Hexer is a hex editor available free of charge. Being written in Java, Hexer is platform-independent and should work on all platforms that support Java 6
QQ International 1.4(2582) Self Check Patch & Today Remover
猛击此处下载补丁程序,放入bin目录下执行。现在的弹窗貌似不是登录之后直接弹了,可能会等待几分钟,不过没关系。还是那个鸟样。
PyDbg安装(《Python 灰帽子》)
这本书是这两天刚买到的,从前天开始看,然后到昨天晚上就看完了,整体的感觉就是书的内容虽然不错但是感觉有点太少了,一种意犹未尽的感觉。
轻轻松松当医生
不知道什么时候电脑上竟然还有这么一个东东,猛击此处下载,可以过一把当医生的瘾。嘎嘎,对啦登录密码是123
mona for Immunity Debugger v1.8x
This is the Corelan Team project page for ‘mona’, a PyCommand for Immunity Debugger.
This PyCommand replaces pvefindaddr, which is no longer supported as of mid june 2011.The PyCommand has been tested on Immunity Debugger 1.83. Older versions of Immunity Debugger are not supported and may not work.
Hide Debugger for Immunity Debugger v1.8x
"""
(c) Mars Security. 2009-2012
Institute Of Information Serurity From Mars
Email:root@h4ck.ws
U{By obaby.}
"""
#sys.path.append("C:\\Program Files\\Immunity Inc\\Immunity Debugger\\Libs")
import immlib
import immutils
def main(args):
imm = immlib.Debugger()
#hide debugger by wipe the BeingDebugged flag in PEB struct.
imm.writeMemory (imm.getPEBAddress() + 0x2,"\x00")
#disable the process enume
process32first = imm.getAddress("kernel32.Process32FirstW")
process32next = imm.getAddress("kernel32.Process32NextW")
function_list = [process32first, process32next]
patch_bytes = imm.assemble("SUB EAX,EAX\nRET 8")
for address in function_list:
opcode = imm.disasmForward(address,nlines = 8)
#imm.writeMemory(opcode.address,patch_bytes)
return "[*] PEB BeingDebugged flag cleared ! Debugger Hided~!"
该脚本用于去掉基于IsDebugPresent函数的调试检测。将上面的内容保存为hidedbg.py放入immdbg的PyCommands目录下,然后在immdbg的命令窗口中执行即可。 
OllyDbg v1.10 And Wow64
前一段时间在去除QQ国际版的弹窗的时候就发现了这个问题,在Windows 7 64位系统下无法正常使用OD进行调试,载入之后会直接提示无法处理的异常。