From Collaborative RCE Tool Library

Jump to: navigation, search

Disassembler Libraries


Tool name: PVDasm Disassembly Core Engine
Rating: 5.0 (1 vote)
Author: Bengaly                        
Website: http://www.woodmann.com/forum/showthread.php?14287-PVDasm-v1.7b-%2832Bit-64Bit%29
Current version: 1.05
Last updated: March 27, 2011
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: The disassembler library that PVDasm is based on. Nice and clean.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 2.0.0
Last updated: October 10, 2017
Direct D/L link: http://bin.rada.re/radare2-w32-2.0.0.zip
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BeaEngine
Rating: 4.0 (2 votes)
Author: Beatrix2004                        
Website: http://www.beaengine.org
Current version: 4.1
Last updated: December 31, 2010
Direct D/L link: http://www.beaengine.org/index.php?option=com_content&view=article&id=10&Itemid=11
License type: LGPL 3
Description: BeaEngine is a multi-plateform library coded in C (ISO99). It contains actually one function called "Disasm" which allows to disassemble any instruction from the intel instructions set for processors 32 bits and 64 bits. You can use this lib with following languages : C#, C, Python, Delphi, PureBasic, masm32, masm64, GoAsm32, GoAsm64, Nasm, Fasm, WinDev. You can use it in ring3 or ring0 because it doesn't use the windows API. The package you can download here contains the lib, the source code under LPGL3 license and examples including headers for C programmers, C#, masm, nasm, fasm ,GoAsm Python, Delphi, PureBasic, WinDev ones.
Also listed in: X64 Disassembler Libraries, X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Androguard
Rating: 0.0 (0 votes)
Author: Anthony Desnos                        
Website: http://code.google.com/p/androguard/
Current version: 0.9
Last updated: September 25, 2011
Direct D/L link: http://androguard.googlecode.com/files/androguard-0.9.tar.gz
License type: LGPL
Description: Androguard (Android Guard) is primarily a tool written in full python to play with :
- .class (JavaVM)
- .dex (DalvikVM)
- APK
- JAR
- Android's binary xml

Androguard has the following features :
- Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
- Native support of DEX code in a c++ library,
- Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
- Check if an android application is present in a database (malwares, goodwares ?),
- Open source database of android malwares,
- Diffing of android applications,
- Measure the efficiency of obfuscators (proguard, ...),
- Determine if your application has been pirated (rip-off indicator),
- Risk indicator of malicious application,
- Reverse engineering of applications (goodwares, malwares),
- Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
- Visualize your application into cytoscape (by using xgmml format), or PNG/DOT output,
- Patch JVM classes, add native library dependencies,
- Dump the jvm process to find classes into memory,
- ...
Also listed in: Android Tools, Binary Diff Tools, Disassemblers, Entropy Analyzers, Java Disassembler Libraries, Malware Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BCEL
Rating: 0.0 (0 votes)
Author: The Apache Jakarta Project                        
Website: http://jakarta.apache.org/bcel
Current version: 5.2
Last updated: June 6, 2006
Direct D/L link: N/A
License type: Free / Open Source
Description: The Byte Code Engineering Library is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular.

Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files.

BCEL contains a byte code verifier named JustIce, which usually gives you much better information about what's wrong with your code than the standard JVM message.

BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators, code generators and analysis tools. Unfortunately there hasn't been much development going on over the past few years.
Also listed in: Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Capstone engine
Rating: 0.0 (0 votes)
Author: Nguyen Anh Quynh                        
Website: http://www.capstone-engine.org
Current version: 1.0
Last updated: December 18, 2013
Direct D/L link: N/A
License type: BSD
Description: Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
Features

- Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.

- Clean/simple/lightweight/intuitive architecture-neutral API.

- Provide details on disassembled instruction (called “decomposer” by others).

- Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.

- Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.

- Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).

- Thread-safe by design.

- Distributed under the open source BSD license.

Also listed in: X64 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DED
Rating: 0.0 (0 votes)
Author: Damien Octeau, Patrick McDaniel, William Enck                         
Website: http://siis.cse.psu.edu/ded/
Current version: 0.7.1
Last updated: August 17, 2011
Direct D/L link: http://siis.cse.psu.edu/ded/downloads.html
License type: free (copyrighted material)
Description: Background:
ded is a project which aims at decompiling Android applications. The ded tool retargets Android applications in .dex format to traditional .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications.

Usage:
% ded-<version> -d <output dir> <dex/apk file>
Also listed in: Android Tools, Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: diStorm64 x86-64 Disasm Lib
Rating: 0.0 (0 votes)
Author: Gil Dabah & Co.                        
Website: http://www.ragestorm.net/distorm
Current version: 1.7.29
Last updated: March 7, 2008
Direct D/L link: http://www.ragestorm.net/distorm/dl.php?id=11
License type: BSD license
Description: Cross platform x86, x64, MMX, SSE, SSE2, SSE3, SSE4 and soon SSE5 support with open opcode database support (tools available, carefully examine the whole page, you're looking for disops.zip, at the moment available at http://www.ragestorm.net/distorm/dl.php?id=13)

'nough said.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DisasMSIL
Rating: 0.0 (0 votes)
Author: Daniel Pistelli                        
Website: http://ntcore.com/Files/disasmsil.htm
Current version: 1.0
Last updated: April 30, 2008
Direct D/L link: http://ntcore.com/Files/disasmsil/DisasMSIL.zip
License type: Free / Open source
Description: DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

Note: Don't rely on the ECMA specification (Partition III: Common Language Infrastructure), since it's incomplete. Some new opcodes were introduced with the .NET Framework 2.0.
Also listed in: .NET Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Disasm32
Rating: 0.0 (0 votes)
Author: Russell Libby                        
Website: http://users.adelphia.net/~rllibby/source.html
Current version:
Last updated: March 1, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Delphi Disassembler Conversion of libdisasm 2.0. This is a Delphi conversion of the libdisasm project. The source code provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler class which can be called to disassemble instructions from memory. Disassembled information is in Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Disassemble Help Library
Rating: 0.0 (0 votes)
Author: Vasiliy Sotnikov                        
Website: http://dsmhelp.narod.ru/
Current version: 1.1
Last updated: May 6, 2011
Direct D/L link: http://dsmhelp.narod.ru/dsmhelp1.1.zip
License type: Free
Description: Disassembler and single line assembler with Epimorphic syntax.
dsmhelp.dll - main file, it`s native 64-bit library with base independent code.
dsmdemo.exe - demonstration file.

Works witn 16-bit,32-bit and 64-bit codes.
Supported instructions sets: Basic,System,SSE,SSE2,SSE3,SSSE3,SSE4,SSE4A,MMX,FPU,3DNOW,VMX,SVM,AVX,FMA3,FMA4,XOP
Also listed in: X64 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DynamoRIO
Rating: 0.0 (0 votes)
Author: Hewlett-Packard Laboratories & MIT & Derek Bruening                        
Website: http://dynamorio.org
Current version: 6.0.0.6
Last updated: October 6, 2015
Direct D/L link: https://github.com/DynamoRIO/dynamorio/releases/download/release_6_0_0/DynamoRIO-Windows-6.0.0-6.zip
License type: Free and open source (BSD-type license)
Description: DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.
DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.
Also listed in: Code Coverage Tools, Code Injection Tools, Debugger Libraries, Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: eXtended Disassembler Engine (XDE)
Rating: 0.0 (0 votes)
Author: Z0mbie                        
Website: http://vx.netlux.org/vx.php?id=ex01
Current version: 1.02
Last updated: October 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: XDE is based on the LDE/ADE engines. It allows you to find length of any x86 instruction, source/destination register usage for most commonly used instructions, and to split/merge instruction to/from some binary structure.

From program's viewpoint, CPU operates with: different types of registers, memory and io-devices. As such, there are introduced "object set" concept, which means bitset of registers/memory/etc. being read/written by each instruction.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Fixed OllyDbg Disasm DLL
Rating: 0.0 (0 votes)
Author: CondZero                        
Website: http://arteam.accessroot.com/releases.html
Current version: 1.10
Last updated: April 9, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: An improved and fixed version of the already known disasm library (released by Oleh, Olly's author and part of the Olly's disasm engine). A little tool might help for your tools.

This package includes source code of 32-bit Disassembler and 32-bit single line Assembler for 80x86-compatible processors. The source is a slightly stripped/modified version of code used in OllyDbg v1.10 and is well proven by its numerous users.

The disasm.dll has been built using VS2005 VC 8.0 (special note: I had to make a couple modifications for errors during compilation in the source).

To include in your program, make sure the disasm.lib file is in your project folder and the resultant disasm.dll in your executable folder. Be sure to add this to your source code:
#pragma hdrstop
#include "disasm.h"
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hacker Disassembler Engine (HDE)
Rating: 0.0 (0 votes)
Author: Veacheslav Patkov                        
Website: http://patkov-site.narod.ru
Current version: 0.28
Last updated: March 09, 2009
Direct D/L link: http://patkov-site.narod.ru/download/hde32-0.28.tar.gz
License type: Free
Description: This is small disassembler engine intended to x86-32 code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode, immediate value, displacement, etc. For example, you can use HDE when writing unpackers, decryptors, viruses of executable files. HDE package include compiled object files in difference formats, header files and assembler source.

* Supports FPU, MMX, SSE, SSE2, SSE3, 3DNow! instructions
* High speed and small size (~ 1.5 kb)
* Position and OS independent code
* Compatibility with a most coding languages
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: jclasslib
Rating: 0.0 (0 votes)
Author: ej-technologies                        
Website: http://www.ej-technologies.com/products/jclasslib/overview.html
Current version: 3.0
Last updated: January 14, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: jclasslib bytecode viewer is a tool that visualizes all aspects of compiled Java class files and the contained bytecode. In addition, it contains a library that enables developers to read, modify and write Java class files and bytecode.
Also listed in: Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: libdisasm
Rating: 0.0 (0 votes)
Author: mammon_, ReZiDeNt, The Grugq, MO_K, a_p, fbj                        
Website: http://bastard.sourceforge.net/libdisasm.html
Current version: 0.23
Last updated: January 16, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: x86 Disassembler Library

The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler which can be called from any application; the disassembly can be produced in AT&T syntax and Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.

This disassembler is derived from libi386.so in the bastard project; as such it is x86 specific and will not be expanded to include other CPU architectures. Releases for libdisasm are generated automatically alongside releases of the bastard; it is not a standalone project, though it is a standalone library.

The recent spate of objdump output analyzers has proven that many of the people [not necessarily programmers] interested in writing disassemblers have little knowledge of, or interest in, C programming; as a result, these "disassemblers" have been written in Perl. In order to address this audience, a HOWTO has been provided which demonstrates how to use the libdisasm opcode tables to implement a true disassembler using Perl.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: mlde32
Rating: 0.0 (0 votes)
Author: uNdErX                        
Website: http://vx.netlux.org/vx.php?id=em24
Current version:
Last updated: January 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Micro Length-Disassembler Engine 32 (mlde32), is a length-disassembler engine, i.e. a piece of code that allows u to know the length of any x86 instruction. The mlde32 engine supports the ordinary 386 opcode set, plus the extensions: fpu, mmx, cmov, sse, sse2 etc...

It's usage is very simple here's the prototype:

int __cdecl mlde32(void *codeptr);
where:
codeptr -> is a pointer to the opcode that u want to know the size.

if you have any problem using the engine, just take look in some examples at the /examples (nothing more obvious). That's a very simple and powerful engine,and does not require too much system resources either,just 160 bytes of stack space is needed. This engine is only code, and no fixed offsets were used so it can be permutaded/perverted at your own will.

Engine was released in 29A#7 magazine. The size of the engine is 431 byte.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: opdis
Rating: 0.0 (0 votes)
Author: mkfs                        
Website: http://community.thoughtgang.org/content/opdis
Current version: 1.0.1
Last updated: April 19, 2010
Direct D/L link: http://github.com/downloads/mkfs/mkfs.github.com/opdis-1.0.1.tar.gz
License type: GPL
Description: Opdis is a wrapper for the libopcodes disassembler library distributed as part of GNU binutils. It extends the libopcodes library by offering linear and control-flow disassembly algorithms, instruction and operand objects that are suitable for analysis, and a command-line utility to perform disassembly on arbitrary locations in a file.

The Opdis project consists of the libopdis library and the opdis command-line utility.
Also listed in: Disassemblers, X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Pokas x86 Emulator for Generic Unpacking
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://sourceforge.net/projects/x86emu/
Current version: 1.2.0 and 1.21 visual C++
Last updated: December 28, 2012
Direct D/L link: http://sourceforge.net/projects/x86emu/files/1.2.0/x86emu-1.2.rar/download
License type: GPL
Description: Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon with the help of your feedback.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassemblers, OEP Finders, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Security Research and Development Framework
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://blog.amrthabet.co.cc
Current version: v 1.00
Last updated: November 25, 2012
Direct D/L link: http://code.google.com/p/srdf
License type: GPL v.2
Description: Do you see writing a security tool in windows is hard?
Do you have a great idea but you can’t implement it?
Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?
So, Security Research and Development Framework is for you.


Abstract:

This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

· Assembler and Disassembler
· x86 Emulator
· Debugger
· PE Analyzer
· Process Analyzer (Loaded DLLs, Memory Maps … etc)
· MD5, SSDeep and Wildlist Scanner (YARA)
· API Hooker and Process Injection
· Backend Database, XML Serializer
· And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

· Object-oriented and easy to use development framework
· Easy IRP dispatching mechanism
· SSDT Hooker
· Layered Devices Filtering
· TDI Firewall
· File and Registry Manager
· Kernel Mode easy to use internet sockets
· Filesystem Filter

Still the Kernel-Mode in progress and many features will be added in the near future.

Source Code: http://code.google.com/p/srdf
Facebook Page: http://www.facebook.com/SecDevelop

JOIN US ... just mail me at: amr.thabet[at]student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debugger Libraries, Debuggers, Disassemblers, Driver & IRP Monitoring Tools, Exe Analyzers, Kernel Filter Monitoring Tools, Kernel Tools, Low-level Development Libraries, Malware Analysis Tools, Programming Libraries, Reverse Engineering Frameworks, X64 Disassembler Libraries, X86 Disassembler Libraries, X86 Emulators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysDasm
Rating: 0.0 (0 votes)
Author: Kayaker                        
Website: http://rootkit.com/newsread.php?newsid=208
Current version:
Last updated: October 26, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Full-Text Disassembler DLL Export Module for Kernel Mode

I use the source code of NDISASM, the Netwide Disassembler portion of NASM, compiled into a user mode DLL, for use in various reversing projects that incorporate a disassembler component. Recently I decided to recompile the code into a *kernel mode* DLL, to see what use might be made of it in a driver context. The result may be of interest to some, perhaps as a self contained full-text disassembly module for testing or development (i.e. "playing"), or simply as an example of creating and using kernel mode export drivers.

The full-text disassembly module, SysDasm.sys, is created with a single export, which acts as a wrapper around the NDISASM internal disasm routine. This export-only driver is loaded from another driver, either by linking to it explicitly, or by loading it with ZwSetSystemInformation using the SystemLoadImage class.

In this type of export module, the DriverEntry routine is never called but exists so the file is compiled correctly as a .sys driver. If you want to design such a Kernel Mode DLL with functional entry/exit routines, you can add PRIVATE exports declared as DllInitialize/DllUnload. For more on this see for example
DLLs in Kernel Mode by Tim Roberts
http://www.wd-3.com/archive/KernelDlls.htm

The easiest way to use such a kernel mode DLL is to include its .LIB file when compiling the driver which will communicate with it, and to declare the functions you want to import with EXTERN_C DECLSPEC_IMPORT. When the driver is loaded by the system, this second module is loaded as a required kernel DLL and the functions can then be called directly by name. The DLL is unloaded by the system when the driver closes.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Udis86
Rating: 0.0 (0 votes)
Author: Vivek Mohan                        
Website: http://udis86.sourceforge.net
Current version: 1.7
Last updated: June 6, 2008
Direct D/L link: N/A
License type: Free / Open Source
Description: Udis86 is an easy-to-use minimalistic disassembler library (libudis86) for the x86 and AMD64 (x86-64) range of instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis.

1. Full support for the x86 and x86-64 (AMD64) range of instruction set architectures.
2. Full support for all AMD-V, INTEL-VMX, MMX, SSE, SSE2, SSE3, FPU(x87), and AMD 3Dnow! instructions.
3. Supports 16bit, 32bit, and 64bit disassembly modes.
4. Generates output in AT&T or INTEL assembler language syntaxes.
5. Supports flexbile input methods: File, Buffer, and Hooks.
6. Thread-safe and Reentrant.
7. Clean and very easy-to-use API.
8. Builds on *nix systems, Win32, DJGPP (new), Standalone, etc.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VirtualBox Disassembler Library
Rating: 0.0 (0 votes)
Author: OHPen                        
Website: http://www.woodmann.com/forum/showthread.php?t=11904
Current version:
Last updated: July 15, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Because I needed a good disassembler for my projects I check different distributions in the internet. Most of them are homebrew and the support, or let's better say MAINTAINANCE is in most cases not the best.

I really hate it if use a component and realize that there is a bug and the releaser of the component is not able to fix it or sometimes has no real interest in fixing it. That sucks.

That's why I focused on a disassembler which is well maintained and last but not least a good one.

During my search I stumbled over VirtualBox, which is an similar SUN implementation of VMWare's Workstation. The difference is that VirtualBox comes with source, or at least you can download the source (http://www.sun.com/software/products/virtualbox/get.jsp).

I thought that they'd pretty sure have to have an working disassembler inside there virtual machine and bingo... they have.
The problem was that the disassembler was not contained in form of a library, it was simply integrated in the source.

It took me about 2 hours to extract the needed source parts out of virtualbox and built a project for a library for it.

I now use it for my projects and it is very useful for me.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 4 subcategories to this category.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)