Skeletons'n'stuff | PE-format | Interprocess Communication | Anti-debugging | Snippets | Unsorted
| Date | 18th of sep.98 |
| Author | Stone |
| Filename | excep.inc excep.inc old ver |
| Comment | TASM macro's for structured exception handling for procedures. |
| Language | Windows ASM |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Skeletons & Includes |
| Date | 1th of Nov. 98 |
| Author | Various Authors |
| Filename | w32.inc |
| Comment | TASM Windows Structure definitions, constants etc. Winnt.h's replacement in asm! |
| Language | Windows ASM |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Skeletons & Includes |
| Date | 1th of nov. 98 |
| Author | NetWalker |
| Filename | imghdr.inc |
| Comment | TASM Windows Structure definitions, constants etc. for messing with PE files. |
| Language | Windows ASM |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Skeletons & Includes |
| Date | 18th of sep.98 |
| Author | RCG |
| Filename | Ourvxd |
| Comment | The ASM skeleton of a dynamic VxD - very well written sourcecodes. Also included is TASM sourcecodes for loading, unloading and communication with the VxD is included. |
| Language | Windows ASM |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 & MASM |
| Subcategory | Skeletons & Includes |
| Date | 1. Nov 98 |
| Author | Stone |
| Filename | Stone's PE-Encrypter |
| Comment | These sourcecodes will compress PE-files and leave them executable. This version includes Import support & Relocation support unlike my previous versions. The compression is based on aPlib 1.17b. |
| Language | Windows ASM |
| Version | 2.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
| Date | 1. Nov 98 |
| Author | J0b |
| Filename | Deshrinker |
| Comment | This program will allow you to unpack Shrinker compressed files. |
| Language | Windows ASM |
| Version | |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
| Date | 1. Nov 98 |
| Author | G-rom and (Stone) |
| Filename | ProcDump |
| Comment | This program will by the use of generic methods remove wrappers from PE-files. Infact this program was the worlds first PE-unpacker! |
| Language | Windows |
| Version | 1.16 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
| Date | 1th Nov. 98 |
| Author | Anakin DaVinci |
| Filename | WWPack v1.12ß Fixup Extractor |
| Comment | This program will allow the reconstruciton of relocation items of WWpacked files after unpacking with ProcDump. Also this zip includes LINF2PEF - If you have a linear list of sorted Fixup adresses, it converts them into a FIXUP Table in PE format |
| Language | Windows |
| Version | v1.12ß |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Pe-Stuff |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone PE-Encrypter |
| Comment | Encrypts Portable Executable files and leaves them runable. Buggy and crappy code. But it works!! DLL's and EXE's alike. Beginners might learn a lot! |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone PE-Encrypter |
| Comment | Encrypts Portable Executable files and leaves them runable. Buggy and crappy code. But it works!! EXE's only. Beginner's would probably benefit from reading these sourcecodes prior to the v1.13. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | NetWalker |
| Filename | GetLoader |
| Comment | Tool to extract the "loader" of packed/encrypted PE-files to allow disassembly. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | G-rom |
| Filename | PeShield Decrypter |
| Comment | Decrypts and restores original PE-Exe if it has been encrypted by PE-Shield byAnakin DaVinci |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's PE-Encrypter Remover |
| Comment | Decrypts and restores original PE-Exe if it has been encrypted by Stone's PE-Encrypter - Runs with both versions of STNPEC. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's WWPACK32 Patch anyways |
| Comment | Illustration of how a patch can be applied to a target packed with WWPACK/32. Runs with WWPACK/32 beta 8. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 7th of Sep.1998 |
| Author | Stone |
| Filename | Stone's Reloc-patcher |
| Comment | This program will allow you to remove trickly relocation items out of PE-files so that a patch can be applied even in the case of base relocations. The program can also test weather any file-offset is associated with a reloc-item. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Tools |
| Date | 15th of Dec. 1998 |
| Author | Virogen |
| Filename | PECSUM |
| Comment | Calculates the checksum of a PE-File |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
|
| Date | 15th of Dec. 1998 |
| Author | Virogen |
| Filename | VGalign |
| Comment | Resets the file-alignment on a PE-file (for compression) |
| Language | Windows |
| Version | 0.3 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
| Date | 15th of Dec. 1998 |
| Author | Virogen |
| Filename | Virogen Crypt |
| Comment | Another PE-file encrypter. Instead of appending code this one add's code in "Caves". A very viral approach. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
|
| Date | 15th of Dec. 1998 |
| Author | Andrew Shipinsky |
| Filename | UnShrink |
| Comment | Unpacks shrinker packed files |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | Binaries only. |
| Subcategory | PE-Stuff |
| Date | 15th of Dec. 1998 |
| Author | Hayras |
| Filename | Simple PE Crypter (SPEC) |
| Comment | PE-Crypter. Mcuh like my v1.13 except improved with supporting imports and RESOURCES! |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | PE-Stuff |
| Date | 1. of NOV |
| Author | Stone |
| Filename | Stone's Mod32First/Next |
| Comment | This sourcecode illustrates how one can obtain knowledge of which dll's is loaded in one's memory context without using the ToolHelp or PSAPI! This could be utillized against WindowsHooks (see my messagehook sourcecodes - ipc) or Apihooks. (see my sourcecodes elsewhere on this page) |
| Language | Windows ASM |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Anti-debugging |
| Date | 1. of NOV |
| Author | Anakin DaVinci |
| Filename | Anti-ProcDump |
| Comment | By modifying part of the NTHEADER (PE-Header) in memory after loading this will avoid the full-dump option of ProcDump |
| Language | Windows ASM |
| Version | 1.0 |
| Authors homepage | members.xoom.com/MrANAKiN |
| Reqirements | TASM 5.0 or better |
| Subcategory | Anti-debugging |
| Date | 8th oct.1998 |
| Author | Stone |
| Filename | Stone's Process-Spawn Anti-debugging |
| Comment | By a method of spawning oneself, this code allows to change memory context after it's original execution, invalidating some breakpoints, handles and ID's obtained by it's creator. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Anti-debugging |
| Date | 8th Oct.1998 |
| Author | Stone |
| Filename | Stone's Ztracer 2.0 detector |
| Comment | Hehehe.. lame sourcecodes ;)... Made in frustration over that Ztracer doesn't hook the first level interupthandler and thus allows it self to be detected by the IDT. This uses the user32 subsystem for detection.. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Anti-debugging |
| Date | 8th Oct.1998 |
| Author | Stone |
| Filename | Stone's Parent Anti-debugging |
| Comment | By using the PDB in Win 9x this program obtains knowledge of it's parent and utillizes this for detection. This version detects Z-tracer 2.0 - however the method will generally detect any debugger using a ring 3 loader - including TRW, ProcDump, GTRW, SoftIce's symbol loader.... |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Anti-debugging |
| Date | 17th Sep.1998 |
| Author | Stone |
| Filename | Stone's TRW-detection |
| Comment | This program will allow you to detect TRW 0.21 (awesome debugger by Liu TaoTao). |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Anti-debugging |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's Winice Detection |
| Comment | Sample code of how to detect the presence of WinIce(C) NuMega. The code utillizes the presence of Winice in V86 memory & the free allowance of Win32 programs to access this area. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's 2nd Winice Detection |
| Comment | Sample code of how to detect the presence of WinIce(C) NuMega. The code utillizes structured exception-handling and the "boundchecker" interface. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | David Erikson |
| Filename | Melt-Ice |
| Comment | Sample code of how to detect the presence of WinIce(C) NuMega. The code utillizes SIDT and the "missing" protection on the page where the IDT is located. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | www.2goodsoft.com |
| Reqirements | Some C Compiler |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | David Erikson |
| Filename | IceCream |
| Comment | Detect win-ice thru device driver detection. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | www.2goodsoft.com |
| Reqirements | Some C Compiler :) |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Acpizer |
| Filename | WiceDW |
| Comment | Sample code of how to detect the presence of WinIce(C) NuMega. The Code utillizes DeviceDriver dection. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's Win32 WinIce Detector |
| Comment | Sample code of how to detect the presence of WinIce(C) NuMega. The Code utillizes A number of compatible methods. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | NetWalker |
| Filename | NWDebug |
| Comment | Skeleton of a Windows Debugger using the Debugging API. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's Apihook Detection |
| Comment | Sample code of how to detect weather an API-hook was installed or not.See also Stone's ApiHook & Stone's 2nd ApiHook |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 7th of Sep. 1998 |
| Author | Stone |
| Filename | Stone's GetObsfucator |
| Comment | This code will allow you to get the Obsfucator tricked out of Win95 - thus allowing you to access some very powerful internal data-structures. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Snippets |
| Date | 7th of Sep. 1998 |
| Author | Stone |
| Filename | Stone's EnumerateImports |
| Comment | This function takes an import section of a PE-file and calls a callback with name of the DLL, IAT-rva and name of each function in the import section as parameters. It's well suited for PE-crypters that crypts imports, API-spies, PE-dumpers etc... An example code is included. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | http://www.cracking.net |
| Reqirements | TASM 5.0 or better |
| Subcategory | Snippets |
|
| Date | 7th of Sep. 1998 |
| Author | Stone |
| Filename | Stone's ring 0 in WIn9x |
| Comment | This file illustrates how you can execute ring 0 code in an ordinary Win32 program in Win9x. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Snippets |
| Date | 15th of Dec. 1998 |
| Author | Jeremy Gordon |
| Filename | Except |
| Comment | This file illustrates structure exception handling in the Win32 assembler environment |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Snippets |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's ApiHook |
| Comment | Application of the debug api that allows foreign code to be executed whenever any program calls a given API-function. Keywords: DebugApi, Apihook, IAT |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Pe-Files |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's 2nd ApiHook |
| Comment | This hooks an API function of any PE-executable and executes YOUR code at this point. This was made without the use of the debugging API |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's MSG-Hook |
| Comment | Illustration of how pseudo-residency can be optained thru methods of IPC. Utillizes a Windows-Hook to gain access to foreign memory contexts. Read also: "In Memory Patching" which can be found on this page. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Interprocess Communication |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's Win95/NT Trainer |
| Comment | A trainer is a program that gives infinate lives in a game.This sample sourcecodes illustrates a method of doing so. Read also: "In memory Patch" which can be found on this page. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | Stone's Win95 Trainer |
| Comment | A trainer is a program that gives infinate lives in a game.This sample sourcecodes illustrates a method of doing so. This works only on Windows 95. Read also: "In memory Patch" which can be found on this page. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Stone |
| Filename | In Memory Patching |
| Comment | Doc that explains the basics of TSR methods for patching under windows. This text also explains the basics of the Stone's API-Hook, Stone's Win95/NT trainer, &Stone's MSG-hook. This is sort of a basic doc on IPC. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 23rd of August 1998 |
| Author | Quine |
| Filename | SoftDump for Winice (c) NuMega |
| Comment | This Program allows you to dump memory from within softice. A mighty nice feature if you ask me. Read also the accompaning essay on Fravia's Homepage |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory |
| Date | 15th of Dec. 1998 |
| Author | Virogen |
| Filename | ProExec |
| Comment | This program shells explorer and if that should chrash it queries you to restart it. A very handy util. |
| Language | Windows |
| Version | 1.0 |
| Authors homepage | Not Avaible |
| Reqirements | TASM 5.0 or better |
| Subcategory | Unsorted |