From Collaborative RCE Tool Library
.NET Disassemblers
| Tool name: | IDA Pro |
| ||
|---|---|---|---|---|
| Author: | Ilfak Guilfanov | |||
| Website: | http://www.hex-rays.com/idapro | |||
| Current version: | 5.2 | |||
| Last updated: | November 26, 2007 | |||
| Direct D/L link: | N/A | |||
| License type: | Commercial | |||
| Description: | The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows or on Linux. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. There is also a free (crippled) version available (IDA Pro Free). See its own entry in the library for more info. As of January 7, 2007, the official IDA Pro website moved from the old URL (http://www.datarescue.com/idabase) to the one listed above. | |||
| Also listed in: | Disassemblers, Linux Debuggers, Linux Disassemblers, Mobile Platform Debuggers, Mobile Platform Disassemblers, Ring 3 Debuggers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | DisasMSIL |
| ||
|---|---|---|---|---|
| Author: | Daniel Pistelli | |||
| Website: | http://ntcore.com/Files/disasmsil.htm | |||
| Current version: | 1.0 | |||
| Last updated: | April 30, 2008 | |||
| Direct D/L link: | http://ntcore.com/Files/disasmsil/DisasMSIL.zip | |||
| License type: | Free / Open source | |||
| Description: | DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any). Note: Don't rely on the ECMA specification (Partition III: Common Language Infrastructure), since it's incomplete. Some new opcodes were introduced with the .NET Framework 2.0. | |||
| Also listed in: | .NET Disassembler Libraries | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Dotnet IL Editor (DILE) |
| ||
|---|---|---|---|---|
| Author: | zsozsop | |||
| Website: | http://sourceforge.net/projects/dile | |||
| Current version: | 0.2.6 | |||
| Last updated: | September 30, 2007 | |||
| Direct D/L link: | N/A | |||
| License type: | Free / Open Source | |||
| Description: | Dotnet IL Editor (DILE) is an editor program which helps modifying .NET assemblies. It is intended to be able to disassemble .NET assemblies, modify the IL code, recompile it and run inside a debugger. | |||
| Also listed in: | .NET Executable Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | PEBrowse Professional |
| ||
|---|---|---|---|---|
| Author: | SmidgeonSoft | |||
| Website: | http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html | |||
| Current version: | 9.2.5 | |||
| Last updated: | 28 December, 2007 | |||
| Direct D/L link: | http://www.smidgeonsoft.com/download/PEBrowse.zip | |||
| License type: | Free | |||
| Description: | PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows XP, Windows 2000, and others. (We have received reports that the software also works on other OSes, including Wine (!) and Windows CE.) With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using PEBrowse. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu. While the binary dump display offers various display options, e.g., BYTE, WORD, or DWORD alignment, the greatest value of PEBrowse comes when one disassembles an entry-point. An entry-point in PEBrowse is defined as: * Module entry-point * Exports (if any) * Debug-symbols (if a valid PDB, i.e., program database file, is present) * Imported API references * Relocation addresses * Internal functions/subroutines * Any valid address inside of the module Selecting and disassembling any number of these entry-points produces a versatile display rich in detail including upper/lowercase display, C/Pascal/Assembler suffix/prefixing, object code, color-coded statements, register usage highlighting, and jump/call target preview popups. Additional information, such as variable and function names, will also be present if one has access to a valid PDB file. Disassembly comes in two flavors: linear sweep (sequential disassembly from a starting address) and recursive traversal, aka, analysis mode (disassembly of all statements reachable by non-call statements - extended analysis disassembles all internal call statements as well). The latter mode also presents local variables with cross-referencing, highlighting, and renaming options. If one adds/changes variable name or adds comments to specific lines, these can be displayed in a session file which will record and save all currently opened displays. PEBrowse Professional will decompile type library information either embedded inside of the binary as the resource "TYPELIB" or inside of individual type libraries, i.e., .TLB or .OLB files. PEBrowse Professional also displays all metadata for .NET assemblies and displays IL (Intermediate Language) for .NET methods. It seamlessly handles mixed assemblies, i.e., those that contain both native and managed code. Finally, PEBrowse can be employed as a file browse utility for any type of file with the restriction that the file must be small enough that it can be memory-mapped. | |||
| Also listed in: | Disassemblers, COM Tools, .NET Tools, Delphi Tools, Exe Analyzers, Memory Dumpers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Reflector for .NET |
| ||
|---|---|---|---|---|
| Author: | Lutz Roeder | |||
| Website: | http://www.aisto.com/roeder/dotnet | |||
| Current version: | 5.0.50.0 (with autoupdate feature) | |||
| Last updated: | Frequently | |||
| Direct D/L link: | http://www.aisto.com/roeder/dotnet/Download.aspx?File=Reflector | |||
| License type: | Free | |||
| Description: | From website: "Reflector is a very powerful class browser, explorer, analyzer and documentation viewer for .NET. Reflector allows to easily view, navigate, search, decompile and analyze .NET assemblies in C#, Visual Basic and IL." This is one of the most powerful .NET decompilers that you can't buy - just download :) Many of the popular commercial tools achieving the same goal "suddenly" got a boost when this masterpiece of work saw a daylights (and besides that those are commercial, still have hard time with obfuscators). Just give it a try, it will last literally five minutes - load some well known assembly of yours, choose target .NET language (!) and let'em work. Then compare it with the original. You'll surely not forget this one. | |||
| Also listed in: | Decompilers, .NET Decompilers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
