Latest Comments
bullet [download] DebugAsUser 0.2b
Posted by anonym on 26 Jun : 17:19
I use a sandbox (Sandboxie) for these needs.None o [ more ... ]

bullet [download] Inlining via TLS Callbacks
Posted by Sunbeam on 24 Jun : 01:27
Apparently, they (Silicon Realms) are checking TLS [ more ... ]

bullet [download] StrongOD 0.2.4.364
Posted by SpiderZ on 23 Jun : 04:31
Plugin UpdatedStrongOD.v0.2.5.388.By.海风月影

bullet [download] IDA Pro Disassembler 5.5
Posted by Guest on 18 Jun : 17:47
Version of the included file has 5.4 string. Maybe [ more ... ]

bullet [download] Reversing for Newbies 30
Posted by Guest on 17 Jun : 19:54
TRACE CALL / RUN TRACE: Why does the program need [ more ... ]

Poll


Do you use a virtual machine or dedicated machine for reverse engineering or analysis work?



VMWare

VirtualBox

VirtualPC

Other VM

Dedicated Machine

Both, VM and Dedicated



Posted by Teddy Rogers
Votes: 528 Comments: 0
Previous polls

Link to us
Link to us
Hit Counter
Donations


Welcome to Tuts 4 You...
Welcome to Tuts 4 You the home of Reverse Code Engineering!

Reverse code engineering is playing a very important role in the modern computing era particularly with the increase and advances in malicious applications and operating system vulnerabilities. Reverse code engineering now crosses many fields and boundaries of expertise. Once considered an often dark and mis-understood art it is now a very powerful tool in the hands of both amateurs and professionals for analysing applications and code.

Being able to examine and understand how a piece of code works and behaves within its environment is exactly what reverse code engineering is. Malicious reverse engineers exploit weaknesses in the operating system and legitimate software to design malware and other malicious forms of code. These same techniques can be employed to study and analyse code to understand the way these threats behave within an environment and eventually come up with ways to keep our systems safe and less vulnerable.

As technology moves ever forward so do the potential threats imposed on us and our systems. Malicious software now employs many different and varying techniques to prevent analysis and our understanding of the way they behave. Obfuscation, virtual machines, cryptography and strong anti-debugging are some of the current popular technological techniques used to hinder that analysis work - albeit often employed using freeware or commercial protection software.

This website hopes to expand the knowledge for persons interested and practicing in reverse code engineering and bridge the divide between the various fields and boundaries this subject now crosses. There is a wide breadth of information retained on this site to help in that research ranging from; anti-debugging, virtual machines, unpacking, coding, disassembling, debugging, keygenning, cryptography and much, much more.

Of those interested in analysing and documenting malicious software may like to support the Malicious Software Research forum.

On the left is the main control menu, you can use it to tour around the site for the areas you wish to access. All latest releases are shown on the right under Latest Downloads menu.

Before browsing this site you may want to take a few minutes to read through the F.A.Q. page, common questions about this site have been answered there. The About Us page gives a very brief history of Tuts 4 You and information on other areas you can enjoy.

Should you have any questions about reverse code engineering or one of its associate subjects, no matter your previous levels of skill, please do not feel afraid to ask on the Community Forums. If you would like to actively write on the subject of reverse code engineering you can create your own RCE Blog Page on the subject.

Should you have written a paper on any subject which may directly or indirectly involve reverse code engineering and would like to see it included on this website please read the Contacting Me page for further information. This includes useful tools, scripts or plugins that are often employed in reverse engineering practices.

Latest Downloads
(Debuggers / Disassemblers:)
Debuggy 1.02
Author: Vanja Fuckar
Debuggy is a Windows debugger, disassembler, Windows resource extractor, file hex editor, window sniffer and API spy all rolled into one. [ Note: This is some years old but still added to the database. It contains the source code, some may find it [more...]
Date: 16 Jun : 05:43
Filesize: 2.25 mb
Total Downloads: 582

(OllyScript - Scripts:)
Exception Counter
Author: Nicolas Brulez

Date: 16 Jun : 05:43
Filesize: 110 b
Total Downloads: 89

(OllyScript - Scripts:)
Exception Counter Stop
Author: Nicolas Brulez

Date: 16 Jun : 05:42
Filesize: 165 b
Total Downloads: 58

(OllyScript - Scripts:)
eXPressor 1.7.0.1 IAT Repair
Author: Kissy

Date: 16 Jun : 05:41
Filesize: 1.53 kb
Total Downloads: 57

(IDA Pro Disassembler and Debugger:)
IDA Pro Disassembler 5.5
Author: Hex-Rays
IDA Pro is a programmable, interactive, multi-processor disassembler combined with a local and remote debugger and augmented by a complete plugin programming environment. IDA Pro is in many ways unique. Its interactivity allows you to improve disa [more...]
Date: 12 Jun : 20:10
Filesize: 25.78 mb
Total Downloads: 1044

(OllyDbg Plugins:)
DebugAsUser 0.2b
Author: Fox
I can assure you reverse lovers, I am more or less experienced in this situation: Finding software online there is no guarantee of their safety for fear of malicious code. Our usual approach in general is: 1. Using a virtual machine 2. Wit [more...]
Date: 10 Jun : 06:16
Filesize: 200.7 kb
Total Downloads: 220

(OllyDbg Plugins:)
Window Maximizer 1.0
Author: BobSoft
This plugin keeps all windows maximized, so opening a new window - eg. log window - the window will automatically maximize.
Date: 10 Jun : 06:08
Filesize: 11.35 kb
Total Downloads: 82

(OllyScript - Editors:)
OllyScriptEditor 0.23
Author: BriteDream
An editor for creating and editing scripts which can be used with the OllyScript plugin for OllyDbg.
Date: 10 Jun : 03:17
Filesize: 3.31 mb
Total Downloads: 2256

(UnpackMe (PE32bit):)
ASPack 2.12
Author: Coccinelle

Date: 10 Jun : 03:14
Filesize: 366.87 kb
Total Downloads: 127

(UnpackMe (PE32bit):)
FSG 2.0
Author: Coccinelle

Date: 10 Jun : 03:13
Filesize: 381.46 kb
Total Downloads: 94

(UnpackMe:)
InsaneFIDO UnWrapMe2
Author: InsaneFIDO
After several months inactivity I now present my second unwrapme. It differs from the first in that the wrapped file is inside the wrapper rather than a seperate file. I hope you will find it interesting.
Date: 10 Jun : 03:11
Filesize: 144.21 kb
Total Downloads: 44

(OllyScript - Scripts:)
OllySubScript 1.1
Author: Sub Xero
This is my initial release of OllySubScript, which is a program designed to help in writing scripts for use with the OllyScript/OdbgScript plugin. I tried some similar applications when I started scripting, but they were lacking a lot of features (ev [more...]
Date: 10 Jun : 03:09
Filesize: 537.93 kb
Total Downloads: 144

(UnpackMe (PE32bit):)
UPX 3.03
Author: Coccinelle

Date: 10 Jun : 03:08
Filesize: 327.89 kb
Total Downloads: 84

(Anti-Debugging:)
Anti-Unpacker Tricks 2 - Part 6
Author: Peter Ferrie
New anti-unpacking tricks continue to be developed as the older ones are constantly being defeated. This series of articles (see also [1–5]) describes some tricks that might become common in the future, along with some countermeasures. This art [more...]
Date: 07 Jun : 03:28
Filesize: 69.68 kb
Total Downloads: 242

(OllyScript - Scripts:)
eXPressor 1.7.0.1 Unpacker
Author: Pavka

Date: 07 Jun : 03:25
Filesize: 1.93 kb
Total Downloads: 95

(OllyDbg Plugins:)
ImmLabel 1.0
Author: 3070
New plugin for Ollydbg, you can use it to rename immediate addresses much like Rename command in IDA, You'll find a short video in the attachment on how to use it.
Date: 07 Jun : 03:22
Filesize: 533.82 kb
Total Downloads: 108

(Programming / Coding:)
Microsoft Macro Assembler Reference
Author: Microsoft
The Microsoft Macro Assembler (MASM) provides you with several advantages over inline assembly. MASM contains a macro language with looping, arithmetic, text string processing, and so on, and MASM supports the instruction sets of the 386, 486, and Pe [more...]
Date: 07 Jun : 03:20
Filesize: 468.98 kb
Total Downloads: 163

(API Hooking / Rootkits:)
.NET Framework Rootkits – Backdoors Inside Your Framework
Author: Erez Metula
This paper introduces a new method that enables an attacker to change the .NET language. The paper covers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently th [more...]
Date: 07 Jun : 03:18
Filesize: 302.2 kb
Total Downloads: 122

(UnpackMe (PE32bit):)
WinLicense 2.0.8.0
Author: EvOlUtIoN

Date: 07 Jun : 03:04
Filesize: 1.84 mb
Total Downloads: 181

(Packers / Protectors:)
A Study of the Packer Problem and Its Solutions
Author: Fanglu Guo + Peter Ferrie + Tzi-cker Chiueh
An increasing percentage of malware programs distributed in the wild are packed by packers, which are programs that transform an input binary’s appearance without affecting its execution semantics, to create new malware variants that can evade sig [more...]
Date: 22 May : 07:45
Filesize: 157.48 kb
Total Downloads: 333

(Packers / Protectors:)
Armadillo 6.40 (CopyMem 2 + Debug Blocker)
Author: Shkodran
A Shockwave Flash movie tutorial showing a method of unpacking Armadillo 6.40 using CopyMem2 and Debug-Blocker.
Date: 22 May : 07:43
Filesize: 7.7 mb
Total Downloads: 984

(Reverse Code Engineering:)
CrackMe3 Hellsp@wn Solution
Author: Gyver75
This tutorial doesn't want to describe the methods I used to reverse this crackme, but rather the questions born in the mind of novel reverser like me … ;-). So, you will ask: “Why did you choose this crackme?” The answer is simple: THE CH [more...]
Date: 22 May : 07:40
Filesize: 2.52 mb
Total Downloads: 289

(Packers / Protectors:)
Freex64 1.0 (Unpacking)
Author: Shkodran
A Shockwave Flash movie tutorial showing a method of unpacking Freex64 1.0.
Date: 22 May : 07:37
Filesize: 3.15 mb
Total Downloads: 187

(Inline Patching:)
Themida + WinLicense 2.0.6.5 (Inline Patching)
Author: LCF-AT
Again I have written a new script called "TM - WL HWID & BASIC Inline Patcher 1.0" So maybe you have sometime trouble to unpack a TM / WL app and for this case I have written this new script. It writes the Inline automatically {+ add [more...]
Date: 22 May : 07:35
Filesize: 7.96 mb
Total Downloads: 819

(OllyScript - Scripts:)
Themida + WinLicense 2.0.6.5 HWID + Basic Inline Patching v1.0
Author: LCF-AT

Date: 22 May : 07:32
Filesize: 24.73 kb
Total Downloads: 249

(OllyScript - Scripts:)
MoleBox 2.xx Unpacker + OEP Finder v1.10
Author: CherryDT
1. unpack the .rar file with WinRAR 2. make sure you have the ODbgScript plugin installed in OllyDbg 3. copy the files mbunpack.dll and filelen.exe from my archive into the folder where the target executable is located 4. make sure all exceptions [more...]
Date: 16 May : 06:07
Filesize: 72.18 kb
Total Downloads: 372

(Packers / Protectors:)
TGR Protector 1.0 (Unpacking)
Author: AZMA
A Shockwave Flash movie tutorial showing a method of unpacking TGR Protector 1.0.
Date: 16 May : 06:00
Filesize: 795.36 kb
Total Downloads: 101

(Miscellaneous Papers:)
LZMA vs LZMA2 vs WinRAR64
Author: Teddy Rogers
With the weather being bad today and having some hours to kill (watching some movies) I decided to check out the new LZMA2 (64-bit) compression which will be included in the up-coming 7-ZIP v9 release. You may ask why version 9 and not 4, I think it [more...]
Date: 16 May : 05:56
Filesize: 616.32 kb
Total Downloads: 286

(UnpackMe (PE64bit):)
PeSpin x64 0.3a
Author: Teddy Rogers

Date: 10 May : 07:13
Filesize: 4.63 kb
Total Downloads: 38

(UnpackMe (PE32bit):)
ACProtect Pro 2.1.0
Author: Teddy Rogers

Date: 10 May : 06:30
Filesize: 373.36 kb
Total Downloads: 185

(UnpackMe (PE32bit):)
Armadillo 6.40
Author: Teddy Rogers

Date: 10 May : 06:29
Filesize: 2.55 mb
Total Downloads: 300

(UnpackMe (PE32bit):)
ASPack 2.2
Author: Teddy Rogers

Date: 10 May : 06:28
Filesize: 179.24 kb
Total Downloads: 170

(dotNET Reversing:)
.NET Reversing Tips - Chapter 6
Author: Kurapica
This time we are unpacking, the target is an unpackme written by Rendari, thanks for him for this nice challenge, actually I want to thank my friend UFO-PU55Y for sending me this one, he told me that it has been hanging since summer without solution, [more...]
Date: 10 May : 06:26
Filesize: 890.29 kb
Total Downloads: 296

(Anti-Debugging:)
EventPairHandle as AntiDebug Trick
Author: EvilCry
An EventPair Object is an Event constructed by two _KEVENT structures which are conventionally named High and Low. EventPairs are used for synchronization in Quick LPC, they allow the called thread to continue the current quantum, reducing scheduling [more...]
Date: 10 May : 06:25
Filesize: 99.15 kb
Total Downloads: 188

(UnpackMe (PE32bit):)
Freex64 1.0
Author: Teddy Rogers

Date: 10 May : 06:23
Filesize: 212 kb
Total Downloads: 73

(Inline Patching:)
Inlining via TLS Callbacks
Author: SunBeam
Due to my immortal drive and addiction to EXECryptor, I've started learning a bit about TLS Callbacks and how we could make good use of them to achieve simple inlines, without having to worry about CRCs and custom protector checks.
Date: 10 May : 06:20
Filesize: 143.85 kb
Total Downloads: 319

(OllyScript - Scripts:)
JDProtect 1.2.0.1 IAT Repair
Author: [ Unknown Author ]

Date: 10 May : 06:19
Filesize: 2.89 kb
Total Downloads: 54

(UnpackMe (PE32bit):)
MPress 2.01
Author: Teddy Rogers

Date: 10 May : 06:16
Filesize: 182.66 kb
Total Downloads: 55

(UnpackMe (PE64bit):)
MPress x64 2.01
Author: Teddy Rogers

Date: 10 May : 06:15
Filesize: 182.66 kb
Total Downloads: 20

(UnpackMe (.NET):)
MPress .NET 2.01
Author: Teddy Rogers

Date: 10 May : 06:14
Filesize: 182.66 kb
Total Downloads: 27

Copyright (C) 2003 - 2009 by Teddy Rogers