Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-20-2016, 04:14
CodeCracker CodeCracker is online now
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,824 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
CJ-TESTER

CJ-TESTER: (source code MASM included)
How TO USE THIS TOOLS ?
a.) Set a VA from where to start in Config.txt (you can discover the address with IDA or some other tools)
You can even start testing from Entry Point if you wish to log all conditional jumps.
b.) Load the wanted executable and wait for this tool to make the entire dirty job.

The ideea is to run CJ-TESTER an log all jumps with the unexpired program and
then with expired program and compare the log results and see where is different!
Unconventional method (I know) but sometime may do the job!
Attached Files
File Type: zip CJ-TESTER.zip (13.2 KB, 49 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to CodeCracker For This Useful Post:
MarcElBichon (06-20-2016), Storm Shadow (06-24-2016)
The Following 14 Users Say Thank You to CodeCracker For This Useful Post:
Apuromafo (12-19-2022), besoeso (06-22-2016), canopus (06-22-2016), Fyyre (07-10-2022), Masoud (06-21-2016), Nacho_dj (06-22-2016), niculaita (06-20-2016), serseri_1453 (03-22-2017), TechLord (06-24-2016), Top10 (07-20-2022), uel888 (06-23-2016), wilson bibe (06-20-2016), ZeNiX (06-21-2016), Zeokat (07-03-2022)
  #2  
Old 06-21-2016, 18:46
Masoud Masoud is offline
Friend
 
Join Date: Dec 2014
Location: Underground
Posts: 16
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
Masoud Reputation: 0
Nice idea and makes someone able to crack an app in shortest time, even without Reversing info.
I had the same idea years ago, but never tried to write a program like this.
May I ask you to upload it somewhere else that I could access please?
Reply With Quote
  #3  
Old 06-22-2016, 05:24
CodeCracker CodeCracker is online now
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,824 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
Here is a download link:
http://www5.zippyshare.com/v/KH9fTLnm/file.html
Reply With Quote
The Following 4 Users Say Thank You to CodeCracker For This Useful Post:
Masoud (06-23-2016), Top10 (07-20-2022), user_hidden (06-22-2016)
  #4  
Old 06-22-2016, 15:30
Loki Loki is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 122
Rept. Given: 156
Rept. Rcvd 65 Times in 30 Posts
Thanks Given: 58
Thanks Rcvd at 18 Times in 13 Posts
Loki Reputation: 65
There was an Olly plugin that did something similar on v1.10.... OllySnake or something? I'm sure someone else can remember better than me....
Reply With Quote
  #5  
Old 06-22-2016, 16:28
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Somewhere Over the Rainbow
Posts: 454
Rept. Given: 15
Rept. Rcvd 119 Times in 51 Posts
Thanks Given: 11
Thanks Rcvd at 734 Times in 194 Posts
DARKER Reputation: 100-199 DARKER Reputation: 100-199
It's something like Olly Conditional Branch Logger plugin:
Code:
http://www.woodmann.com/collaborative/tools/index.php/Conditional_Branch_Logger
Reply With Quote
The Following 2 Users Say Thank You to DARKER For This Useful Post:
Masoud (06-23-2016), TechLord (06-24-2016)
  #6  
Old 06-22-2016, 21:05
Loki Loki is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 122
Rept. Given: 156
Rept. Rcvd 65 Times in 30 Posts
Thanks Given: 58
Thanks Rcvd at 18 Times in 13 Posts
Loki Reputation: 65
Yeah, that one too, although I seem to recall something called OllySnake which actually diff'd 2 runs for you aswell.

Could well have been dreaming.
Or high.
Reply With Quote
  #7  
Old 06-24-2016, 09:50
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
First of all a BIG thank you to @CodeCracker for this tool.

This reminds me of a post in 2005 regarding almost exactly the same method, that was posted by someone named Benina in one of these forums.

Please do not share or upload on public servers.

Though the content is not mine, I had created the PDF and archived it in my records from 2005, after all !

So I want it to remain only within this forum please. Thank you

Last edited by TechLord; 02-26-2018 at 07:10.
Reply With Quote
  #8  
Old 06-25-2016, 05:54
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 190
Rept. Given: 20
Rept. Rcvd 143 Times in 42 Posts
Thanks Given: 67
Thanks Rcvd at 404 Times in 87 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Is there any plan for the 64 bit apps ?
Reply With Quote
  #9  
Old 06-25-2016, 11:53
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,299
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
link to pdf deleted file/dead
Reply With Quote
  #10  
Old 06-25-2016, 17:59
Masoud Masoud is offline
Friend
 
Join Date: Dec 2014
Location: Underground
Posts: 16
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 1 Time in 1 Post
Masoud Reputation: 0
Quote:
Originally Posted by niculaita View Post
link to pdf deleted file/dead
File attached .
Attached Files
File Type: pdf USINGLOGWINDOW.pdf (131.6 KB, 29 views)
Reply With Quote
  #11  
Old 06-26-2016, 00:27
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
Just saw this little prog few minutes ago...
Next time working with 30 day trial, I will test it, but will changing some jumps solve the problem?
May be, I will report when test has done.
But first I almost work for key, activation code or something like that, it's the best solution
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #12  
Old 03-22-2017, 01:09
CodeCracker CodeCracker is online now
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,824 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
CJ-TESTER v2

Well¨Cknown limitations:
- When threads are created with ntdll_12.RtlUserThreadStart (77C201C4)
jump logs are not logged anymore! Doesn't support multiple threads!

What's new in 2.0 version:
- Now a new dialog is shown when Config.txt is not present,
with that dialog you can write configuration information - configure the program:
- "Target exe" - file for which to log jumps
- 2 radio buttons: RVA (Relative Virtual Address) or VA (Virtual address)
are the type of first breakpoint address
- Skip System - skip logging jumps from system files
- EP button: get entry point from "Target exe" and set address with it
- Fixed Windows 7 compatibility

Read Readme.txt
Attached Files
File Type: zip CJ-TESTER_v2.zip (41.7 KB, 27 views)
Reply With Quote
The Following 3 Users Gave Reputation+1 to CodeCracker For This Useful Post:
alephz (03-22-2017), MarcElBichon (03-22-2017), niculaita (03-22-2017)
The Following 6 Users Say Thank You to CodeCracker For This Useful Post:
abhi93696 (03-23-2017), new_profile (03-22-2017), niculaita (03-22-2017), serseri_1453 (03-22-2017), wilson bibe (03-22-2017), Zeokat (07-03-2022)
  #13  
Old 03-23-2017, 16:41
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Hi

I have a old video regarding tracing the differences b/w 2 programs using only debugger, Excel,Text compare soft which i had posted it in the tutorials section-:

http://forum.exetools.com/showthread.php?t=18178

BR
Reply With Quote
  #14  
Old 07-02-2022, 20:32
CodeCracker CodeCracker is online now
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,824 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
Fixed a bug!

Changes: fixed so will work on any x86 system no only Windows XP.
Should work now on any x86 system (32 bits system).
Trap flag seems to fail on 64 bits systems for some reasons.

At first erase Config.txt so it will show program setups when CJ-TESTER.exe started.
Config.txt included just for example.
Attached Files
File Type: zip CJ-TESTER_v3.zip (43.5 KB, 15 views)
Reply With Quote
The Following 3 Users Say Thank You to CodeCracker For This Useful Post:
computerline (07-03-2022), MarcElBichon (07-03-2022), Zeokat (07-03-2022)
  #15  
Old 07-07-2022, 18:28
CodeCracker CodeCracker is online now
VIP
 
Join Date: Jun 2011
Posts: 454
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,824 Times in 349 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
Another bug fix

Another fix, hopefully the last one,
invoke ContinueDebugEvent, DebugEvent.dwProcessId,DebugEvent.dwThreadId,DBG_EXCEPTION_NOT_HANDLED ; was DBG_CONTINUE ;
Attached Files
File Type: zip CJ-TESTER_v3_fixednew.zip (11.1 KB, 12 views)
Reply With Quote
The Following 5 Users Say Thank You to CodeCracker For This Useful Post:
Apuromafo (12-19-2022), freezer (10-05-2023), niculaita (07-10-2022), wilson bibe (07-07-2022), Zeokat (07-07-2022)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Export Table Tester Nacho_dj Community Tools 3 08-13-2016 07:02


All times are GMT +8. The time now is 18:38.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )