Log in

View Full Version : Re-Pair 0.2

Crudd
January 28th, 2005, 14:02
Quote:

RE-Pair is a 'tool' that will make some of our (reverse engineers) tools a
bit more difficult to detect. Why the name 'RE-Pair'? Simple, it helps
'fix' our tools, by making them somewhat more difficult to detect.

Currently 'fixes': Any tool. Either in memory (for packed apps and one time
changes) or on disk (for permenant patches of non-packed apps). It does this
by changing the caption/classname to a random string (defeating FindWindow
method). It also patches OllyDbg to fix the 'OutputDebugString' vulnerability
(Used by Armadillo and others).
NOTE: Using the 'Fix Other' option may take a while to 'Fix' 'on disk'.


The 'in mem' option allows you to fix packed tools such as PEiD and ImpRec. And Classnames are only patched 'on disk'.
Fixed the ollydbg.ini bug.
Attached and here: http://crudd.reteam.org/files/re-pair.zip
Crudd [RET]
dELTA
January 29th, 2005, 17:24
Cool, thanks for notifying us about your tool releases.
JMI
January 29th, 2005, 18:17
And for making them in the first place and saving those of us who don't have the skills or time to code our own and have to fumble with piecemeal modifications without such combined tools.

Regards,
nikolatesla20
January 30th, 2005, 23:19
Thank you very much for doing this, it's been needed for a while, and most of us have just been to lazy to do it

Just curious, but hopefully it randomizes the strings it edits in some fashion as well.

-nt20
Crudd
January 31st, 2005, 00:37
Yeh, i used some lame RandomNameGenerator. It creates a 5 char random string for the Caption/Classname. This should be plenty 'randomness' for this purpose. If anyone has any suggestions or additions, ill gladly try to add them. Thanks for all the 'thanks'.
Crudd [RET]
Crudd
February 5th, 2005, 04:08
Lots of new stuff and bug fixes. Let me know what you think.
Crudd [RET]
Snowski
April 16th, 2005, 06:29
Excellent, thanks alot for sharing!

Works great for patching the exploit Armadillo uses...