|
OllyDbg 1.10 (final version)
|
|
Hits: 13 |
|
Date added: 06/20/2006 |
|
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. Special highlights are:
* Intuitive user interface, no cryptical commands
* Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
* Directly loads and debugs DLLs
* Object file scanning - locates routines from object files and libraries
* Allows for user-defined labels, comments and function descriptions
* Understands debugging information in Borland® format
* Saves patches between sessions, writes them back to executable file and updates fixups
* Open architecture - many third-party plugins are available
* No installation - no trash in registry or system directories
* Debugs multithread applications
* Attaches to running programs
* Configurable disassembler, supports both MASM and IDEAL formats
* MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
* Full UNICODE support
* Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
* Recognizes complex code constructs, like call to jump to procedure
* Decodes calls to more than 1900 standard API and 400 C functions
* Gives context-sensitive help on API functions from external help file
* Sets conditional, logging, memory and hardware breakpoints
* Traces program execution, logs arguments of known functions
* Shows fixups
* Dynamically traces stack frames
* Searches for imprecise commands and masked binary sequences
* Searches whole allocated memory
* Finds references to constant or address range
* Examines and modifies memory, sets breakpoints and pauses program on-the-fly
* Assembles commands into the shortest binary form
* Starts from the floppy disk
and much, much more! Also this tool helps chage entry point to make servers undetectable! |
|
|
|
|
|
|
diStorm64 - AMD64 disassembler (C Library)
|
|
Hits: 7 |
|
Date added: 06/23/2006 |
|
diStorm64 is an AMD64 disassembler, which is the first open source disassembler library for AMD64 out there, licensed under the BSD license.
diStorm is a binary stream disassembler. It's capable of disassembling 80x86 instructions in 64 bits (AMD64, x86-64) and both in 16 and 32 bits. In addition, it disassembles FPU, MMX, SSE, SSE2, SSE3 and 3DNow! (w/ extensions) and new x86-64 instruction sets. diStorm was written to decode quickly every instruction as accurately as possible. Robust decoding, while taking special care for valid or unused prefixes, is what makes this disassembler powerful, especially for research. Another benefit that might come in handy is that the module was written as multi-threaded, which means you could disassemble several streams or more simultaneously.
For rapidly use, diStorm is compiled for Python and is easily used in C as well. diStorm was originally written under Windows and ported later to Linux.
Note that there are currently no known bugs. |
|
|
|
|
|
dltrace v0.5
|
|
Hits: 4 |
|
Date added: 06/27/2006 |
|
dltrace is a dynamic library call tracer which attempts to remain portable to all x86 platforms that support ELF binaries and expose a debugging interface via procfs or the ptrace() system call. The shared library call tracing is done at a level which allows calls to all symbols exported by loaded libraries to be traced. In addition, dltrace does not rely on rtld symbols to retrieve library and symbol information and is capable of determing function arguments dynamically via run-time disassembly. |
|
|
|
|
|
idastruct
|
|
Hits: 4 |
|
Date added: 07/01/2006 |
|
dastruct - ida structure recognition plugin
idastruct is an ida plugin which aims to assist reverse engineers in identifying high-level objects and structures in binary code.
idastruct utilizes the excellent x86 emulator plugin 'ida-x86emu' by Chris Eagle and Jermey Cooper as a basis for evaluating operand values and determining references within tracked boundaries.
This results in automated creation of IDA structures, enumeration or member references, and renaming of disassembly offsets to symbolic names corresponding to the newly created structures and members in the IDA database. |
|
|
|
|
|
|
IDA Function Analyzer
|
|
Hits: 7 |
|
Date added: 07/05/2006 |
|
Written as a C.. class, Function Analyzer was originally developed to provide an abstracted layer over chunked functions frequently found in Microsoft optimize compiled binaries. As of IDA v4.7 this functionality is built into the SDK. However, Function Analyzer can be used to construct plug-ins compatible across older versions and provides abstracted next_ea()/prev_ea() routines for stepping through an internal unchunked instruction list. The abstraction layer also exposes the following function-level information: basic block enumeration (nodes, edges), call count, MD5 hash, CRC, customizable GDL (Wingraph) and GML graph generation. |
|
|
|
