یک فریم ورک برای خودکار کردن تقریبا تمام مراحل Unpacking
آخرین نسخه 2.0.3 هست که شامل ماژول های Debugger ، Threader ، TLS ، Hooks ، OEP Dumper ، Realigner و ... است. کلی کار با این موجود میشه کرد از جمله نوشتن automated unpacker (شنیدم که تو بلک هت 2009 ، آخر دموشون یک unpacker برای Themida (با حداکثر محافظت) نوشتن که ظرف چند ثانیه برنامه رو آنپک کرد)
این فریم ورک اپن سورس هست و فعلا میشه در زبان های سی ، اسمبلی و دلفی ازش استفاده کرد. قول دادن در نسخۀ بعدی از زبان پایتون هم پشتیبانی کنن که فعلا منتظریم. در وبلاگشون ویدئوهای آموزشی از نحوۀ استفاده از فریم ورک موجوده
آدرس سایت: www.reversinglabs.com/products/TitanEngine.php

ویرایش: خودشون که ادعا دارن فریم ورکشون برای کارایی فراتر از نوشتن آنپر قابلیت داره (گرچه من تا حالا فقط آنپکر ازشون دیدم)


TitanEngine can be described as Swiss army knife for reversers. With its 385 functions, every
reverser tool created to this date has been covered through its fabric. Best yet, TitanEngine can be
automated. It is suitable for more than just file unpacking. TitanEngine can be used to make new tools
that work with PE files. Support for both x86 and x64 systems make this framework the only framework
supporting work with PE32+ files. As such, it can be used to create all known types of unpackers. Engine
is open source making it open to modifications that will only ease its integration into existing solutions
and would enable creation of new ones suiting different project needs.

TitanEngine SDK contains:
 Integrated x86/x64 debugger
 Integrated x86/x64 disassembler
 Integrated memory dumper
 Integrated import tracer & fixer
 Integrated relocation fixer
 Integrated file realigner
 Functions to work with TLS, Resources, Exports,…

با سلام
با تشكر از دوست عزيز مهدي جان
چون سايتش يه جورايي توي ايران باز نميشه اينم لينك دانلود آخرين نسخه از TitanEngine

http://sh4dovv.persiangig.com/Tools/TitanEngine.7z
يا علي

http://www.recon.cx/2010/training4.html



Coding Unpackers for Fun and Profit: TitanEngine Training by Tomislav Pericin and Nicolas Brulez

Learn how to analyze, unpack and code unpackers for software packers and protectors. Attendees will receive hands-on experience working with the ReversingLabs TitanEngine framework, designed for unpacker creation.

Instructors: Tomislav Pericin and Nicolas Brulez
Dates: 6-8 July 2010
Availability: 10 Seats

Learn how to analyze, unpack and code unpackers for software packers and protectors. Attendees will receive hands-on experience working with the ReversingLabs TitanEngine framework, designed for unpacker creation.
Day 1: Static file analysis and static unpacker coding

The focus of the first day is manual file unpacking and static file analysis. We go into deep format analysis to create both simple and more complex static unpackers.

We will focus on real-world protections you are likely to encounter on a day-to-day basis.

Day 2: Dynamic file analysis and dynamic unpacker coding

The second day will cover manual file unpacking and dynamic file analysis. We go into deep format analysis for creating simple and more complex dynamic unpackers. Special attention will be given to dynamic unpacker coding layout and the benefits of using TitanEngine to minimize the time it takes to create an unpacker.

Our focus will be on real world packers you are likely to encounter on a day-to-day basis. These packers top the charts in legitimate software compression, but are often used as malware envelopes.
Day 3: Advanced file analysis and coding complex unpackers

On day 3, we will cover the manual unpacking of complex file packing and protection systems. Special attention will be given to methods used to harden against format reverse engineering and prevent unpacking. We will describe common protection techniques utilized by both legitimate software protectors and those specifically designed for use in malware. We will then use information to show coding techniques needed for such complex dynamic unpackers and ways to counter all the tricks used to harden detection, analysis and unpacking.

Our focus will be on the real-world protections you are likely to encounter on a day-to-day basis.
Class Requirements

IMPORTANT: This training isn't for beginners, and none of the basic stuff will be presented. You must know how to unpack most of the existing packers, and be fluent in x86 assembly to take this course. The author may require students to take appart a little executable in order to be accepted to the training session because we want advanced reverse engineers to progress, and this can only be done if all students can follow the course. There won't be any introduction to reverse engineering class this year, unless we receive enough requests.
Bio
Tomislav Pericin

Tomislav Pericin has been analyzing and developing software packing and protection methods for the last 7 years. He is author of the book "the Art of Reversing" and founder of the commercial software protection project RLPack. Recently he spoke at Black Hat and TechnoSecurity Conferences.
Nicolas Brulez

Nicolas recently joined Kaspersky Lab as a Senior Malware Researcher and is part of the Global Research and Analysis Team. In his current position, he analyses computer virus, codes tools and conducts security research. In the past, he worked for Websense Security Labs and Digital River/Silicon Realms. He is known for his work on the infamous SoftwarePassport/Armadillo protection system and was in charge of the Anti Reverse Engineering techniques used in the product.

He has been doing reverse engineering for over 12 years and regularly writes for the French security magazine MISC. Nicolas has authored a number of papers, lectured on assembly programming and reverse engineering at various computer engineering schools, and frequently speaks at international security conferences, including: RECON (Canada), PacSec (Japan), RuxCon (Australia), SSTIC (France), Virus Bulletin, Toorcon (USA), and APWG (Brussels). Nicolas is also the first reverse engineering instructor to have given training at RECON.

اینم یه محصول دیگه از این شرکت
فریم ورکی برای Archive analysis که توی بلک هت اروپا معرفیش کردن
http://www.reversinglabs.com/products/NyxEngine.php


Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. When it comes to digital steganography no stone should be left unturned in the search for viable hidden data. Although digital steganography is commonly used to hide data inside multimedia files, a similar approach can be used to hide data in archives as well. Steganography imposes the following data hiding rule: Data must be hidden in such a fashion that the user has no clue about the hidden message or file's existence. This can be achieved by either hiding existing packed content from all programs designed to unpack the selected file format, or adding new data to existing compressed files, so that the file's usability is unchanged. To discover this hidden information we must go into deep analysis of systems that have developed their own archive processors and see the implications of format specifications being interpreted differently across such solutions.

We have designed NyxEngine to ensure that no byte is left unchecked in the search for interesting archive data. Furthermore Nyx performs detailed data inspection by which it identifies possible vulnerabilities and corruptions in the binary content of archives. By integrating the NyxEngine as the top layer in archive processing, we can successfully detect and prevent all known and future vulnerability attack vectors against archive processors, thus effectively eliminating the possibility of archive bombs and other exploits. In addition to shielding against exploits, Nyx also searches for viable hidden data that was intentionally cloaked from sight using steganographic principles. And since the engine does detailed data inspection, it can correct vulnerabilities and recover files, making it a perfect archive preprocessor.

Nyx engine’s exploit shield functionality checks the following archive areas: stored file name length and content, compression ratio, extract algorithm requirements, checksum tampering, multi-disk tampering, file entry duplication and other miscellaneous header data checks. Serving as a common denominator among all known archive processing solutions, Nyx classifies each instance of tampering in a functional group as vulnerabilities that affects that group.

By performing detailed checks and on-the-fly corrections, the maximum possible archive data is recovered and identified. This is the best way to find files that are present in the archive, but unreported in the archive header and to extract every possible bit from the archive. This method this works not only with unreported files, but with any kind of binary data present in the archive which isn’t assigned to any of the file content.