From Collaborative RCE Tool Library

Jump to: navigation, search

.NET Tracers


Tool name: DotNET Tracer
Rating: 0.0 (0 votes)
Author: Kurapica                        
Website: http://www.woodmann.com/forum/showthread.php?t=11859
Current version: 0.6
Last updated: June 15, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: This is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what's going on in the background.

1- Select the assembly you want to analyze
2- Set the Events Mask, i.e Events you want to catch
3- Click "Start"

I hope it's useful and as always bug reports are welcome.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MSIL Dumper
Rating: 0.0 (0 votes)
Author: Kurapica                        
Website: http://www.woodmann.com/forum/showthread.php?t=11809
Current version: 0.4
Last updated: December 12, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: The idea of this tool is to achieve two objects:

1 - It will dump the body of every Method (Function, Procedure) called by the executable assembly you select, The dumping occurs whenever compiler enters that method, for example if you Click some button and this button calls method "CheckLicense" then you will find a file named "CheckLicense.txt" in the "\Dump" folder.

2 - It will show you in details the methods being called and also the modules that your application loads so it could be used as a simple tracing utility for .net assemblies.

I wrote this tool to help me rebuild assemblies protected with JIT hooking technique, those assemblies can't be explored in Reflector because their methods' body is encrypted and only decrypted in runtime when the method is called so you will see no code in reflector, I assumed that I will have access to the encrypted MSIL code of the methods using Profiling APIs, there was a 50% chance of success but it turned out to be only useful against certain protections like the one that LibX coded which depends on System.Reflection.Emit.DynamicMethod to excute protected methods.

you can find more on LibX protection here
hxxp://www.reteam.org/board/showthread.php?t=799
Also listed in: .NET MSIL Dumpers, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinApiOverride
Rating: 0.0 (0 votes)
Author: Jacquelin POTIER                        
Website: http://jacquelin.potier.free.fr/winapioverride32/
Current version: 5.1.11
Last updated: July 18, 2009
Direct D/L link: http://jacquelin.potier.free.fr/exe/winapioverride32_bin.zip
License type: Free / Open Source (GPL v2)
Description: WinAPIOverride32 is an advanced api monitoring software.
You can monitor and/or override any function of a process.
This can be done for API functions or executable internal functions.

It tries to fill the gap between classical API monitoring softwares and debuggers.
It can break targeted application before or after a function call, allowing memory or registers changes; and it can directly call functions of the targeted application.
Main differences between other API monitoring softwares :
- You can define filters on parameters or function result
- You can define filters on dll to discard calls from windows system dll
- You can hook functions inside the target process not only API
- You can hook asm functions with parameters passed through registers
- Double and float results are logged
- Preserve registers, floating stack and LastError
- You can easily override any API or any process internal function
- You can break process before or/and after function call to change memory or registers
- You can call functions which are inside the remote processes
- Can hook COM OLE and ActiveX interfaces
- All is is done like modules : you can log or override independently for any function
Also listed in: API Monitoring Tools, COM Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:.NET_Tracers"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   .NET Tools  (50)
   .NET Code Injection Tools  (3)
   .NET Debuggers  (3)
   .NET Decompilers  (1)
   .NET Deobfuscation Tools  (3)
   .NET Disassemblers  (7)
   .NET Executable Editors  (7)
   .NET MSIL Dumpers  (1)
   .NET Packers  (3)
   .NET Resource Editors  (2)
   .NET Signature Changers  (2)
   .NET Signature Removers  (4)
   .NET Tracers  (3)
   .NET Unpackers  (5)
   COM Tools  (11)
   DVD Movie Logic Tools  (1)
   DirectX Tools  (4)
   Dongle Tools  (14)
   Flash Tools  (7)
   FoxPro Tools  (6)
   Hardware Target Tools  (15)
   Installer Tools  (8)
   Java Tools  (6)
   Javascript Tools  (5)
   Linux Tools  (17)
   Malware Analysis Tools  (3)
   Mobile Platform Tools  (11)
   Specific by Compiler  (4)
   Visual Basic Tools  (7)
   Web Application Tools  (7)
   Categorized by Tool Type  (973)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (15)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (12)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   API Monitoring Tools  (17)
   Active Directory Monitoring Tools  (1)
   Bus Monitoring Tools  (5)
   Debug Output Monitoring Tools  (1)
   Disk Monitoring Tools  (2)
   Driver & IRP Monitoring Tools  (1)
   Exception Monitoring Tools  (4)
   File Monitoring Tools  (4)
   Hook Detection Tools  (12)
   Install Monitoring Tools  (3)
   Kernel Filter Monitoring Tools  (1)
   Memory Data Tracing Tools  (6)
   Named Pipe Monitoring Tools  (1)
   Network Monitoring Tools  (7)
   Parallel Comm Monitoring Tools  (2)
   Process Monitoring Tools  (5)
   Registry Monitoring Tools  (6)
   Serial Comm Monitoring Tools  (1)
   SysCall Monitoring Tools  (5)
   Thread Monitoring Tools  (2)
   Tracers  (17)
   .NET Tracers  (3)
   16 bit and DOS Tracers  (1)
   USB Monitoring Tools  (3)
   Window Monitoring Tools  (3)
   Network Tools  (15)
   PE Executable Editors  (78)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (135)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (17)
   .NET Tracers  (3)
   16 bit and DOS Tracers  (1)
   Unpacking Tools  (58)
   Needs New Category  (1)