[分享]TitanEngine source code released-安全工具-看雪-安全社区|安全招聘|kanxue.com

[分享]TitanEngine source code released

发表于: 2009-8-1 09:08 6100

[分享]TitanEngine source code released

ayarei

2009-8-1 09:08

6100

TitanEngine是BlackHat09上公布的一个逆向辅助引擎，说白了就是一个unpack framework。
下载包括
ppt： TitanEngine_BlackHat-USA-09-Slides.rar
whitepaper： TitanEngine_BlackHat-USA-09-Whitepaper.pdf
src： TE 2.0_src.part1.rar TE 2.0_src.part2.rar
附件居然有大小限制，囧tz
提示：源代码压缩包可能会报毒，大家自辩吧，反正都是看源代码的。

We have designed TitanEngine in such fashion that writing unpackers would mimic analyst’s
manual unpacking process. Basic set of libraries, which will later become the framework, had the
functionality of the four most common tools used in the unpacking process: debugger, dumper,
importer and realigner. With the guided execution and a set of callbacks these separate modules
complement themselves in a manner compatible with the way any reverse engineer would use his
tools of choice to unpack the file. This creates an execution timeline which parries the protection
execution and gathers information from it while guided to the point from where the protection passes
control to the original software code. When that point is reached file gets dumped to disk and fixed
so it resembles the original to as great of a degree as possible. In this fashion problems of making
static unpackers have been solved. Yet static unpacking is still important due to the fact that it will
always be the most secure, and in some cases, fastest available method.

TitanEngine can be described as Swiss army knife for reversers. With its 250 functions, every reverser
tool created to this date has been covered through its fabric. Best yet, TitanEngine can be automated.
It is suitable for more than just file unpacking. TitanEngine can be used to make new tools that
work with PE files. Support for both x86 and x64 systems make this framework the only framework
supporting work with PE32+ files. As such, it can be used to create all known types of unpackers.
Engine is open source making it open to modifications that will only ease its integration into existing
solutions and would enable creation of new ones suiting different project needs.

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

上传的附件：

TitanEngine_BlackHat-USA-09-Whitepaper.pdf （440.89kb，187次下载）
TitanEngine_BlackHat-USA-09-Slides.rar （1.62MB，156次下载）
TE 2.0_src.part1.rar （1.39MB，128次下载）
TE 2.0_src.part2.rar （957.64kb，233次下载）

收藏・2

免费・0

支持

最新回复 (6)
nanobit 雪币： 205 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 16 回帖 66 粉丝 0 关注私信	nanobit 2 楼 thanks for the share 2009-8-1 19:02 0
燕北飞雪币： 4 活跃值： (19) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 215 粉丝 0 关注私信	燕北飞 3 楼 thx 4 share 2009-8-1 19:44 0
梦回唐朝雪币： 253 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 18 粉丝 0 关注私信	梦回唐朝 4 楼谢谢分享 2009-8-1 19:57 0
nissassA 雪币： 378 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 2 回帖 43 粉丝 0 关注私信	nissassA 2 5 楼 3Q 4 share 2009-8-1 21:43 0
linhanshi 雪币： 97697 活跃值： (200824) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 452 关注私信	linhanshi 6 楼 Thanks for share. 2009-8-2 02:28 0
linhanshi 雪币： 97697 活跃值： (200824) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 452 关注私信	linhanshi 7 楼 TitanEngine 2.0.1 build Official patch/improvements list for TitanEngine 2.0.1 done by ReversingLabs Corp SDK: Extended SDK headers to support Delphi SDK: Changes to SDK.h to support non MSVC compilers DOCS: Removed type-o mistakes and bad function definitions BUG: Fixed some mistakes in SDK.h BUG: Added missing entries in TitanEngine.def BUG: FindEx searched only 0x1000 bytes BUG: Fixed a minor bug inside injectTerminator BUG: EngineExtractForwarderData crash on invalid input BUG: RelocaterGrabRelocationTableEx doesn't grab whole table BUG: RelocaterCompareTwoSnapshots crash when first DWORD of the snapshot is relocated BUG: RelocaterCompareTwoSnapshots doesn't correctly compare two snapshots for some packers BUG: ImporterAutoFixIATEx very rare crash handled by handler but it makes import table invalid BUG: ImporterAutoFixIATEx incorrect import fixing if import is only exported by ordinal BUG: ImporterAutoFixIATEx incorrect stepping if step is greater than one BUG: Fixed StaticLoadFile & StaticUnloadFile to be compatible with x64 BUG: Fixed a problem with imports and WinSxS folder BUG: Fixed a crash with Librarian on Windows XP x64 BUG: Fixed problem with NtdllDefWindowProc on Vista x64 BUG: Fixed problem with deleting temp files: DLLLoader.exe & *.module base reserve file BUG: Fixed problem with DumpProcess on x64 systems BUG: Fixed problem with DumpProcess and dumping PAGE_GUARD protected memory BUG: Fixed UPX unpacker sample not working on files packed with --lzma option BUG: Fixed problem with Exporter module and building new export table under x64 systems BUG: Fixed problem with Importer module and Windows 7 kernelbase.dll MiniWin SAMPLE: Unpacking ASPack 2.12, features usage of: RelocaterGrabRelocationTableEx and GetRemoteString SAMPLE: Unpacking FSG 2.0, features usage of: overlay detection SAMPLE: Unpacking PeCompact 2.0 - 3.x, features usage of: ImporterAutoFixIATEx with custom callback for fixing redirection SAMPLE: Unpacking DEF 1.0, features usage of: static unpacker functions SAMPLE: Unpacking LameCrypt 1.0, features usage of: static unpacker functions NEW: Fill & FillEx now have a default fill byte value of 0x90 if no fill byte is supplied NEW: SetHardwareBreakPointEx function for setting breakpoints in custom threads NEW: Global variable UE_ENGINE_RESET_CUSTOM_HANDLER set to TRUE resetting custom handler on debug init NEW: Improved speed of API & DLL data resolving NEW: Added function: ImporterAddNewOrdinalAPI NEW: Added function: ImporterGetAPIOrdinalNumber NEW: Added function: ImporterGetAPIOrdinalNumberFromDebugee NEW: Added function: ImporterGetForwardedAPIOrdinalNumber NEW: Added function: ImporterGetLastAddedDLLName NEW: Added function: ImporterGetDLLName NEW: Added function: GetUnusedHardwareBreakPointRegister NEW: Changed function: HideDebugger, less parameters and x64 compliant NEW: Added function: UnHideDebugger NEW: Added function: GetPEBLocation 2009-8-24 09:49 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

ayarei

发帖

回帖

RANK

关注

私信

他的文章

[讨论]ASM2C on Mac OS 5002
[分享]TitanEngine source code released 6101
[下载]IDA Pro 5.4 Evaluation version for download 12014
[翻译]Exploiting Windows Device Drivers 17978

关于我们

联系我们

企业服务

看雪公众号

最新回复 (6)
nanobit 雪币： 205 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 16 回帖 66 粉丝 0 关注私信	nanobit 2 楼 thanks for the share 2009-8-1 19:02 0
燕北飞雪币： 4 活跃值： (19) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 215 粉丝 0 关注私信	燕北飞 3 楼 thx 4 share 2009-8-1 19:44 0
梦回唐朝雪币： 253 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 18 粉丝 0 关注私信	梦回唐朝 4 楼谢谢分享 2009-8-1 19:57 0
nissassA 雪币： 378 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 2 回帖 43 粉丝 0 关注私信	nissassA 2 5 楼 3Q 4 share 2009-8-1 21:43 0
linhanshi 雪币： 97697 活跃值： (200824) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 452 关注私信	linhanshi 6 楼 Thanks for share. 2009-8-2 02:28 0
linhanshi 雪币： 97697 活跃值： (200824) 能力值： (RANK：10 ) 在线值：发帖 9249 回帖 27947 粉丝 452 关注私信	linhanshi 7 楼 TitanEngine 2.0.1 build Official patch/improvements list for TitanEngine 2.0.1 done by ReversingLabs Corp SDK: Extended SDK headers to support Delphi SDK: Changes to SDK.h to support non MSVC compilers DOCS: Removed type-o mistakes and bad function definitions BUG: Fixed some mistakes in SDK.h BUG: Added missing entries in TitanEngine.def BUG: FindEx searched only 0x1000 bytes BUG: Fixed a minor bug inside injectTerminator BUG: EngineExtractForwarderData crash on invalid input BUG: RelocaterGrabRelocationTableEx doesn't grab whole table BUG: RelocaterCompareTwoSnapshots crash when first DWORD of the snapshot is relocated BUG: RelocaterCompareTwoSnapshots doesn't correctly compare two snapshots for some packers BUG: ImporterAutoFixIATEx very rare crash handled by handler but it makes import table invalid BUG: ImporterAutoFixIATEx incorrect import fixing if import is only exported by ordinal BUG: ImporterAutoFixIATEx incorrect stepping if step is greater than one BUG: Fixed StaticLoadFile & StaticUnloadFile to be compatible with x64 BUG: Fixed a problem with imports and WinSxS folder BUG: Fixed a crash with Librarian on Windows XP x64 BUG: Fixed problem with NtdllDefWindowProc on Vista x64 BUG: Fixed problem with deleting temp files: DLLLoader.exe & *.module base reserve file BUG: Fixed problem with DumpProcess on x64 systems BUG: Fixed problem with DumpProcess and dumping PAGE_GUARD protected memory BUG: Fixed UPX unpacker sample not working on files packed with --lzma option BUG: Fixed problem with Exporter module and building new export table under x64 systems BUG: Fixed problem with Importer module and Windows 7 kernelbase.dll MiniWin SAMPLE: Unpacking ASPack 2.12, features usage of: RelocaterGrabRelocationTableEx and GetRemoteString SAMPLE: Unpacking FSG 2.0, features usage of: overlay detection SAMPLE: Unpacking PeCompact 2.0 - 3.x, features usage of: ImporterAutoFixIATEx with custom callback for fixing redirection SAMPLE: Unpacking DEF 1.0, features usage of: static unpacker functions SAMPLE: Unpacking LameCrypt 1.0, features usage of: static unpacker functions NEW: Fill & FillEx now have a default fill byte value of 0x90 if no fill byte is supplied NEW: SetHardwareBreakPointEx function for setting breakpoints in custom threads NEW: Global variable UE_ENGINE_RESET_CUSTOM_HANDLER set to TRUE resetting custom handler on debug init NEW: Improved speed of API & DLL data resolving NEW: Added function: ImporterAddNewOrdinalAPI NEW: Added function: ImporterGetAPIOrdinalNumber NEW: Added function: ImporterGetAPIOrdinalNumberFromDebugee NEW: Added function: ImporterGetForwardedAPIOrdinalNumber NEW: Added function: ImporterGetLastAddedDLLName NEW: Added function: ImporterGetDLLName NEW: Added function: GetUnusedHardwareBreakPointRegister NEW: Changed function: HideDebugger, less parameters and x64 compliant NEW: Added function: UnHideDebugger NEW: Added function: GetPEBLocation 2009-8-24 09:49 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复