TABLE_ADDRESS, 0
jne IATREAD_NOTHING
cmp IMPORT_ADDRESS_TABLE, 0
je IATREAD_NOTHING
log "----------------------------------------------"
log "| IAT-START / DIRECT API / MODULE / API NAME |"
log "----------------------------------------------"
add IMPORT_ADDRESS_TABLE, IMAGEBASE
add IMPORT_ADDRESS_TABLE_END, IMPORT_ADDRESS_TABLE
add IMPORT_ADDRESS_TABLE_END, IMPORT_ADDRESS_SIZE
mov API_IN, [IMPORT_ADDRESS_TABLE]
mov IATBEGIN, IMPORT_ADDRESS_TABLE
mov IAT_SIZE, IMPORT_ADDRESS_SIZE
mov IATEND, IATBEGIN
add IATEND, IAT_SIZE
gn API_IN
mov API_NAME, $RESULT
cmp API_NAME, 0
jne IAT_COUNTER
cmp API_IN, 0
jne IAT_COUNTER
inc MODULE
////////////////////
IAT_COUNTER:
cmp API_IN, 0
je IAT_COUNTER_1
inc IMPORT_FUNCTIONS
mov TAFER, 01
////////////////////
IAT_COUNTER_1:
eval "* {IMPORT_ADDRESS_TABLE}    {API_IN}     {API_NAME}"
log $RESULT, ""
add IMPORT_ADDRESS_TABLE, 04
mov API_IN, [IMPORT_ADDRESS_TABLE]
gn API_IN
mov API_NAME, $RESULT
cmp API_NAME, 0
jne IAT_COUNTER_2
cmp API_IN, 0
jne IAT_COUNTER_2
cmp TAFER, 0
je IAT_COUNTER_2
inc MODULE
////////////////////
IAT_COUNTER_2:
mov TAFER, 0
cmp IMPORT_ADDRESS_TABLE, IMPORT_ADDRESS_TABLE_END
jne IAT_COUNTER
log " "
itoa IMPORT_FUNCTIONS, 10.
mov IMPORT_FUNCTIONS, $RESULT
// dec MODULE
itoa MODULE, 10.
mov MODULE, $RESULT
////////////////////
log " "
log "----------------------------------------------"
log "| IAT | API * & * SIZE RESULTS | IMPREC DATA |"
log "----------------------------------------------"
log " "
eval "* FOUND {MODULE} VALID MODULE | {IMPORT_FUNCTIONS} IMPORT_FUNCTIONS | IAT_SIZE {IAT_SIZE} "
log $RESULT, ""
log ""
eval "* IAT START: {IATBEGIN} | IAT END: {IATEND} | IAT SIZE: {IAT_SIZE}"
log $RESULT, ""
log ""
// eval "* FOUND {MODULE} VALID MODULE & {IMPORT_FUNCTIONS} IMPORT_FUNCTIONS"
// log $RESULT, ""
// log ""
sub IMPORT_ADDRESS_TABLE, IMAGEBASE
sub IMPORT_ADDRESS_TABLE, IMPORT_ADDRESS_SIZE
ret
////////////////////
IATREAD_NOTHING:
log "*"
log "----------------------------------------------"
log "| READ IAT EXTERN / NOT ARRANGED!            |"
log "----------------------------------------------"
log "*"
log "----------------------------------------------"
log "| IAT-START / DIRECT API / MODULE / API NAME |"
log "----------------------------------------------"
log "*"
mov IMPORT_TABLE_ADDRESS_END, IMPORT_TABLE_ADDRESS
add IMPORT_TABLE_ADDRESS_END, IMPORT_TABLE_SIZE
add IMPORT_TABLE_ADDRESS_END, IMAGEBASE
mov IMPORT_TABLE_ADDRESS_CALC, IMPORT_TABLE_ADDRESS
////////////////////
LOG_START:
add IMPORT_TABLE_ADDRESS_CALC, 10
add IMPORT_TABLE_ADDRESS_CALC, IMAGEBASE
mov TEMPER, IMPORT_TABLE_ADDRESS_CALC
cmp TEMPER, IMPORT_TABLE_ADDRESS_END
je IATREAD_END
ja IATREAD_END
cmp [TEMPER], 0
je LOG_START
inc MODULE
mov TEMPER_2, [TEMPER]
add TEMPER_2, IMAGEBASE
mov API_IN, [TEMPER_2]
gn API_IN
mov API_NAME, $RESULT
cmp API_NAME, 0
je NEXT_MODULE
////////////////////
LOG_IT:
inc IMPORT_FUNCTIONS
eval "* {TEMPER_2}    {API_IN}     {API_NAME}"
log $RESULT, ""
cmp IATBEGIN, 0
je LOG_IT_NEXT
cmp IATBEGIN, TEMPER_2
jb LOG_IT_NEXT_2
////////////////////
LOG_IT_NEXT:
mov IATBEGIN, TEMPER_2
////////////////////
LOG_IT_NEXT_2:
cmp IATEND, TEMPER_2
ja LOG_IT_NEXT_3
mov IATEND, TEMPER_2
////////////////////
LOG_IT_NEXT_3:
add TEMPER_2, 04
mov API_IN, [TEMPER_2]
gn API_IN
mov API_NAME, $RESULT
cmp API_NAME, 0
je NEXT_MODULE
// inc IMPORT_FUNCTIONS
jmp LOG_IT
////////////////////
NEXT_MODULE:
eval "* {TEMPER_2}    {API_IN}     {API_NAME}"
log $RESULT, ""
sub IMPORT_TABLE_ADDRESS_CALC, IMAGEBASE
add IMPORT_TABLE_ADDRESS_CALC, 04
jmp LOG_START
////////////////////
IATREAD_END:
sub IATEND, IATBEGIN
mov IAT_SIZE_GROSS, IATEND
add IAT_SIZE_GROSS, 04
add IATEND, IATBEGIN
add IATEND, 04
mov IAT_SIZE, IMPORT_FUNCTIONS
mul IAT_SIZE, 04
add IAT_SIZE, 04
log " "
log "----------------------------------------------"
log "| IAT | API * & * SIZE RESULTS | IMPREC DATA |"
log "----------------------------------------------"
log " "
itoa IMPORT_FUNCTIONS, 10.
mov IMPORT_FUNCTIONS, $RESULT
itoa MODULE, 10.
mov MODULE, $RESULT
eval "* FOUND {MODULE} VALID MODULE | {IMPORT_FUNCTIONS} IMPORT_FUNCTIONS | NET(TO) IAT_SIZE {IMPORT_TABLE_SIZE} "
log $RESULT, ""
log ""
eval "* IAT START: {IATBEGIN} | IAT END: {IATEND} | IAT SIZE GROSS: {IAT_SIZE_GROSS}"
log $RESULT, ""
log ""
ret
5  Programación / Ingeniería Inversa / [Resuelto] Serialme #1 .net by Apuromafo framework 2- 4 y 4.5 +soluciones en: 23 Enero 2013, 16:24
Aprendi un poco de la sintaxis de .net
START
********************

espero les guste este mini reto:
 un mini serialme, espero les guste
Packed:NO
 
Apuromafo  .net 4.0  serialme.zip (11 KB)
https://mega.co.nz/#!4hsQnDCa!bSza1HFHAnWGlkNu5MOs-Vb3j_8D0LjBv8v5F5rbpXg

Serialme 1 by Apuromafo net 4.5  .zip (11 KB)
https://mega.co.nz/#!4h9iAZCA!E4lDeBV8iuE0jqcXrF7ntnMAnRIMhl3kaR-7xJHngnA

en caso x codifique uno en 2.0
espero tambien sirva
serialme 1 in frame 2.zip (10 KB)
https://mega.co.nz/#!pgsTjL5K!d8KHj1_KMy9OczTJ2e5gqlVN0QAoFsl6HwdbZa4Z3QQ



con la experiencia que tienen posiblemente no tarden mas de 5 minutos,
favor enviar soluciones al privado ;)   Valido hasta el 1/2/2012


mi regalo es el segundo serialme que es valido a 1 solo serial ;) que usa este mismo mini algoritmo y algo mas (cifrar/descifrar)
Tarea 3 framework3.5_original.rar (12 KB)
https://mega.co.nz/#!wllFBbJL!PSzMnSaGRRJRlYil3xP8yTARewtlAP9gMH5yw_QPoVs


Saludos Apuromafo


Tabla de Logros:
Serial + comentarios: Shell Root
keygen en Pyton :DAGR
keygen en vb: Javier Gaviria
keygen en c/c++: Jhalbert Centeno de la Cruz

respecto a tarea3
solo parches , no encontrado aun el serial  ;)


antes del 25 de febrero posteare todas las soluciones a la fecha ;)
Saludos Apuromafo

*****************************EOF



Solucion

Serialme1 vb.net +soluciones by Apuromafo.rar (837 KB)
https://mega.co.nz/#!Mk1EgLRK!Ih9i3Hyn351Crv2mIFA3H0NfFOR4uIjhQSKL_m7YJJk
6  Programación / Scripting / [BATCH] peticion de script ,leer , ordenar, exportar a otro txt en: 13 Julio 2012, 03:27
No suelo solicitar algo, pero aveces se hace necesario cuando copiar pegar en excel aveces cansa..solicito favor si es posible implementar esto en batch
*leer un texto
*ordenarla internamente
*exportar el nombre ordenado con su contenido que puede ir cambiando
posibles ideas for/find/enableexpansion/

ahora a los datos del tema
tengo un archivo del estilo
checksum = symetricvalue
todo con valores en hexadecimal

quiero que lea la linea (con su tamaño constante como bien se comenta y luego el valor primero (checksum quede de titulo, por ejemplo para el primero seria "eca8ba4e.txt" y dentro de este contenga todos los valores luego del =  que coincida con aquel valor

 

Código:
eca8ba4e = 3cf5f33d
f32f6511 = 491a7cf6
eca8ba4e = 5abac831
cc446746 = 6463828a
06805cfe = 78e24017
06805cfe = 819aa85a
79F69E26 = 0014bf5c
0520d520 = 8cd88352
f32f6511 = 9e8e1a07
5fe9e928 = a252b809
4b0486d4 = b21e4adb
a401528d = b6714ec1
06805cfe = bc1be2c9
cc446746 = de45273b
0520d520 = e2dff1c9

necesito guardar el primer valor con su contenido, y que  que cada linea se lea los primeros valores (para el titulo) (posiblemente con algun indice pueda ser mas posible, pues originalmente es asi
valor=otro valor"

y la segunda para el contenido, a modo que quede de la siguiente forma siguiente
->
HoldemInspector4_79F69E26.txt
Código:
000f6220
0014bf5c
0019d388
00234fcd
004bc73a
006bba93
0072173d
011e7ffa
017a2547
01ad4886
01c61cc1
01cda000
020bcdd6
028c23aa
028c36b0
03603970
03c0a92b
03fb7389
0468dd94
04be02b2
0542b068
05483286
05bf8890
05f6cd62
06107f47
06372254
0645168c
066e36f1
06bd68c1
070b98d7
075acba7
077b4078
07ea3fd4
08035ddc
0807d26a
082d31c0
084d1011
08df5f0d
08e1838b
0936b76b
0988ef6e
09c29773
09daaa77
09e7c159
0bd824db
0c32b643
0c73f3b9
0cc99c97
0cde66c7
0ceba10b
0cefa1a1
0d9bbaba
0e1e7084
0e6db6ea
0f462253
0f4d97fa
0f672199
0f8f413e
0f9418e7
0fb64de5
0fcced1b
100bab6b
101267a7
10379ba8
1039e7f7
1047429f
10537f10
10c28b3e
11177698
1125142a
112dafeb
11cbae41
12750896
12cf00d2
132e4e1b
1345bad3
1386e53a
1399034d
13bad6c1
14b0341a
14ff133c
150c6774
150d4d4b
155be1fd
15878be2
1594dd85
15bff052
15ef158a
1646f197
16923de4
16b8cf09
173cfdcb
17544758
17df5abb
1810f638
18a84fd4
18eab140
1921e129
19469f80
1960bb14
19b6ba8d
1a300718
1a31fa61
1a796be2
1acb984f
1af4d1ce
1afda312
1ba0e6ae
1bd9cdef
1bf2a662
1c14b802
1cd0eeb9
1d2dc4e8
1d8273e4
1dabc9f5
1dea1b67
1decaf9b
1e7531e2
1eab8d2a
1ee9f614
1fea5e85
1feec80c
204728f7
205c2143
20968190
213539c7
214b1998
2168d255
21c57f98
21ccc894
21d0e770
21d3bdee
21f27a1e
22055189
2205c694
223a3cc1
22a676bb
22e8aea0
232b2f7c
2334c94e
233e6de9
2368cf5f
23961c2a
239e85ec
23c4a439
23f100ed
23f51d21
2405b255
24bc1f45
24f6bd45
25645ef4
2570e924
259e51ff
25cba5f6
269073ff
26cc8138
28eec6cb
29675c06
2993816e
29a9a2dc
29cb5bf8
2a024079
2a0b42f7
2a326a24
2a798635
2b02d445
2b53584b
2b9e4352
2bc2fb70
2be2a7ae
2c7a360b
2ccadff9
2ce36640
2cf20959
2d095add
2d3e46e7
2d837a81
2dbb6198
2e14727a
2e5cd6ab
2e78406c
2ea97646
2eeaed8c
2f33bf0c
305e20bc
307b360b
30c0ca2e
30c69be2
30d1fb91
313191df
3152f767
31baa98a
31f8be8f
322fa9ea
323ec781
327d5513
32a14427
32bad65a
32d4e86f
33953473
33a9658c
34045ea2
34770e7e
35595b04
367016fe
36970095
3698c825
36e1d464
3737f56e
37479065
379d9e2b
37f3757d
3848f9ce
385e8b39
386a3266
38706191
38ac88fd
38c48064
38e30952
394279c2
39c20dc0
3a1bf0ad
3a2ae8c6
3a88d170
3ad341b8
3b0f83fa
3b37a4a7
3b613a87
3b8e0fe7
3c57931c
3c5929af
3ce40f0a
3d8ab761
3dba357c
3dc54514
3de7d012
3e5a670a
3ea734b2
3ed755a4
3f0b766a
3f275624
3f52afa3
3fa1ec4f
3fc86eff
3fea4935
3feec93b
4026abcc
4045b15e
40dcafe1
4114648c
4128efe9
41331ad2
41939988
41971993
419e39ca
41c642ab
41e64568
4227f8e7
42954242
42e89aac
42f041ca
43172271
431b8162
43235692
43ab169c
44040dbb
441c1367
44abcc12
45016c8b
45130a3d
4536911e
455138a8
455283c1
46008b6f
4649a4c3
467dae9f
469b3008
46bf84e4
46c7cb75
47215a54
4733282d
47b9a3b7
47d9cd6f
4840499b
48a883b3
48acd7b5
490072ba
49348b20
493d1650
4949d879
49b1dac9
4a04c073
4a0b74ff
4a58500b
4afa68f4
4b1bfa55
4b32504a
4c105f07
4c1ddd74
4c99699a
4cb7dad1
4cdb09c3
4cf1f22e
4d30ec7e
4d3877a1
4d5fc723
4d6ef06c
4dec5f95
4e62e3e1
4e6842be
4e8c23e8
4ec011d7
4ef3bf1a
4f6867bd
4f8072d5
4f9623c7
4fe3670f
4fff6774
50d4581f
52092696
5261f62a
526dafa8
5279e11e
529ddd2e
52a9e8e8
52af97c3
5335fd72
533a0ea4
533a7dde
536d1bc7
542a3166
54746c5c
54deb820
5505e346
552fd43b
5554f805
55a8f08c
564c3031
56aed26f
56bae08b
56bb468f
5721cf38
57461fdb
5764c5f0
577e004c
57c9eb02
57d1884c
5853a22c
585dc7cc
587333ff
59356bf2
59453ae2
5948b1d2
599bc0cc
5a120781
5a2242dd
5a2d3cf1
5acbab2d
5ae142eb
5b39ec68
5c01547d
5cab0a05
5d8c7ddc
5da04612
5de7436f
5df52356
5e673f67
5f134acb
5f438e3b
5fdae6eb
6073db21
607c8673
612b0878
615af917
618e83ba
619cb263
61a2e8bc
61f7796a
623f68d9
63326577
6355be5d
6359a181
642f0de5
64e478d9
654bf83e
655e758e
657accd7
661d6982
663ba1e9
66776c52
6692cbb4
669c6a6a
66b4c214
66ce0fed
6747a534
677bf7b8
678bd12c
67a30fe2
67a691b4
67af89a7
67ce1426
6814f91e
690aedbb
69812ce0
699c3434
69b62fa9
69b74271
6a150b01
6a33143b
6a8366cc
6add5034
6b539b92
6c27bce5
6c7c7d59
6c91f2a2
6cbb998f
6d5e7129
6d7a2dc3
6e6109b4
6efa7017
6f4c89ce
6f6e9c6e
6f8ab9d9
704fe99b
7072b962
70dee048
7188aeb6
71a7594e
71bbe740
7202498f
7205015a
72582c7c
726de3d3
728f1652
72b25332
72e1f4f5
72ff42a3
736c35b9
74062867
74332f44
744d7189
74a75604
74d82603
750f608a
75579a5e
755babc1
76d21b8c
76ec224b
7718874b
7738a4d8
7752b5c1
77ba2509
77bfbe79
77c390fd
77e62e51
77e6d4f1
7810564c
7866fc84
78c92d20
793e49e9
794b7cdf
7a3c6cf1
7bda2169
7c0f9d32
7c23bc95
7c3f6569
7c6efc0e
7c8140d2
7ce9af76
7d2f94c8
7d378ec1
7d440ab1
7d9bed62
7daf0a5b
7dd809b7
7e459678
7e624e92
7e7d00f4
7f30cfaa
7fe2ce6b
7fee6142
8006b6e1
80216964
80226ad3
80323fa6
8046caf0
80664b1d
808d66bc
80c56b6d
80ed5de5
80f2cf3a
814b825f
819ad835
81b316d2
81bba4f9
81ebb79f
81f3a5cf
82cfb125
835f6440
8397d2f9
83ab5ffa
83ffd553
84017481
8481d79c
849220e8
85019e83
850983fe
85274ab6
8607f4e3
863b78e9
8658c504
86f9e45d
870ed0a5
875cdbe5
876537e1
87d543da
88014fd3
88295fec
8831d572
88f2a74e
89a3a631
89b8814f
89c016bf
8a1fa93c
8a895482
8abdcb37
8b624d35
8b75208a
8bbdd9c3
8bc6e52a
8c1000ba
8c4629ba
8c750121
8cc1070d
8d0769fb
8d31f217
8d406f1e
8d5b570b
8d7e6ae8
8f28de56
8ffc722f
90a65f58
90ef7c49
91e0effc
921e778f
9274238f
92951ca2
92d8e492
9304541d
93231154
9329478c
93e3b1ac
9427d338
942bc65d
9484860a
9532ff4f
95a14249
95b4813b
95dfb04a
965b8eb0
965d93e9
96f435fb
97074d54
976cf7eb
97c2251b
982d7fe2
9899532d
98b2c142
98b425b7
98f8859a
99a525e3
9a83f89d
9a900465
9af6b61b
9b37daca
9b386d59
9c1d4602
9c4ce1ad
9c83e8c6
9cb0831d
9cbd5de4
9ce37a45
9cf7716f
9d559b06
9d8a928f
9df521db
9e38ba89
9e8331c8
9e8e8abd
9ed04889
9f179ad9
9f7e1ef6
9facb1b4
a0401c85
a09cd026
a10362d6
a11a6110
a151b520
a18746d6
a1a9d047
a21301e2
a2620216
a28949cc
a28b7e60
a29b054d
a29b5856
a2f53922
a3ae0cef
a4ee5c53
a526c7ca
a5d714f1
a5f8492f
a5febe72
a626ee01
a67019ed
a768cfc8
a76fb63d
a808db4a
a8496e36
a899e0e6
a8ac3a7a
a8b80ec0
a8ddf940
a92b53f4
a9860089
a9fa9b8e
aa38f772
aa7fb257
aa897d85
aad62718
aae8f964
abba3414
ac30fe00
ac63840f
ac953f79
aca7e397
acaebbd4
acc61216
ad068024
ad14741d
ad1c33a4
ad54b08d
ae78ad4f
aee81c96
aef68903
af0e401b
af329b9a
af972978
afbd6006
aff4d484
b05dd4c0
b0a40bc7
b0df8181
b113ad4b
b16b30ef
b17ac7e3
b1878649
b18e52a6
b20cdeca
b24bb502
b294fff6
b2d22e32
b30a4061
b31da60c
b326bc6a
b39c9c45
b3c7e02e
b3dc98f7
b3eb668c
b4108427
b4594b60
b49f1d5d
b49f6565
b5184cef
b56f263c
b5ac3722
b5be0524
b62e4a68
b674eb72
b73d668e
b75248d7
b8085956
b86532a7
b8ae0289
ba20bc61
ba31f1ab
ba984ce5
baa0a497
bb00f02d
bb96d9a4
bbae8975
bbd265cb
bc8da13d
bd096c88
bd2f934c
bd39fa2f
bd834290
be04faac
be21363d
bece8761
bf32d572
bf3fcc88
bf91659b
bf9cbfe3
bfd14168
c022cd7c
c0408840
c0bac019
c0f42994
c117c641
c1c0fb34
c1ce6631
c24261b9
c245a272
c251425e
c2f3f296
c3b19e48
c4026bb4
c437a4c8
c455d49a
c528b658
c59716d7
c6479bc6
c7312468
c735a194
c7ae7bc2
c80948d3
c8193310
c829e306
c8bb5fd2
c8c64e28
c8c72e5a
c902f6c7
c9cb38e9
c9f4e23f
ca3d94e0
ca8017b0
cb071960
cb6c42a3
cb774137
cb8df967
cbe79b63
cc0f7179
cc8138df
cc91519e
cd55b475
cd676f5a
cd85899d
cebb0177
ceeb8fad
cfbfec1b
d028d504
d128c5c2
d1d80684
d1f85a38
d209107e
d2446349
d250ad0b
d2ddc4b6
d3a46696
d3dbba8d
d3e267d6
d488844a
d4c16828
d4ed8c94
d51cb1b8
d564bee1
d56ab29a
d579479f
d58c0f18
d5afedf0
d6158cb2
d616405a
d6365e9b
d660bf81
d6a57e36
d6b3d72f
d85f7bc0
d8c3e09c
d8e771be
d90398b2
d92d475d
d9b26d1a
d9d5ab7f
d9e1cf47
da153d1f
da1761d5
da300449
da3022ec
da43d7e3
da6b599b
da9fb06d
dab848ee
db0d64c7
dbac89fa
dbbd59f9
dc40474a
dd18979d
dd19bc33
dd28a4a5
dd569e58
dd8013cd
dd9249cc
dd97bbc8
ddb0891f
ddcf6bff
de26f80f
de80f8e6
dea97249
deb94431
debaf5a2
debec24a
def17654
df5ab7e2
dfd67e9f
e02c3198
e0743fff
e09e1e22
e09eb833
e170530e
e189bbc7
e1fc0b38
e233c22c
e24af9e1
e286ac89
e2cb3cf4
e308bd81
e3f1e7ad
e441c9c5
e4610d5c
e46c70eb
e529a06e
e55992c3
e5b0f0e6
e5c7af7d
e611e579
e66708a1
e6ba8fab
e6c2c4fa
e6fa7764
e70839db
e74c8266
e79346ff
e81db71b
e82b14c3
e8403361
e8684c63
e87e0ddb
e8e5bf0c
e937646f
e993bcbd
ea774964
eaafa475
eab841c1
eaedc4e9
eb26fa20
eb52b582
ebe14904
ebef12e9
ec52481f
eca77e59
ee370cdf
ee622ae8
eea893c7
eeb2ddd5
eeb381a7
ef311f94
ef384eb1
ef41a3d8
ef55dce3
ef72cf86
efaca399
efc9d41c
f004e580
f021e76a
f06414bf
f0ce84a3
f107668c
f1876f28
f216540e
f27c51d7
f2f81283
f316f5b1
f34b8c2b
f34d97c6
f35697d4
f40cf386
f48bc865
f49747b0
f4d0b612
f556b238
f557dad4
f5e3eb1a
f6a0e71b
f70cc531
f7a20dc4
f7d49ee1
f849404a
f87385f4
f8892afa
f8a2f51e
f8b48845
f8e21de3
f8f9b8ab
f9463b8f
f958757d
f97c7512
f99d7016
f9d2da64
f9d5f89b
f9e156cb
fa0cffac
fa4adba0
fa90b868
fa97744d
fac728e4
fb35b728
fb5b263c
fb61cf94
fb7237fa
fce4ab0f
fd2a267a
fd3d938d
fd48d7ce
fd526e10
fd5a39b1
fdc01787
fdc2ad52
fdf68d45
fe14e896
fe271572
fe76c224
fef33025
ff1914a8
ff43b6ae
ff982a2e
000f6220
0014bf5c
0019d388
00234fcd
004bc73a
006bba93
0072173d
011e7ffa
017a2547
01ad4886
01c61cc1
01cda000
020bcdd6
028c23aa
028c36b0
03603970
03c0a92b
03fb7389
0468dd94
04be02b2
0542b068
05483286
05bf8890
05f6cd62
06107f47
06372254
0645168c
066e36f1
06bd68c1
070b98d7
075acba7
077b4078
07ea3fd4
08035ddc
0807d26a
082d31c0
084d1011
08df5f0d
08e1838b
0936b76b
0988ef6e
09c29773
09daaa77
09e7c159
0bd824db
0c32b643
0c73f3b9
0cc99c97
0cde66c7
0ceba10b
0cefa1a1
0d9bbaba
0e1e7084
0e6db6ea
0f462253
0f4d97fa
0f672199
0f8f413e
0f9418e7
0fb64de5
0fcced1b
100bab6b
101267a7
10379ba8
1039e7f7
1047429f
10537f10
10c28b3e
11177698
1125142a
112dafeb
11cbae41
12750896
12cf00d2
132e4e1b
1345bad3
1386e53a
1399034d
13bad6c1
14b0341a
14ff133c
150c6774
150d4d4b
155be1fd
15878be2
1594dd85
15bff052
15ef158a
1646f197
16923de4
16b8cf09
173cfdcb
17544758
17df5abb
1810f638
18a84fd4
18eab140
1921e129
19469f80
1960bb14
19b6ba8d
1a300718
1a31fa61
1a796be2
1acb984f
1af4d1ce
1afda312
1ba0e6ae
1bd9cdef
1bf2a662
1c14b802
1cd0eeb9
1d2dc4e8
1d8273e4
1dabc9f5
1dea1b67
1decaf9b
1e7531e2
1eab8d2a
1ee9f614
1fea5e85
1feec80c
204728f7
205c2143
20968190
213539c7
214b1998
2168d255
21c57f98
21ccc894
21d0e770
21d3bdee
21f27a1e
22055189
2205c694
223a3cc1
22a676bb
22e8aea0
232b2f7c
2334c94e
233e6de9
2368cf5f
23961c2a
239e85ec
23c4a439
23f100ed
23f51d21
2405b255
24bc1f45
24f6bd45
25645ef4
2570e924
259e51ff
25cba5f6
269073ff
26cc8138
28eec6cb
29675c06
2993816e
29a9a2dc
29cb5bf8
2a024079
2a0b42f7
2a326a24
2a798635
2b02d445
2b53584b
2b9e4352
2bc2fb70
2be2a7ae
2c7a360b
2ccadff9
2ce36640
2cf20959
2d095add
2d3e46e7
2d837a81
2dbb6198
2e14727a
2e5cd6ab
2e78406c
2ea97646
2eeaed8c
2f33bf0c
305e20bc
307b360b
30c0ca2e
30c69be2
30d1fb91
313191df
3152f767
31baa98a
31f8be8f
322fa9ea
323ec781
327d5513
32a14427
32bad65a
32d4e86f
33953473
33a9658c
34045ea2
34770e7e
35595b04
367016fe
36970095
3698c825
36e1d464
3737f56e
37479065
379d9e2b
37f3757d
3848f9ce
385e8b39
386a3266
38706191
38ac88fd
38c48064
38e30952
394279c2
39c20dc0
3a1bf0ad
3a2ae8c6
3a88d170
3ad341b8
3b0f83fa
3b37a4a7
3b613a87
3b8e0fe7
3c57931c
3c5929af
3ce40f0a
3d8ab761
3dba357c
3dc54514
3de7d012
3e5a670a
3ea734b2
3ed755a4
3f0b766a
3f275624
3f52afa3
3fa1ec4f
3fc86eff
3fea4935
3feec93b
4026abcc
4045b15e
40dcafe1
4114648c
4128efe9
41331ad2
41939988
41971993
419e39ca
41c642ab
41e64568
4227f8e7
42954242
42e89aac
42f041ca
43172271
431b8162
43235692
43ab169c
44040dbb
441c1367
44abcc12
45016c8b
45130a3d
4536911e
455138a8
455283c1
46008b6f
4649a4c3
467dae9f
469b3008
46bf84e4
46c7cb75
47215a54
4733282d
47b9a3b7
47d9cd6f
4840499b
48a883b3
48acd7b5
490072ba
49348b20
493d1650
4949d879
49b1dac9
4a04c073
4a0b74ff
4a58500b
4afa68f4
4b1bfa55
4b32504a
4c105f07
4c1ddd74
4c99699a
4cb7dad1
4cdb09c3
4cf1f22e
4d30ec7e
4d3877a1
4d5fc723
4d6ef06c
4dec5f95
4e62e3e1
4e6842be
4e8c23e8
4ec011d7
4ef3bf1a
4f6867bd
4f8072d5
4f9623c7
4fe3670f
4fff6774
50d4581f
52092696
5261f62a
526dafa8
5279e11e
529ddd2e
52a9e8e8
52af97c3
5335fd72
533a0ea4
533a7dde
536d1bc7
542a3166
54746c5c
54deb820
5505e346
552fd43b
5554f805
55a8f08c
564c3031
56aed26f
56bae08b
56bb468f
5721cf38
57461fdb
5764c5f0
577e004c
57c9eb02
57d1884c
5853a22c
585dc7cc
587333ff
59356bf2
59453ae2
5948b1d2
599bc0cc
5a120781
5a2242dd
5a2d3cf1
5acbab2d
5ae142eb
5b39ec68
5c01547d
5cab0a05
5d8c7ddc
5da04612
5de7436f
5df52356
5e673f67
5f134acb
5f438e3b
5fdae6eb
6073db21
607c8673
612b0878
615af917
618e83ba
619cb263
61a2e8bc
61f7796a
623f68d9
63326577
6355be5d
6359a181
642f0de5
64e478d9
654bf83e
655e758e
657accd7
661d6982
663ba1e9
66776c52
6692cbb4
669c6a6a
66b4c214
66ce0fed
6747a534
677bf7b8
678bd12c
67a30fe2
67a691b4
67af89a7
67ce1426
6814f91e
690aedbb
69812ce0
699c3434
69b62fa9
69b74271
6a150b01
6a33143b
6a8366cc
6add5034
6b539b92
6c27bce5
6c7c7d59
6c91f2a2
6cbb998f
6d5e7129
6d7a2dc3
6e6109b4
6efa7017
6f4c89ce
6f6e9c6e
6f8ab9d9
704fe99b
7072b962
70dee048
7188aeb6
71a7594e
71bbe740
7202498f
7205015a
72582c7c
726de3d3
728f1652
72b25332
72e1f4f5
72ff42a3
736c35b9
74062867
74332f44
744d7189
74a75604
74d82603
750f608a
75579a5e
755babc1
76d21b8c
76ec224b
7718874b
7738a4d8
7752b5c1
77ba2509
77bfbe79
77c390fd
77e62e51
77e6d4f1
7810564c
7866fc84
78c92d20
793e49e9
794b7cdf
7a3c6cf1
7bda2169
7c0f9d32
7c23bc95
7c3f6569
7c6efc0e
7c8140d2
7ce9af76
7d2f94c8
7d378ec1
7d440ab1
7d9bed62
7daf0a5b
7dd809b7
7e459678
7e624e92
7e7d00f4
7f30cfaa
7fe2ce6b
7fee6142
8006b6e1
80216964
80226ad3
80323fa6
8046caf0
80664b1d
808d66bc
80c56b6d
80ed5de5
80f2cf3a
814b825f
819ad835
81b316d2
81bba4f9
81ebb79f
81f3a5cf
82cfb125
835f6440
8397d2f9
83ab5ffa
83ffd553
84017481
8481d79c
849220e8
85019e83
850983fe
85274ab6
8607f4e3
863b78e9
8658c504
86f9e45d
870ed0a5
875cdbe5
876537e1
87d543da
88014fd3
88295fec
8831d572
88f2a74e
89a3a631
89b8814f
89c016bf
8a1fa93c
8a895482
8abdcb37
8b624d35
8b75208a
8bbdd9c3
8bc6e52a
8c1000ba
8c4629ba
8c750121
8cc1070d
8d0769fb
8d31f217
8d406f1e
8d5b570b
8d7e6ae8
8f28de56
8ffc722f
90a65f58
90ef7c49
91e0effc
921e778f
9274238f
92951ca2
92d8e492
9304541d
93231154
9329478c
93e3b1ac
9427d338
942bc65d
9484860a
9532ff4f
95a14249
95b4813b
95dfb04a
965b8eb0
965d93e9
96f435fb
97074d54
976cf7eb
97c2251b
982d7fe2
9899532d
98b2c142
98b425b7
98f8859a
99a525e3
9a83f89d
9a900465
9af6b61b
9b37daca
9b386d59
9c1d4602
9c4ce1ad
9c83e8c6
9cb0831d
9cbd5de4
9ce37a45
9cf7716f
9d559b06
9d8a928f
9df521db
9e38ba89
9e8331c8
9e8e8abd
9ed04889
9f179ad9
9f7e1ef6
9facb1b4
a0401c85
a09cd026
a10362d6
a11a6110
a151b520
a18746d6
a1a9d047
a21301e2
a2620216
a28949cc
a28b7e60
a29b054d
a29b5856
a2f53922
a3ae0cef
a4ee5c53
a526c7ca
a5d714f1
a5f8492f
a5febe72
a626ee01
a67019ed
a768cfc8
a76fb63d
a808db4a
a8496e36
a899e0e6
a8ac3a7a
a8b80ec0
a8ddf940
a92b53f4
a9860089
a9fa9b8e
aa38f772
aa7fb257
aa897d85
aad62718
aae8f964
abba3414
ac30fe00
ac63840f
ac953f79
aca7e397
acaebbd4
acc61216
ad068024
ad14741d
ad1c33a4
ad54b08d
ae78ad4f
aee81c96
aef68903
af0e401b
af329b9a
af972978
afbd6006
aff4d484
b05dd4c0
b0a40bc7
b0df8181
b113ad4b
b16b30ef
b17ac7e3
b1878649
b18e52a6
b20cdeca
b24bb502
b294fff6
b2d22e32
b30a4061
b31da60c
b326bc6a
b39c9c45
b3c7e02e
b3dc98f7
b3eb668c
b4108427
b4594b60
b49f1d5d
b49f6565
b5184cef
b56f263c
b5ac3722
b5be0524
b62e4a68
b674eb72
b73d668e
b75248d7
b8085956
b86532a7
b8ae0289
ba20bc61
ba31f1ab
ba984ce5
baa0a497
bb00f02d
bb96d9a4
bbae8975
bbd265cb
bc8da13d
bd096c88
bd2f934c
bd39fa2f
bd834290
be04faac
be21363d
bece8761
bf32d572
bf3fcc88
bf91659b
bf9cbfe3
bfd14168
c022cd7c
c0408840
c0bac019
c0f42994
c117c641
c1c0fb34
c1ce6631
c24261b9
c245a272
c251425e
c2f3f296
c3b19e48
c4026bb4
c437a4c8
c455d49a
c528b658
c59716d7
c6479bc6
c7312468
c735a194
c7ae7bc2
c80948d3
c8193310
c829e306
c8bb5fd2
c8c64e28
c8c72e5a
c902f6c7
c9cb38e9
c9f4e23f
ca3d94e0
ca8017b0
cb071960
cb6c42a3
cb774137
cb8df967
cbe79b63
cc0f7179
cc8138df
cc91519e
cd55b475
cd676f5a
cd85899d
cebb0177
ceeb8fad
cfbfec1b
d028d504
d128c5c2
d1d80684
d1f85a38
d209107e
d2446349
d250ad0b
d2ddc4b6
d3a46696
d3dbba8d
d3e267d6
d488844a
d4c16828
d4ed8c94
d51cb1b8
d564bee1
d56ab29a
d579479f
d58c0f18
d5afedf0
d6158cb2
d616405a
d6365e9b
d660bf81
d6a57e36
d6b3d72f
d85f7bc0
d8c3e09c
d8e771be
d90398b2
d92d475d
d9b26d1a
d9d5ab7f
d9e1cf47
da153d1f
da1761d5
da300449
da3022ec
da43d7e3
da6b599b
da9fb06d
dab848ee
db0d64c7
dbac89fa
dbbd59f9
dc40474a
dd18979d
dd19bc33
dd28a4a5
dd569e58
dd8013cd
dd9249cc
dd97bbc8
ddb0891f
ddcf6bff
de26f80f
de80f8e6
dea97249
deb94431
debaf5a2
debec24a
def17654
df5ab7e2
dfd67e9f
e02c3198
e0743fff
e09e1e22
e09eb833
e170530e
e189bbc7
e1fc0b38
e233c22c
e24af9e1
e286ac89
e2cb3cf4
e308bd81
e3f1e7ad
e441c9c5
e4610d5c
e46c70eb
e529a06e
e55992c3
e5b0f0e6
e5c7af7d
e611e579
e66708a1
e6ba8fab
e6c2c4fa
e6fa7764
e70839db
e74c8266
e79346ff
e81db71b
e82b14c3
e8403361
e8684c63
e87e0ddb
e8e5bf0c
e937646f
e993bcbd
ea774964
eaafa475
eab841c1
eaedc4e9
eb26fa20
eb52b582
ebe14904
ebef12e9
ec52481f
eca77e59
ee370cdf
ee622ae8
eea893c7
eeb2ddd5
eeb381a7
ef311f94
ef384eb1
ef41a3d8
ef55dce3
ef72cf86
efaca399
efc9d41c
f004e580
f021e76a
f06414bf
f0ce84a3
f107668c
f1876f28
f216540e
f27c51d7
f2f81283
f316f5b1
f34b8c2b
f34d97c6
f35697d4
f40cf386
f48bc865
f49747b0
f4d0b612
f556b238
f557dad4
f5e3eb1a
f6a0e71b
f70cc531
f7a20dc4
f7d49ee1
f849404a
f87385f4
f8892afa
f8a2f51e
f8b48845
f8e21de3
f8f9b8ab
f9463b8f
f958757d
f97c7512
f99d7016
f9d2da64
f9d5f89b
f9e156cb
fa0cffac
fa4adba0
fa90b868
fa97744d
fac728e4
fb35b728
fb5b263c
fb61cf94
fb7237fa
fce4ab0f
fd2a267a
fd3d938d
fd48d7ce
fd526e10
fd5a39b1
fdc01787
fdc2ad52
fdf68d45
fe14e896
fe271572
fe76c224
fef33025
ff1914a8
ff43b6ae
ff982a2e
000f6220
0014bf5c
0019d388
00234fcd
004bc73a
006bba93
0072173d
011e7ffa
017a2547
01ad4886
01c61cc1
01cda000
020bcdd6
028c23aa
028c36b0
03603970
03c0a92b
03fb7389
0468dd94
04be02b2
0542b068
05483286
05bf8890
05f6cd62
06107f47
06372254
0645168c
066e36f1
06bd68c1
070b98d7
075acba7
077b4078
07ea3fd4
08035ddc
0807d26a
082d31c0
084d1011
08df5f0d
08e1838b
0936b76b
0988ef6e
09c29773
09daaa77
09e7c159
0bd824db
0c32b643
0c73f3b9
0cc99c97
0cde66c7
0ceba10b
0cefa1a1
0d9bbaba
0e1e7084
0e6db6ea
0f462253
0f4d97fa
0f672199
0f8f413e
0f9418e7
0fb64de5
0fcced1b
100bab6b
101267a7
10379ba8
1039e7f7
1047429f
10537f10
10c28b3e
11177698
1125142a
112dafeb
11cbae41
12750896
12cf00d2
132e4e1b
1345bad3
1386e53a
1399034d
13bad6c1
14b0341a
14ff133c
150c6774
150d4d4b
155be1fd
15878be2
1594dd85
15bff052
15ef158a
1646f197
16923de4
16b8cf09
173cfdcb
17544758
17df5abb
1810f638
18a84fd4
18eab140
1921e129
19469f80
1960bb14
19b6ba8d
1a300718
1a31fa61
1a796be2
1acb984f
1af4d1ce
1afda312
1ba0e6ae
1bd9cdef
1bf2a662
1c14b802
1cd0eeb9
1d2dc4e8
1d8273e4
1dabc9f5
1dea1b67
1decaf9b
1e7531e2
1eab8d2a
1ee9f614
1fea5e85
1feec80c
204728f7
205c2143
20968190
213539c7
214b1998
2168d255
21c57f98
21ccc894
21d0e770
21d3bdee
21f27a1e
22055189
2205c694
223a3cc1
22a676bb
22e8aea0
232b2f7c
2334c94e
233e6de9
2368cf5f
23961c2a
239e85ec
23c4a439
23f100ed
23f51d21
2405b255
24bc1f45
24f6bd45
25645ef4
2570e924
259e51ff
25cba5f6
269073ff
26cc8138
28eec6cb
29675c06
2993816e
29a9a2dc
29cb5bf8
2a024079
2a0b42f7
2a326a24
2a798635
2b02d445
2b53584b
2b9e4352
2bc2fb70
2be2a7ae
2c7a360b
2ccadff9
2ce36640
2cf20959
2d095add
2d3e46e7
2d837a81
2dbb6198
2e14727a
2e5cd6ab
2e78406c
2ea97646
2eeaed8c
2f33bf0c
305e20bc
307b360b
30c0ca2e
30c69be2
30d1fb91
313191df
3152f767
31baa98a
31f8be8f
322fa9ea
323ec781
327d5513
32a14427
32bad65a
32d4e86f
33953473
33a9658c
34045ea2
34770e7e
35595b04
367016fe
36970095
3698c825
36e1d464
3737f56e
37479065
379d9e2b
37f3757d
3848f9ce
385e8b39
386a3266
38706191
38ac88fd
38c48064
38e30952
394279c2
39c20dc0
3a1bf0ad
3a2ae8c6
3a88d170
3ad341b8
3b0f83fa
3b37a4a7
3b613a87
3b8e0fe7
3c57931c
3c5929af
3ce40f0a
3d8ab761
3dba357c
3dc54514
3de7d012
3e5a670a
3ea734b2
3ed755a4
3f0b766a
3f275624
3f52afa3
3fa1ec4f
3fc86eff
3fea4935
3feec93b
4026abcc
4045b15e
40dcafe1
4114648c
4128efe9
41331ad2
41939988
41971993
419e39ca
41c642ab
41e64568
4227f8e7
42954242
42e89aac
42f041ca
43172271
431b8162
43235692
43ab169c
44040dbb
441c1367
44abcc12
45016c8b
45130a3d
4536911e
455138a8
455283c1
46008b6f
4649a4c3
467dae9f
469b3008
46bf84e4
46c7cb75
47215a54
4733282d
47b9a3b7
47d9cd6f
4840499b
48a883b3
48acd7b5
490072ba
49348b20
493d1650
4949d879
49b1dac9
4a04c073
4a0b74ff
4a58500b
4afa68f4
4b1bfa55
4b32504a
4c105f07
4c1ddd74
4c99699a
4cb7dad1
4cdb09c3
4cf1f22e
4d30ec7e
4d3877a1
4d5fc723
4d6ef06c
4dec5f95
4e62e3e1
4e6842be
4e8c23e8
4ec011d7
4ef3bf1a
4f6867bd
4f8072d5
4f9623c7
4fe3670f
4fff6774
50d4581f
52092696
5261f62a
526dafa8
5279e11e
529ddd2e
52a9e8e8
52af97c3
5335fd72
533a0ea4
533a7dde
536d1bc7
542a3166
54746c5c
54deb820
5505e346
552fd43b
5554f805
55a8f08c
564c3031
56aed26f
56bae08b
56bb468f
5721cf38
57461fdb
5764c5f0
577e004c
57c9eb02
57d1884c
5853a22c
585dc7cc
587333ff
59356bf2
59453ae2
5948b1d2
599bc0cc
5a120781
5a2242dd
5a2d3cf1
5acbab2d
5ae142eb
5b39ec68
5c01547d
5cab0a05
5d8c7ddc
5da04612
5de7436f
5df52356
5e673f67
5f134acb
5f438e3b
5fdae6eb
6073db21
607c8673
612b0878
615af917
618e83ba
619cb263
61a2e8bc
61f7796a
623f68d9
63326577
6355be5d
6359a181
642f0de5
64e478d9
654bf83e
655e758e
657accd7
661d6982
663ba1e9
66776c52
6692cbb4
669c6a6a
66b4c214
66ce0fed
6747a534
677bf7b8
678bd12c
67a30fe2
67a691b4
67af89a7
67ce1426
6814f91e
690aedbb
69812ce0
699c3434
69b62fa9
69b74271
6a150b01
6a33143b
6a8366cc
6add5034
6b539b92
6c27bce5
6c7c7d59
6c91f2a2
6cbb998f
6d5e7129
6d7a2dc3
6e6109b4
6efa7017
6f4c89ce
6f6e9c6e
6f8ab9d9
704fe99b
7072b962
70dee048
7188aeb6
71a7594e
71bbe740
7202498f
7205015a
72582c7c
726de3d3
728f1652
72b25332
72e1f4f5
72ff42a3
736c35b9
74062867
74332f44
744d7189
74a75604
74d82603
750f608a
75579a5e
755babc1
76d21b8c
76ec224b
7718874b
7738a4d8
7752b5c1
77ba2509
77bfbe79
77c390fd
77e62e51
77e6d4f1
7810564c
7866fc84
78c92d20
793e49e9
794b7cdf
7a3c6cf1
7bda2169
7c0f9d32
7c23bc95
7c3f6569
7c6efc0e
7c8140d2
7ce9af76
7d2f94c8
7d378ec1
7d440ab1
7d9bed62
7daf0a5b
7dd809b7
7e459678
7e624e92
7e7d00f4
7f30cfaa
7fe2ce6b
7fee6142
8006b6e1
80216964
80226ad3
80323fa6
8046caf0
80664b1d
808d66bc
80c56b6d
80ed5de5
80f2cf3a
814b825f
819ad835
81b316d2
81bba4f9
81ebb79f
81f3a5cf
82cfb125
835f6440
8397d2f9
83ab5ffa
83ffd553
84017481
8481d79c
849220e8
85019e83
850983fe
85274ab6
8607f4e3
863b78e9
8658c504
86f9e45d
870ed0a5
875cdbe5
876537e1
87d543da
88014fd3
88295fec
8831d572
88f2a74e
89a3a631
89b8814f
89c016bf
8a1fa93c
8a895482
8abdcb37
8b624d35
8b75208a
8bbdd9c3
8bc6e52a
8c1000ba
8c4629ba
8c750121
8cc1070d
8d0769fb
8d31f217
8d406f1e
8d5b570b
8d7e6ae8
8f28de56
8ffc722f
90a65f58
90ef7c49
91e0effc
921e778f
9274238f
92951ca2
92d8e492
9304541d
93231154
9329478c
93e3b1ac
9427d338
942bc65d
9484860a
9532ff4f
95a14249
95b4813b
95dfb04a
965b8eb0
965d93e9
96f435fb
97074d54
976cf7eb
97c2251b
982d7fe2
9899532d
98b2c142
98b425b7
98f8859a
99a525e3
9a83f89d
9a900465
9af6b61b
9b37daca
9b386d59
9c1d4602
9c4ce1ad
9c83e8c6
9cb0831d
9cbd5de4
9ce37a45
9cf7716f
9d559b06
9d8a928f
9df521db
9e38ba89
9e8331c8
9e8e8abd
9ed04889
9f179ad9
9f7e1ef6
9facb1b4
a0401c85
a09cd026
a10362d6
a11a6110
a151b520
a18746d6
a1a9d047
a21301e2
a2620216
a28949cc
a28b7e60
a29b054d
a29b5856
a2f53922
a3ae0cef
a4ee5c53
a526c7ca
a5d714f1
a5f8492f
a5febe72
a626ee01
a67019ed
a768cfc8
a76fb63d
a808db4a
a8496e36
a899e0e6
a8ac3a7a
a8b80ec0
a8ddf940
a92b53f4
a9860089
a9fa9b8e
aa38f772
aa7fb257
aa897d85
aad62718
aae8f964
abba3414
ac30fe00
ac63840f
ac953f79
aca7e397
acaebbd4
acc61216
ad068024
ad14741d
ad1c33a4
ad54b08d
ae78ad4f
aee81c96
aef68903
af0e401b
af329b9a
af972978
afbd6006
aff4d484
b05dd4c0
b0a40bc7
b0df8181
b113ad4b
b16b30ef
b17ac7e3
b1878649
b18e52a6
b20cdeca
b24bb502
b294fff6
b2d22e32
b30a4061
b31da60c
b326bc6a
b39c9c45
b3c7e02e
b3dc98f7
b3eb668c
b4108427
b4594b60
b49f1d5d
b49f6565
b5184cef
b56f263c
b5ac3722
b5be0524
b62e4a68
b674eb72
b73d668e
b75248d7
b8085956
b86532a7
b8ae0289
ba20bc61
ba31f1ab
ba984ce5
baa0a497
bb00f02d
bb96d9a4
bbae8975
bbd265cb
bc8da13d
bd096c88
bd2f934c
bd39fa2f
bd834290
be04faac
be21363d
bece8761
bf32d572
bf3fcc88
bf91659b
bf9cbfe3
bfd14168
c022cd7c
c0408840
c0bac019
c0f42994
c117c641
c1c0fb34
c1ce6631
c24261b9
c245a272
c251425e
c2f3f296
c3b19e48
c4026bb4
c437a4c8
c455d49a
c528b658
c59716d7
c6479bc6
c7312468
c735a194
c7ae7bc2
c80948d3
c8193310
c829e306
c8bb5fd2
c8c64e28
c8c72e5a
c902f6c7
c9cb38e9
c9f4e23f
ca3d94e0
ca8017b0
cb071960
cb6c42a3
cb774137
cb8df967
cbe79b63
cc0f7179
cc8138df
cc91519e
cd55b475
cd676f5a
cd85899d
cebb0177
ceeb8fad
cfbfec1b
d028d504
d128c5c2
d1d80684
d1f85a38
d209107e
d2446349
d250ad0b
d2ddc4b6
d3a46696
d3dbba8d
d3e267d6
d488844a
d4c16828
d4ed8c94
d51cb1b8
d564bee1
d56ab29a
d579479f
d58c0f18
d5afedf0
d6158cb2
d616405a
d6365e9b
d660bf81
d6a57e36
d6b3d72f
d85f7bc0
d8c3e09c
d8e771be
d90398b2
d92d475d
d9b26d1a
d9d5ab7f
d9e1cf47
da153d1f
da1761d5
da300449
da3022ec
da43d7e3
da6b599b
da9fb06d
dab848ee
db0d64c7
dbac89fa
dbbd59f9
dc40474a
dd18979d
dd19bc33
dd28a4a5
dd569e58
dd8013cd
dd9249cc
dd97bbc8
ddb0891f
ddcf6bff
de26f80f
de80f8e6
dea97249
deb94431
debaf5a2
debec24a
def17654
df5ab7e2
dfd67e9f
e02c3198
e0743fff
e09e1e22
e09eb833
e170530e
e189bbc7
e1fc0b38
e233c22c
e24af9e1
e286ac89
e2cb3cf4
e308bd81
e3f1e7ad
e441c9c5
e4610d5c
e46c70eb
e529a06e
e55992c3
e5b0f0e6
e5c7af7d
e611e579
e66708a1
e6ba8fab
e6c2c4fa
e6fa7764
e70839db
e74c8266
e79346ff
e81db71b
e82b14c3
e8403361
e8684c63
e87e0ddb
e8e5bf0c
e937646f
e993bcbd
ea774964
eaafa475
eab841c1
eaedc4e9
eb26fa20
eb52b582
ebe14904
ebef12e9
ec52481f
eca77e59
ee370cdf
ee622ae8
eea893c7
eeb2ddd5
eeb381a7
ef311f94
ef384eb1
ef41a3d8
ef55dce3
ef72cf86
efaca399
efc9d41c
f004e580
f021e76a
f06414bf
f0ce84a3
f107668c
f1876f28
f216540e
f27c51d7
f2f81283
f316f5b1
f34b8c2b
f34d97c6
f35697d4
f40cf386
f48bc865
f49747b0
f4d0b612
f556b238
f557dad4
f5e3eb1a
f6a0e71b
f70cc531
f7a20dc4
f7d49ee1
f849404a
f87385f4
f8892afa
f8a2f51e
f8b48845
f8e21de3
f8f9b8ab
f9463b8f
f958757d
f97c7512
f99d7016
f9d2da64
f9d5f89b
f9e156cb
fa0cffac
fa4adba0
fa90b868
fa97744d
fac728e4
fb35b728
fb5b263c
fb61cf94
fb7237fa
fce4ab0f
fd2a267a
fd3d938d
fd48d7ce
fd526e10
fd5a39b1
fdc01787
fdc2ad52
fdf68d45
fe14e896
fe271572
fe76c224
fef33025
ff1914a8
ff43b6ae
ff982a2e

eso, cada archivo con su checksum
agradecido de antemano Apuromafo
7  Programación / Ingeniería Inversa / Herramientas para la Ing inversa(ojo sin enlaces web) en: 30 Mayo 2012, 20:48
muchos son nuevos , no olvidar pasar por aqui:
http://foro.elhacker.net/ingenieria_inversa/faq_iquesteres_nuevo-t345798.0.html
pero luego de conocer la ing inversa, pasa que cada tutorial nuevo , aveces hablan de herramientas que son totalmente desconocidas,
si alguien realmente quiere tenerle con enlaces, favor crear otro thread, pues este solo tiene el proposito de informar y no de entregar todo regalado.-

Intentare, con el apoyo de todos, listar las herramientas que de a poco han ido apareciendo y de paso, si alguien es tan amable, ira intentando respaldar o consultar donde buscar la proxima tool en algun otro thread para asi solo tener la idea de las herramientas bases que existen

Introducción:
Cada dia con cada noticia mas desastres, enlaces muertos de amigos que hicieron varias tools, herramientas que ya los enlaces no existen

quiero comenzar a buscar y ordenar en el hilo algunas herramientas que pueden ser usadas, pero sin tener enlace web para evitar su muerte

comenzemos:
Existen varios kits, los cuales año a año van agregando o quitando mas cosas, no todas son indispensables pero suele ocurrir que muchos piensan que con tener las tools (tener cientos de gb ) en herramientas, realmente es lo necesario, y aveces lo indispensable es saber usarlas en el momento ideal

asi que comenzaré un listado de herramientas a modo que

Debuggers

formato PE en general x86(intel)
*IDA
*ollydbg
*Immunity Debugger
PEBrowse Professional

*modds de ollydbg
OllySND
OllyShadow
olly para buscar oep
ollyghost
Tpodt
9in1 for Themida    
BoomBox  
Chinese Edition
CiM's Edition    
Diablo's
EvO_DBG
ExeCryptor Edition
FOFF Team Edition 1.0/ 2.0
Hacnho's
HanOlly 1.0
LifeODBG 1.4
NoLoVeR
OllyDRX  
OllyICE
Portable OllySnD
RAMOllyDBG 1.1
Russian Edition
Sabre-Gold
UST_2bg
Windows 7
YPOGEiOS
OllyDbg 2.01 alpha4->ollysnd2.0




Ring 0
Windbg
Sofice

Dis-assembler/decompiler
REC Studio ->c++
P32Dasm o P32DASM ->vb P-CODE
refox->Visual FoxPro (3.0-7.0), FoxPro 2.x, FoxPro 1.x  FoxBASE
wdasm->x86 en general no packed (código muerto)
vbdecompiler->visual basic decompiler
*Sylvain Bruyere      
*GPcH Soft      
VB RezQ ->visual basic
VBDE 0.85 ->visual basic
ExDec  ->vb p-code
DeDe->dephi
IDR - Interactive Delphi Reconstructor->delphi
DE Decompiler->delphi
E2A (event 2 adress)->delphi
*  Delphi Decompiler  By bitmaker (C) 1997-2010    
Wintruder->vb en general
Whiskey Kon Tequilla VB>vb P-Code Debugger-
RACEVB6->vb pcode
DoDi's Visual Basic 4 Decompiler ->vb 3/4
MiniDe -> delphi
c32asm 1.0.9.0
Debuggy 1.02
DirtyJOE 1.0 (c147)
FDBG 001E
TRW2000 for Windows 9x




x64
*IDA
*Visual DuxDebugger

.net
*ollydbg 2.0 (solo visualizacion)
*IDA
*calimero
*y otras tools:
DNDID
Wintruder
PEBrowse Professional
*reflector(REFLECTOR DECOMPILER)
*DIS#(DIS# .NET decompiler)
*SAE
*SALAMANDER NET DECOMPILER
*SPICES DECOMPILER


java:
jClazzME
javadecompiler
eclipse



linux
*ollydbg 2.0 (solo visualizacion)
*IDA desde remote debugging o bien IDA licenciado
*GDB

MAC/OSX
*GDB
*IDA desde remote debugging o bien IDA licenciado
*Xcode, Gdb, Hopper Disassembler


 Symbian and PalmOS /    Android OS Reversing /    All Microsoft Mobile Platforms/java/ARM
*PalmOSEmulator (aveces +ROM)
*prcedit
*PRCExplorer
*PalmdeMON
*Symbian Exe 3rd-Edition Unpacker
*unSIS
*Androguard
*Coddec
*DED
*dedexer
*PETRAN
*IDA desde remote debugging o bien IDA licenciado (ARM)

*Herramientas básicas
Editor hexadecimal
*Winhex
*HexCmp 2 (fairdell)
· Biew v5.6.2
· Hiew v7.10
· WinHex v12.5


Editor Programas PE/editor de recurso
*UltraEdit (UE)
*PE Editor
*PE Tools
*Lord PE
*CFF
*· Stud_PE v2.1
· PE Insight  
 · PE Rebuilder
· PE Optimizer  



Rebuilding
* ImpRec  
* Revirgin  
* LordPE De Luxe
* Scylla
* Chimprec
* Imports Fixer  


EDITORES DE RECURSOS
*Resource Tuner
*PE explorer
*Restorator
*CFF (ntcore)
· Resource Hacker
XN Resource Editor


Analizadores:
*RDG Packer Detector
*PID(protectionID )
*PEID
*ExeinfoPE


Patchers:
dup2:
/*+---dup2
|   +---chiptunes
|   +---icons
|   +---projects
|   \---skins
*
Abel Self Learning Loader Generator (ABEL Loader)
CodeFusion Wizard 3.0
· dUP 2
· Universal Patcher
· Universal Loader Creator
· aPatch
· PMaker  
· Tola’s Patch Engine
· Yoda’s Process Patcher (tb existe plugin en peid)
· Registry Patch Creator
· ScAEvoLa’s PatchEngine
· Dogbert’s Genuine Patching Engine  
· Graphical-PatchMaker
· The aPE
· Liquid2
· PELG
· PrincessSandy
*PMaker 1.2.0.1
*Tola's Patching Engine
*uPPP
*Injecta
*HzorInline
* PUPE 2002

Escaneador de apis:
TracePlus Win32
KAM (kakeware)


Monitores:
Smartcheck
vbaStrCmp.v2.1-RES-tool
· Process Explorer
· FileMon  
· RegMon

Unpackers/scripts:
*debido a que son muchos de a poco...
ORCA

unpelock1.2 ->pelock


ACkiller->acprotect
ACStripper->acprotect


themida 1.8x->unthemida
*Quick_Unpack_2.2.Tool.tPORt



para telock
*unpacker script/tool
para aspack
*unpacker script/tool

para pecompact
*Nacho_dj/ARTeam

para asprotect:
*plugins de peid
*stripper
*DecomAS (pekill)
*plugin codedoctor
· ASPR Dumper v0.1
ASPR CRC Locator 1.2
*asprapi.tool-tsrh



para armadillo:
ArmaG3ddon ->armadillo
armascripts by fungus/mr.exodia/lcf/solid/guan->armadillo

*Arma FP

|   +---Arma Intruder v0.4
|   +---ArmaDetach v1.3.1
|   +---Armadillo 6.x HWID Changer Pro v1.0
|   +---Armadillo Cleaner v1.0
|   +---Armadillo CRC Finder v1.4.1
|   +---Armadillo DeAttacher v1.0
|   +---Armadillo DLL-OCX Stripper v1.6
|   +---Armadillo Environment Variables v1.3
|   +---Armadillo Generic Unpacker Interface v1.5.4
|   +---Armadillo Goblin v1.0
|   +---Armadillo HWID Loader Creator v1.0
|   +---Armadillo HWID Patcher v1.2
|   +---Armadillo Key Generator v1.5
|   +---Armadillo Killer v2.6
|   +---Armadillo Loader v1.0
|   +---Armadillo Nanomites Fixer v1.2
|   +---Armadillo Reducer v1.7.1
|   +---Armadillo Resolve DLP v1.3
|   +---Armadillo Sections Stripper v1.22
|   +---Armadillo v4.xx -5.xx HWID Changer v0.2
|   +---ArmaDumper v1.0
|   +---ArmaG3ddon v1.9
|   |   \---ArmaG3ddon v1.9
|   +---ArmaRaider v3.3
|   +---ArmEV_inline
|   |   +---ArmEV_inline
|   |   |   +---ArmEV_inline_private
|   |   |   |   \---ArmEV_inline_reader
|   |   |   |       \---certificates
|   |   |   |           +---Armadillo Projects
|   |   |   |           \---INI Files
|   |   |   \---ArmEV_inline_reader
|   |   |       \---certificates
|   |   |           +---Armadillo Projects
|   |   |           \---INI Files
|   |   +---ArmEV_inline_private
|   |   |   \---ArmEV_inline_reader
|   |   |       \---certificates
|   |   |           +---Armadillo Projects
|   |   |           \---INI Files
|   |   \---ArmEV_inline_reader
|   |       \---certificates
|   |           +---Armadillo Projects
|   |           \---INI Files
|   +---ArmInline v0.96
|   +---ArmKiller v1.2.1
|   +---ArmPassPatch v1.2
|   +---ArmTools v1.2
|   +---DeArmadillo v0.4
|   +---dilloDIE v1.6
|   +---FlyNano v1.1
|   +---N-Rec v1.7
|   |   \---stub
|   +---Nanomites Killer v1.0
|   \---UnArm
|       +---v1.1
|       +---v1.2
|       +---v1.3
|       \---v1.4
+---ArmaG3ddon_v1.9_by_ARTeam
|   +---Armadillo Nanomites Fixer v1.2
|   \---Armadillo Nanomites Fixer v1.3
+---armascripts by fungus

*AI by ghandi


thinistall
*Thinstall dependency Extractor

otros
· Procdump v1.6.2



· ASPack - ASPackDie
· ASProtect > Stripper
· DBPE > UnDBPE
· FSG 1.33 > Pumqara’s Dumper
· FSG 2.00 > UnFSG
· MEW > UnMEW
· PeCompact 1.x > UnPecomp
· PEncrypt > UnPEncrypt
· PeSpin 0.3 > DeSpinner 0.3
· tELock 0.98-1.0 > UntELock
· EXEStealth > UnStealth
· Xtreme-Protector / Themida > XprotStripper v1.1 win 9x
· Morphine Killer 1.1 by SuperCracker/SND
otros:unpacking kit 2012
AC.Protect
AC.Protect AC.Stripper.Rebuilder.v1.35
AC.Protect ACProtectStripper1.0
AC.Protect ACStripper 1.0
AC.Protect ACStripper 1.5
ACTIVE.MARK
ACTIVE.MARK AMDumpV6_12_by_condzero
ACTIVE.MARK AMLoadV6_v11_by_CondZero
ACTIVE.MARK AMRegsnd_v11_by_CondZero
ACTIVE.MARK AM_5x_GenericLoader_by_CondZero
ACTIVE.MARK DeaM
AEL
AEL Sources
AEL Sources Res
AEL Sources Res Logo
ARMADILLO
ARMADILLO 5.xx
ARMADILLO Arm unpack
ARMADILLO ArmaDetach
ARMADILLO ArmaDetachMe
ARMADILLO Armadillo.CRC.Finder-1.2
ARMADILLO Armadillo.DLL-OCX Stripper.v1.6
ARMADILLO Armadillo.Dumper-1.0
ARMADILLO Armadillo.Goblin.v1.0
ARMADILLO Armadillo.Nanomites.Recoverer-1.7
ARMADILLO Armadillo.Nanomites.Recoverer-1.7 stub
ARMADILLO Armadillo.Process.Detach-1.1
ARMADILLO armadillo.stripper.1.21
ARMADILLO Armadillo_Find_Protected_V1.4
ARMADILLO Armadillo_HWID_Patcher_v1.2
ARMADILLO Armadillo_Key_Generator_1.5
ARMADILLO ArmaDump
ARMADILLO Armagui
ARMADILLO ArmaReducer
ARMADILLO armdep
ARMADILLO ArmInline
ARMADILLO armkiller
ARMADILLO ArmTools
ARMADILLO Demaradillo.v0.4
ARMADILLO Demaradillo.v0.4 source
ARMADILLO Dillo.Dumper.v2.3
ARMADILLO Dillodie
ARMADILLO DilloDumper-2.55
ARMADILLO disARM.v1.0
ARMADILLO Distance Decryptor
ARMADILLO Nanomite Fixer
ARMADILLO stripper_v213b9
ARMADILLO ua14
ARMADILLO unadillo
AS.Pack
AS.Pack 2unaspack
AS.Pack ANTI AS pack
AS.Pack ASPack 2.11 unpack
AS.Pack ASPackDie
AS.Pack ASPackDie 1.2
AS.Pack ASPackDie 1.2 SRC
AS.Pack ASPackDie 1.3
AS.Pack ASPackDie 1.3 SRC
AS.Pack ASPackDie 1.4.1
AS.Pack ASPack_u_11
AS.Pack aspatch
AS.Pack asprdbgr
AS.Pack deasp
AS.Pack Pmak_2
AS.Pack qcaspack
AS.Pack RL!deASPack 2.12
AS.Pack unaspack
AS.Pack unaspack 1.0
AS.Pack unaspack 2.12
AS.Pack unaspack 2.12 Src
AS.Pack unaspack 2.12 Src Res
AS.Pack waspack
AS.Protect
AS.Protect antiaspr
AS.Protect AS-AntiProtect.v0.98b
AS.Protect asap98b
AS.Protect asap98b API_DLL
AS.Protect ASPr
AS.Protect ASPr modules
AS.Protect ASPR Dumper v0.1
AS.Protect ASPR Dumper v0.1 AsprDbgr
AS.Protect Aspr v2.XX unpacker v1.0E
AS.Protect Aspr-loader
AS.Protect asprdbgr
AS.Protect ASProtect SKE Inline Patcher v0.1
AS.Protect AsprStripperXP-1.35
AS.Protect caspr
AS.Protect caspr EXAMPLES
AS.Protect caspr EXAMPLES APPS
AS.Protect caspr EXAMPLES APPS ASPR12
AS.Protect caspr EXAMPLES APPS W32DASM8
AS.Protect caspr EXAMPLES LINKERS
AS.Protect caspr EXAMPLES LINKERS BC
AS.Protect caspr EXAMPLES LINKERS DEPHI
AS.Protect caspr EXAMPLES LINKERS VC
AS.Protect DelAsprKeys
AS.Protect rad
AS.Protect rad source
AS.Protect STRIPPER
AS.Protect STRIPPER Stripper.v2.07
AS.Protect STRIPPER Stripper.v2.07 modules
AS.Protect STRIPPER stripper211
AS.Protect STRIPPER stripper211 stripper_v211rc2
AS.Protect STRIPPER stripper_v207ht
AS.Protect STRIPPER stripper_v207ht modules
AS.Protect STRIPPER stripper_v211rc2
AS.Protect STRIPPER Stripper_v213b9
AS.Protect STRIPPER Stripper_v213b9 stripper_v213b9
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspack212
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspackdie12
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspackdie12 SRC
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspackdie13c
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspackdie13c SRC
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspackdie13d
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect aspackdie13d SRC
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect asprotect123
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect Stripper.v2.07
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect Stripper.v2.07 modules
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect Stripper.v2.11.RC2
AS.Protect STRIPPER Stripper_v213b9 unpacker aspack-asprotect Stripper.v2.11.RC2 stripper_v211rc2
AS.Protect STRIPPER unvbaspr2.0
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES APPS
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES APPS ASPR12
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES APPS W32DASM8
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES LINKERS
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES LINKERS BC
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES LINKERS DEPHI
AS.Protect STRIPPER unvbaspr2.0 EXAMPLES LINKERS VC
AS.Protect UnVbAspr-1.1
BERO
BERO RL!deBeRoEXEPacker
BJFNT
BJFNT UnBJFNT
CDCops
CEXE
CEXE CEXE.1.0x.UNpacker.v1.0
CEXE deCEXE
CEXE deCEXE ASF2ASM
CODECRYPT
CODECRYPT uncodecrypt1
CODECRYPT uncodecrypt2
COPYLOCK
COPYLOCK CopyLok.PanLok.Remover.v1.0
COPYLOCK De.COPS.Copylock.II
CRUNCH
CRUNCH De-Crunch.v0.1
CRUNCH De-Crunch.v0.1 src
CRUNCH decrunchit
DB.Pe
DB.Pe UNDBPE
DB.Pe undbpe12
DB.Pe undbpe15
DE.Pe
DE.Pe depepack
DE.Pe depeprot
DEF
DEF UnDEF
DFS
DFS UnDFS
DOTNET
DOTNET Dotnet generic Unpacker
DOTNET NDD
DOTNET net domain dumper
DOTNET Salamander Dotnet Decompiler
DOTNET undeploy.net
DOTNET Xenocode
EPProt
EPProt UnEPProt
ESCARGOT
ESCARGOT AuBeurre-Elooo
EXEFOG
EXEFOG RL!deExeFog
EXESHIELD
EXESHIELD exeshield.2.decryptor.keygen.1.5.final-egoist.tsrh
EXEStealth
FSG
FSG 1.33
FSG 2.0
FSG deFSG-1.33
FSG FSG.2.0.Dumper
FSG FSG.2.0.Dumper FSG.2.0.Dumper
FSG FSG.dumper-2.0
FSG FSG.Mutator.v0.1
FSG FSG.Unpazker-1.33
FSG FSG.v1.33.Dumper
FSG FSG2.0_Unpacker
FSG fsgunpacker
FSG RL!deFSG 1.x
FSG RL!deFSG 2.0
FSG Un-FSG-1.33.3
FSG Un-FSG-2.0
FSG unfsg01
FSG unfsg04
GIX
GIX deGIX
GIX deGIX Source
GIX deGIX Target
GOAT
GOAT RL!deGoatPeMutilator 1.6
HMIMYS
HMIMYS RL!deHmimysPacker
ICRYPT
ICRYPT Sources
ICRYPT Sources Res
ICRYPT Sources Res Logo
INNO
INNO InnoCry_v1.2.4
INNO InnoCry_v1.2.4 InnoCry v1.2.4
INTERLOCK
INTERLOCK AntiPace Universal Tool 3.0R1
KASSANDRA
KASSANDRA Un-Kassandra
KKRUNCH
KKRUNCH unkk
KKRUNCH unkk src
KONXISE
Krypton
Krypton K-die_v0.5
Krypton UNKRYTON0.5
Krypton UNKRYTON0.5(for win 9xXP)
LAMECRYPT
LAMECRYPT UnLAME
LCCRYPT
LCCRYPT UnLCCrypt
MARIO
MARIO RL!deMarioPack
MEW
MEW RL!deMEW 1.x
MORPHINE
N
N RL!deNPack
N RL!deNsPack 3.x
NBINDER
NBINDER UnBinder
NFO
NOODLE
NOODLE nckill
Orien
Orien unorien
PACKMAN
PACKMAN RL!dePackMan 1.x
PC.Guard
PC.Pec
PE.Compact
PE.Compact RL!dePeCompact 2.x
PE.Compact tmgpeunc
PE.Compact tnoPEUNC
PE.Compact unPE
PE.Crypt
PE.Crypt unpecompact
PE.Crypt unpecompact SRC
PE.Crypt unpecompact SRC RealignDLL
PE.Crypt unpecompact SRC rebITDLL
PE.Crypt unpecompact SRC UNPEC
PE.Crypt unPEcrypt
PE.Crypt unpedimisher
PE.Crypt unpeprot
PE.Crypt xpecr
PE.Crypto
PE.Crypto RL!deCryptoPeProtector 0.9.x
PE.Diminisher
PE.Diminisher Unpedim2
PE.Diminisher Unpedimin
PE.Goat
PE.Goat RL!deGoatPeMutilator 1.6
PE.Hide
PE.Hide UnHidePE
PE.Hide UnHidePE rUNHIDE
PE.Hide UnHidePE rUNHIDE ASF2ASM
PE.Hide UnHidePE UnHidePE1.1
PE.Lock
PE.Lock source
PE.nCrypt
PE.nCrypt unPEncrypt
PE.nCrypt unPEncrypt-0.3
PE.nCrypt unPEncrypt-3.1
PE.nCrypt unpencuno
PE.Pack
PE.Pack De.Pe-Pack.v1.2
PE.Pack DePE-Pack.v1.3
PE.Pack unpepack
PE.Pass
PE.Pass pepassprotdeprotector
PE.Shield
PE.Shield unpes
PE.Shield unpes 2.4
PE.Shield unpes 2.5
PE.Shield unpesh
PE.Shield unpeshield
PE.Spin
PE.Spin iTwister
PE.Spin PeDeSpinner-0.3
PE.Spin unPESPIN-0.3
PE.Spin unPESPIN-1.0
PE.Spin unPESPIN-1.1
PE.Stealth
PE.Stealth UnStealthPE
PE.Stealth UnStealthPE ASF2ASM
PETITE
PETITE pt21client
PEX
PEX DeX.v0.99.1
PEX DeX.v0.99.1 DeX.v0.99.1
PEX DEX1
PEX DEX2
PEX RL!dePeX 0.99
POPCAP
POPCAP Sources
POPCAP Sources Res
PUNISHER
REC
REFLEXIVE
REFLEXIVE Sources
REFLEXIVE Sources Res
REFLEXIVE Sources Res Logo
RegWare
SAFECAST
SAFECAST unsafecast_1.03
SAFEDISK
SAFEDISK svk.explorer.v0.2e
SAFEDISK svk.explorer.v0.2e Src
SAFEDISK UnSafeDisc_46_by_ARTeam
SAFEDISK UnSafeDisc_46_by_ARTeam Source
SC
SC Sources
SC Sources Res
SC Sources Res Logo
SHRINKER
SHRINKER DeShrink.v1.6
SHRINKER Ned
SHRINKER shrunp
SHRINKWRAP
SHRINKWRAP RL!deShrinkWrap 1.4
SLVC()DE
SMOKE
SMOKE UnSMOKE
SOFTLOCX
SOFTLOCX tbs
TCEC
TCEC TCEC_unpacker_v1.0
TE.Lock
TE.Lock DetectTE
TE.Lock RL!detELock 0.8x - 0.9x
TE.Lock telockdumper
TE.Lock teunlock
TE.Lock unte060
TE.Lock UNTELOCK
TE.Lock UNTELOCK drizz
TE.Lock UNTELOCK drizz debugger
TE.Lock UNTELOCK Ni2Untelock61
TE.Lock UNTELOCK Ni2Untelock61 TestMutex
TE.Lock UNTELOCK Ni2Untelock70
TE.Lock UNTELOCK Ni2Untelock71
TE.Lock UNTELOCK Ni2Untelock71b
THEMIDA
TRON
TRON TRON_v1.30_Unpacker
UPX
UPX Anti.UPX.SCRAMBLER.v1.0
UPX babyUPX
UPX Brats.Generic.UpxUnpacker.v1
UPX Brats.Generic.UpxUnpacker.v1 source
UPX De.UPX.Mutator.v0.1
UPX deSimpleUPXCryptor
UPX deUPX 1.x-2.x
UPX deUPXCrypt
UPX deUPXRedir
UPX deUPXScrambler
UPX UnUPXShit
UPX UPXUnpack
VG.Crypt
VG.Crypt unvgcrypt
VProtect
VProtect wvp
WINKRIPT
WINKRIPT WinKript 1.0
WINKRIPT WinKript 1.0 WinKript 1.0
WINKRIPT WinKript 1.0 WinKript 1.0 Crypter
WINKRIPT WinKript 1.0 WinKript 1.0 Targets
WINKRIPT WinKript 1.0 WinKript 1.0 Unpacker
WINUPACK
WINUPACK RL!deWinUPack
WINUPACK WinUpack35
WINUPACK WinUpack36
WINUPACK wupack0.3x
X.Protect
X.Protect STRIP
X.Protect STRIP PluginModule
X.Protect STRIP SDK
X.Protect STRIP SDK Plugin
X.Protect STRIP SDK Plugin Test
X.Protect UNP
YODA
YODA deyoda1.0
YODA deyoda1.2
YODA Fred.UnYP.v1.02
YODA Fred.UnYP.v1.02 Source
YODA RL!deYC





*y asi suma y sigue.-
Libros
*gdb
*Hacker Disassembling
*cracking sin secretos
Arteam ezines
ezine's of various author
THE IDA PRO BOOK


Juegos:
NES:FCE Ultra
RO:grf,sprites editor
Cheat Engine


xploit:
Pink
*vease tutoriales de xploit

Criptografia/keygening:
RSA tool
DSA tool
TMG Ripper Studio
DAMN HashCalc
· RSATool 2
KeyAssistant
SND Reverser Tool
SerialKiller tool
SDF tool(saduff)


otros/Miscelaneos:
WinGestor
ilSpy
Inno...
· EVACleaner 2.7
· PointH Locator
· ToPo v1.2
· hCalc
AddPE bytes (karmany)
HideToolz
HTTp debugger
URLsnooper
Hasher TLG


mini vm:
sandbox
 SysTracer
regshot

NFO:
· NFO Builder 2000 v1.02
· NFO File Maker v1.6
· TMG NFOmakeR v1.0


NotePad++
Sublime Text 2
Notepad2

y asi mas...

Virtual VM:
virtualbox
VMWare

Rootkit:
Kaspersky TDSSKiller


updated  4/7/12
 
8  Programación / Ingeniería Inversa / tute : karuro Master by Apuromafo 1.9mb en: 3 Agosto 2010, 21:59
Explicando una de las debilidades de las un juego llamado kakuro master
 Secillo y educativo.

Enlace:
http://www.mediafire.com/?qgp5q259s5qpj45

como a modo de historia, este escrito espero 2 años, por si se actualizaba la proteccion o algo mas, pero en 2 años no han cambiado de exe ni tampoco de proteccion , este metodo cae valido para una familia de juego de inertia
asi que espero que lo vean de forma educacional saludos Apuromafo

saludos Apuromafo
9  Programación / Ingeniería Inversa / LEER TODOS los que comienzan.. PRIMER PASO by Apuromafo en: 5 Agosto 2008, 20:55
No hay recetas mágicas, leer practicar y ensayar  sobre todo mucha motivación.
Véanlo como proceso, no como algo que se hace y nada más.

lo demás es preguntar cuando ya se hubiera hecho lo anterior y se hubiera agotado el máximo de intentos.

Antiguamente el conocimiento era cerrado hoy tienes FAQ y tutoriales, de ahi en adelante es solo ver hasta donde llegan .
 
FAQ en:
https://foro.elhacker.net/ingenieria_inversa/faq_iquesteres_nuevo_aprende_ingenieria_inversa_desde_cero-t345798.0.html

Update :12-04-2020

Nota FAQ , es un abreviado sobre  frequently asked questions  , El término preguntas frecuentes se refiere a una lista de preguntas y respuestas que surgen frecuentemente dentro de un determinado contexto y para un tema en particular. En español, se pueden utilizar dos acrónimos:​PP.FF., de uso reciente, pero es poco utilizado.
10  Programación / Ingeniería Inversa / dongle /Cracking HASP en olly By Koudelka de at4re, un foro arabe video en flash en: 27 Julio 2008, 05:54
Cracking HASP By Koudelka.7z
desde el foro de at4re, es un video en flash
http://www.mediafire.com/?ynytv0ynnmz
Páginas: [1] 2
Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines