THE PROJECT: ----------------------------- - OllyDbg plugin: Code name Swordfish beta release review #16 date 26/03/2013 - OllyDbg supported release: 201h - Released by Arab Team for Reverse Engineering (AT4RE) - Coded by torpedo from AT4RE Road map: Work in progress - Final release v1.0 planned for: 31/03/2013 - Additional features - New beta release v1.1 planned for: 10/04/2013 - Final release v1.1 planned for: 15/04/2013 - New road map FEATURES: --------------------------------- Tools: ----------------------------- [+] Clear udd files Hide debugger: ----------------------------- [+] PEB!BeingDebugged [+] PEB!NtGlobalFlags [+] Find OD Windows bypass Set breakpoints (hard coded): ----------------------------- [+] 01- CreateWindowExW [+] 02- ShowWindow [+] 03- GetWindowTextW [+] 04- GetDlgItemTextW [+] 05- CreateFileW [+] 06- OpenFile [+] 07- ReadFile [+] 08- WriteFile [+] 09- LoadLibraryW [+] 10- MoveFileW [+] 11- DeleteFileW [+] 12- RegOpenKeyW [+] 13- RegCloseKey [+] 14- RegQueryValueW [+] 14- RegSetValueW
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
OllyDbg plugin: Swordfish v1.0 Final release date 31/03/2013 - OllyDbg supported release: 201h - Released by Arab Team for Reverse Engineering (AT4RE) - Coded by torpedo from AT4RE Road map: Work in progress - New beta release v1.1 planned for: 10/04/2013 FEATURES: ----------------------------------------- Tools: ------------------------------------- [+] Clear udd files Hide debugger: ------------------------------------- [+] PEB!BeingDebugged [+] PEB!NtGlobalFlags [+] PEB!HeapFlags [+] Find OD Windows bypass Set breakpoints (hard coded): ------------------------------------- [+] user32.GetWindowTextW [+] user32.GetDlgItemTextW [+] user32.MessageBoxIndirectW [+] user32.MessageBoxTimeoutW [+] user32.SoftModalMessageBox [+] user32.CreateWindowExW [+] user32.ShowWindow [+] kernel32.CreateFileW [+] kernel32.OpenFile [+] kernel32.ReadFile [+] kernel32.WriteFile [+] kernel32.LoadLibraryW [+] kernel32.MoveFileW [+] kernel32.DeleteFileW [+] advapi32.RegOpenKeyExW [+] advapi32.RegCloseKey [+] advapi32.RegQueryValueExW [+] advapi32.RegSetValueExW [+] kernel32.CreateToolhelp32Snapshot [+] kernel32.Process32FirstW [+] kernel32.Module32FirstW [+] Kernel32.Toolhelp32ReadProcessMemory [+] kernel32.OpenProcess [+] kernel32.WriteProcessMemory [+] kernel32.ReadProcessMemory [+] kernel32.CreateProcessW [+] kernel32.VirtualProtectEx [+] advapi32.OpenSCManagerW [+] advapi32.OpenServiceW [+] advapi32.StartServiceW [+] advapi32.DeleteService [+] msvbvm60.ThunRTMain [+] msvbvm60.rtcMsgBox [+] msvbvm60.__vbaStrCmp [+] msvbvm60.__vbaStrComp [+] msvbvm60.__vbaFreeStr [+] msvbvm60.__vbaFileOpen [+] msvbvm60.__vbaInputFile [+] msvbvm60.__vbaWriteFile [+] msvbvm60.__vbaStrCompVar [+] msvbvm60.__vbaStrTextCmp [+] msvbvm60.__vbaFileSeek [+] msvbvm60.__vbaFileClose [+] msvbvm60.__vbaVarTstEq
OllyDbg plugin: Swordfish v1.1 beta release date 10/04/2013- OllyDbg supported release: 201h- Released by Arab Team for Reverse Engineering (AT4RE)- Coded by torpedo from AT4REFEATURES:-----------------------------------------Tools:-------------------------------------[+] Clear udd filesHide debugger:-------------------------------------[+] PEB!BeingDebugged[+] PEB!NtGlobalFlags[+] PEB!HeapFlags[+] Find OD Windows bypass[+] CheckRemoteDebuggerPresent[+] GetClassInfo(A-W-ExA-ExW)[+] FindWindow(A-W-ExA-ExW)[+] GetTikCount[+] NtQueryPerformanceCounterSet breakpoints (hard coded):-------------------------------------[+] user32.GetWindowTextW[+] user32.GetDlgItemTextW[+] user32.MessageBoxIndirectW[+] user32.MessageBoxTimeoutW[+] user32.SoftModalMessageBox[+] user32.CreateWindowExW[+] user32.ShowWindow[+] kernel32.CreateFileW[+] kernel32.OpenFile[+] kernel32.ReadFile[+] kernel32.WriteFile[+] kernel32.LoadLibraryW[+] kernel32.MoveFileW[+] kernel32.DeleteFileW[+] advapi32.RegOpenKeyExW[+] advapi32.RegCloseKey[+] advapi32.RegQueryValueExW[+] advapi32.RegSetValueExW[+] kernel32.CreateToolhelp32Snapshot[+] kernel32.Process32FirstW[+] kernel32.Module32FirstW[+] Kernel32.Toolhelp32ReadProcessMemory[+] kernel32.OpenProcess[+] kernel32.WriteProcessMemory[+] kernel32.ReadProcessMemory[+] kernel32.CreateProcessW[+] kernel32.VirtualProtectEx[+] advapi32.OpenSCManagerW[+] advapi32.OpenServiceW[+] advapi32.StartServiceW[+] advapi32.DeleteService[+] msvbvm60.ThunRTMain[+] msvbvm60.rtcMsgBox[+] msvbvm60.__vbaStrCmp[+] msvbvm60.__vbaStrComp[+] msvbvm60.__vbaFreeStr[+] msvbvm60.__vbaFileOpen[+] msvbvm60.__vbaInputFile[+] msvbvm60.__vbaWriteFile[+] msvbvm60.__vbaStrCompVar[+] msvbvm60.__vbaStrTextCmp[+] msvbvm60.__vbaFileSeek[+] msvbvm60.__vbaFileClose[+] msvbvm60.__vbaVarTstEq
Swordfish release history--------------------------12/04/2013 (BETA 1.1 REV#4 released) [*] fixed conflict with OllyExt 1.2 plugin (thanks to cxj98 for report)