Binary instrumentation tool which I wrote for fun of it, and it's practical usage is described in Dealing with funny checksum
based on XED2
This driver was used in some private projects of mine to achive fast and stealth debugging. Some of them are ASProtect SKE 2.3 unpacker, and TheMida unpacker
This tools uses split TLB to trace execution of certain application. Tool supports only 1 break, but it can be updated to support more code breaks, and more memory breakpoints on execution. This is planned for one day, but as it was never needed it was never implemented. Code is released under GPL 3.0 and is official ARTeam release!
Tool which helps in locating attached storage devices, and identifies on which BUS those are attached
Tool to demonstrate how to spy custom GetProcAddress. It sets PAGE_GUARD on export.AddressOfFunctions and monitors access to it
Small program to list all symbols from ntoskrnl.exe. It can list enums, structures, and give you addresses of all symbols in ntoskrnl.exe.
Ultimate Hooking Engine is easy to use hooking engine for Win32 APIs. All you need to do is to provide hooking dll and engine will perfrom hooking. Please check readme.txt in archive and C/asm examples. No need to pay for hooking/loging engines anymore when you can use it for free!!!
Engine whcih will get size of instructions, writen as offset indipendent code, so it can be used in viruses, loaders, and other codes where offset indipendent code is needed.
Use TF to decrypt current instruction, and to encrypt previous. Code stays crypted all the time during execution, untill someone doesn't decypt it fully :)
Workaround to make TLS CallBack in tasm32, nothing advanced, only some simple PE Patching.
Code demonstrates how to reallocate resources such that those won't be present in the image when it is dumped to the disk. This won't stop good unpackers, but will certainly stop beginners that got used to "Count exception, set memory break point, dump, imprec and voila".