From Collaborative RCE Tool Library

Jump to: navigation, search

Disassemblers


Tool name: COD File Analysis Template
Rating: 5.0 (1 vote)
Author: Dr Bolsen                        
Website: http://drbolsen.wordpress.com/2007/02/01/update-of-cod-template/
Current version:
Last updated: February 1, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: 010 Editor Binary Template for parsing/analyzing Blackberry executables (COD files).
Also listed in: BlackBerry Tools, Mobile Platform Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDA Pro
Rating: 5.0 (6 votes)
Author: Ilfak Guilfanov                        
Website: http://www.hex-rays.com/idapro
Current version: 6.1
Last updated: April 8, 2011
Direct D/L link: http://95.211.133.202/files/idademo_windows60.exe
License type: Commercial
Description: The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows or on Linux. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation.

There is also a free (crippled) version available (IDA Pro Free). See its own entry in the library for more info.

As of January 7, 2007, the official IDA Pro website moved from the old URL (http://www.datarescue.com/idabase) to the one listed above.
Also listed in: .NET Disassemblers, IPhone Tools, Linux Debuggers, Linux Disassemblers, Mobile Platform Debuggers, Mobile Platform Disassemblers, Ring 3 Debuggers, Symbian Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: P32DASM
Rating: 5.0 (1 vote)
Author: DARKER                        
Website: http://progress-tools.x10.mx/p32dasm.html
Current version: 2.8
Last updated: May 24, 2011
Direct D/L link: http://progress-tools.x10.mx/p32dasm.zip
License type: Free
Description: P32Dasm is a Visual Basic 5.0/6.0 PCode + Native code Decompiler. It can generate String, Numbers, Objects, Import and Export function listing. There is also Jump calculator. For VB Native code executables are generated only MSVBVM, External calls and string references. Usefull for setting BPX, you don't need search in debugger where start some Command Button event. You can generate .map files, which you can import to DataRescue IDA (LoadMap plugin) or to Olly Debugger (MapConv plugin).
Also listed in: Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PE Explorer
Rating: 5.0 (1 vote)
Author: Heaventools Software                        
Website: http://www.heaventools.com/overview.htm
Current version: 1.99 R6 (silent update)
Last updated: October 14, 2009
Direct D/L link: http://www.heaventools.com/download/pexsetup.zip
License type: Shareware
Description: PE Explorer provides powerful tools for disassembly and inspection of unknown binaries, modifying the properties of executable files and customizing and translating their resources. Use this product to do reverse engineering, analyze the procedures and libraries an executable uses.

Features include:

* Working with PE files - exe, dll, sys, drv, bpl, dpl, cpl, ocx and more.
* The ability to open a broken or packed file in Safe mode.
* Support for custom plug-ins to perform any startup processing.
* Collecting the full information contained in the file header.
* Checksum computing and modification.
* Review and editing Data Directories.
* Review of all the sections and info about their location and size.
* Review of contents of section as Raw Data - up to 16 view windows.
* Extracting and deleting sections.
* Section header recalculation.
* Section Editor to modify and repair the damaged section headers.
* Resource Editor to view and modify almost any kind of resources.
* Saving changes to disk as a new file image.
* Full info on exported and imported functions. Review of contents of the base relocation table.
* Quick Function Syntax Lookup. Syntax Description Editor.
* Source code and package information analyzer. Dependency Scanner.
* Built-in Disassembler.
* Customize GUI elements of your favorite Windows programs
* Special support for Delphi applications
* Automatic UPX and Upack unpacking

See multiple screenshots at: http://www.heaventools.com/scrshots.htm
Also listed in: PE Executable Editors, Resource Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PVDasm Disassembly Core Engine
Rating: 5.0 (1 vote)
Author: Bengaly                        
Website: http://www.woodmann.com/forum/showthread.php?14287-PVDasm-v1.7b-%2832Bit-64Bit%29
Current version: 1.05
Last updated: March 27, 2011
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: The disassembler library that PVDasm is based on. Nice and clean.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 0.9.7
Last updated: March 3, 2014
Direct D/L link: http://www.radare.org/get/radare2-0.9.7.tar.xz
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Reflector for .NET
Rating: 5.0 (1 vote)
Author: Lutz Roeder (current owner Red Gate Software)                        
Website: http://www.reflector.net/
Current version: 7.7
Last updated: July 18, 2009
Direct D/L link: http://shop.reflector.net/download
License type: Free until 6.8.2.5
Description: From website:

"Reflector is a very powerful class browser, explorer, analyzer and documentation viewer for .NET. Reflector allows to easily view, navigate, search, decompile and analyze .NET assemblies in C#, Visual Basic and IL."

This is one of the most powerful .NET decompilers that you can't buy - just download :)
Many of the popular commercial tools achieving the same goal "suddenly" got a boost when this masterpiece of work saw a daylights (and besides that those are commercial, still have hard time with obfuscators).

Just give it a try, it will last literally five minutes - load some well known assembly of yours, choose target .NET language (!) and let'em work. Then compare it with the original.

You'll surely not forget this one.
Also listed in: .NET Decompilers, .NET Disassemblers, Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Reflexil
Rating: 5.0 (1 vote)
Author: Sebastien Lebreton                        
Website: http://reflexil.net
Current version: 1.2
Last updated: March 7, 2011
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Reflexil is an assembly editor and runs as a plug-in for Red Gate's Reflector, a great tool for .NET developers. Reflexil is using Mono.Cecil, written by Jb Evain and is able to manipulate IL code and save the modified assemblies to disk. Reflexil also supports C#/VB.NET code injection.
Also listed in: .NET Disassemblers, .NET Executable Editors, .NET MSIL Dumpers, .NET Signature Changers, .NET Signature Removers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RosAsm
Rating: 5.0 (1 vote)
Author: Betov/Rene, Beyond2K, others                        
Website: http://rosasm.tk
Current version: 2.053g
Last updated: September 13, 2013
Direct D/L link: http://rosasm.freeforums.org/download/file.php?id=125
License type: Free / Open Source / GPLed
Description: Previously known as SpAsm.

The easy way for writing full 32 Bits Applications in Assembly

IDE with full integration of all components. RosAsm is auto-compilable and the Sources are hosted inside the PEs. No installation overhead (the silent auto-install coming with RosAsmFull.zip makes RosAsm the only actual Click&Go Assembler environment).

Real Sources Editor with tons of unique features, specificaly devoted to secure editions and to huge mono-files assembly sources: Tree-view, instant jump to any type of declaration by simple right-click, division of the mono-files into TITLEs, advanced IncIncluder pre-parser, and so on...

The fastest of the actual assemblers, (1.5 Mega/second on a Celeron 1.3 Ghz...) directly outputting PE files on a simple click, with a powerful macros system (a macros unfolder is available by a double-click, through a float menu). Simplified Intel syntax. Does not need any include, prototype or header companion file. Nothing but a single simple source. Complete implementation of the mnemonics set, up to SSE3. RosAsm Bottom-Up Assembler is a true low level Assembler, enabling HLL writing styles by user defined macros and/or by HLL pre-parsers selections.

Selectable Pre-Parsers performing various tasks, like HLL expressions parsing, alternate syntaxes, Includes Managements, ...

Source level Debugger with a state-of-the-art memory inspector and very advanced features, like the dynamic break-points, that can be set/removed by simple clicks, as well as at write-time and/or at run-time, like with the most advanced HLLs. To run the Debugger, You simply click on Run and your application is running through the debugger. Any error (or break-point, enabling advanced stepping modes) is pointed out directly in your source code. Accurate messages are delivered on errors cases.

Disassembler. To date, RosAsm is the one and only two-clicks-disassembler-reassembler ever seen. It is, actually, fully effective on most small files and on many middle size applications: The dream tool for study and/or for porting your works to assembly.

Original Resources Editors, with control of matching styles, outputting as well resources, files, and memory templates.

Integrated Help system, with a complete 32 bits Assembly Tutorials, Opcode help, and RosAsm Manual (2 megas of documentation, more than 600 organised rtf files).

Clip file system, for templates reuse.

Integrated OS Equates, and Structures files, saving from any boring include.

... and much more...

Take care that, as opposed to most RAD/IDEs, RosAsm does not attempt to impress you with multiple windows jumping all over the screen and with insistant features. Instead, RosAsm features implementations have always been made as discreet and as silent as possible, and the overall look-and-feel has always been made as naked and as simple as possible. Many implementations are optional, through the configuration tab.

Though RosAsm is the most accurate tool for learning the marvelous simplicity of Assembly - particulary since the inclusion of the Interactive Visual Tutorials - and though it is the easiest way to jump right into the true thing, it has been thought and designed, first, as a professional tool for real life applications programming in full assembly. Its final purpose is to compete with the current most commonly used HLLs, for serious applications writing. This goal will be achieved, in the near future, with the upcoming implementations of the Visual Components Designers (Wizards) and with the implementations of some Applications builders.
Also listed in: Assembler IDE Tools, Assemblers, Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Proview aka PVDasm
Rating: 4.5 (2 votes)
Author: Bengaly                        
Website: http://www.pvdasm.tk-labs.com/
Current version: 1.7d
Last updated: August 20, 2011
Direct D/L link: Locally archived copy
License type: Free
Description: The Proview (a.k.a PVDasm) Disassembler is Free, Interactive, Multi-CPU (Intel 80x86/ Chip8) that includes many features which allows the user to perform analysis on the target image file. PVDasm currently support image files of executable files (.exe), dynamic executable images (.dll) and Game-Boy image files (.gb/.gbc). Proview disassembler is being developed now for over 6 years and the work has never stopped (might be delayed) since than. PVDasm is always intended to be a free disassembler without any profits what so ever, this makes Proview different than the other disassemblers' out there.

PVDasm has been coded by me in 2002, history can shows that the first Proview engine was developed as a side project and was integrated as a part of a packer identifier which was also coded by me and was released in the name and version of Proview v0.8. Later that year this has changed, PVDasm disassembly engine has recoded from scratch with the aid of Intel x86 Books and the online opcode decoding tutorials and information of The-Svin as a project for my university. Proview disassembler disassembly engine does not use any 3rd party code or any other disassembler's code and operates by its own code. Currently the engine decodes the Intel 80x86 (32Bit) architecture (and hopefully later on will support the 64Bit architecture decoding) and support the different operation sets such as MMX/SSEx/3D Now! More than Intel CPUs, PVDasm also decodes the Chip8 CPU (an old CPU with minimal set of opcodes) which was used years ago for gaming.

Support and Features in Proview Disassembler:

* Reads/Edits the PE (32Bit) and PE+ (64Bit) Image files.
* Integrated Hex Editor (Extension dll from RadASM).
* Integrated Process Manager and Dumper (Not working on Windows 7 yet).
* Source Code Generator and Wizard (Only for MASM Compiler).
* Plug-in SDK Architecture.
* Coloring Themes/Custom Themes for disassembly coloring.
* Function Parameters Recognition.
* Data/Function Entries Manager (Define your own data/code section blocks).
* Produce PVDasm .MAP file and Support for IDA MAP Files (using ida2pv IDC script) for better analysis.
* First Pass analyzer (Simple Analyzer).
* Easy GUI Interface and features.
* Code Patcher (Edit image and apply changes on the fly).
* View/Search Function References and String References.
* View Call/Jxx Bodies without the need to trace (Hover on the a JMPx/CALL address)
* Create and Load PVDasm Disassembly projects.
* Create And Execute Scripts using PVScript Engine.

13.08.2011:
*Fixed the bug in the status bar, when clicking on a disassembled line PVDasm did not show the actual Code Address / Code Offset.
*Fixed a nasty crash when PVDasm tried to resolve an APIs calls way outside of the current disassembled [code] section. (Bad Pointer, access violation)
*Fixed a nasty crash when PVDasm tried to access a dword instead of a word from a memory location, which caused a memory acceess violation crash.
*Increased buffer size in XRef resolving, which caused a stack run time error.
*Fixed PVDasm (64bit) Import table resolve!! PVDasm 64Bit crashed due to memory access violation when tried accessing the import table using PIMAGE_THUNK_DATA64 instead of PIMAGE_THUNK_DATA32 for normal PE files. this is done by adding #define PIMAGE_THUNK_DATA PIMAGE_THUNK_DATA32 for x64 build.
*PE/PE+ Editor fixed in PVDasm 64Bit!!
*Menu bar re-ordered.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BeaEngine
Rating: 4.0 (2 votes)
Author: Beatrix2004                        
Website: http://www.beaengine.org
Current version: 4.1
Last updated: December 31, 2010
Direct D/L link: http://www.beaengine.org/index.php?option=com_content&view=article&id=10&Itemid=11
License type: LGPL 3
Description: BeaEngine is a multi-plateform library coded in C (ISO99). It contains actually one function called "Disasm" which allows to disassemble any instruction from the intel instructions set for processors 32 bits and 64 bits. You can use this lib with following languages : C#, C, Python, Delphi, PureBasic, masm32, masm64, GoAsm32, GoAsm64, Nasm, Fasm, WinDev. You can use it in ring3 or ring0 because it doesn't use the windows API. The package you can download here contains the lib, the source code under LPGL3 license and examples including headers for C programmers, C#, masm, nasm, fasm ,GoAsm Python, Delphi, PureBasic, WinDev ones.
Also listed in: X64 Disassembler Libraries, X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: swftools
Rating: 4.0 (1 vote)
Author: Matthias Kramm & Rainer Böhme                        
Website: http://swftools.org
Current version: 0.9.2
Last updated: April 8, 2012
Direct D/L link: http://swftools.org/download.html
License type: GPLv2 / Open Source (C)
Description: SWFTools is a collection of utilities for working with Adobe Flash files (SWF files). The tool collection includes programs for reading SWF files, combining them, and creating them from other content (like images, sound files, videos or sourcecode). SWFTools is released under the GPL.
The current collection is comprised of the programs detailed below:

* PDF2SWF A PDF to SWF Converter. Generates one frame per page. Enables you to have fully formatted text, including tables, formulas, graphics etc. inside your Flash Movie. It's based on the xpdf PDF parser from Derek B. Noonburg.
* SWFCombine A multi-function tool for inserting SWFs into Wrapper SWFs, contatenating SWFs, stacking SWFs or for basic parameter manipulation (e.g. changing size).
* SWFStrings Scans SWFs for text data.
* SWFDump Prints out various informations about SWFs, like contained images/fonts/sounds, disassembly of contained code as well as cross-reference and bounding box data.
* JPEG2SWF Takes one or more JPEG pictures and generates a SWF slideshow from them. Supports motion estimation compression (h.263) for better compression of video sequences.
* PNG2SWF Like JPEG2SWF, only for PNGs.
* GIF2SWF Converts GIFs to SWF. Also able to handle animated gifs.
* WAV2SWF Converts WAV audio files to SWFs, using the L.A.M.E. MP3 encoder library.
* AVI2SWF Converts AVI animation files to SWF. It supports Flash MX H.263 compression. Some examples can be found at examples.html. (Notice: this tool is not included anymore in the latest version, as ffmpeg or mencoder do a better job nowadays)
* Font2SWF Converts font files (TTF, Type1) to SWF.
* SWFBBox Allows to read out, optimize and readjust SWF bounding boxes.
* SWFC A tool for creating SWF files from simple script files. Includes support for both ActionScript 2.0 as well as ActionScript 3.0.
* SWFExtract Allows to extract Movieclips, Sounds, Images etc. from SWF files.
* AS3Compile A standalone ActionScript 3.0 compiler. Mostly compatible with Flex.

SWFTools has been reported to work on Solaris, Linux (both 32 as well as 64 bit), FreeBSD, OpenBSD, HP-UX, Solaris, MacOS X and Windows 98/ME/2000/XP/Vista.
Also listed in: Flash Disassemblers, Flash Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDA Pro Free
Rating: 3.5 (4 votes)
Author: DataRescue                        
Website: https://www.hex-rays.com/products/ida/support/download_freeware.shtml
Current version: 5.0
Last updated: November 2, 2007
Direct D/L link: http://out7.hex-rays.com/files/idafree50.exe
License type: Free
Description: This is the (crippled) freeware edition of the IDA Pro debugger (see its own entry in the library for more info).

Differences from the commercial version is, among others:

* No remote debugging
* No Linux debugging (disassembling only)
* No other OS support at all (Mac OSX, WinCE)
* Only PE, COFF, OMF, ELF and Dos is supported (not NE)
* No console version (idaw.exe)
* Only x86 family processor module included (metapc)
* No x64 support at all
* Some FLIRT signatures are out-dated
* Fewer included plugins
* Difficulty identifying parameters in some cases (no PIT)
* Buggy WINE support
* Incompatible with plugins for commercial versions (plugins can be patched with another tool available in this library to work with the free version though!)
Also listed in: Ring 3 Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hiew
Rating: 3.0 (2 votes)
Author: Eugene Suslikov                        
Website: http://www.hiew.ru/
Current version: 8.10
Last updated: February 24, 2010
Direct D/L link: http://www.hiew.ru/files/hiew802.zip
License type: Shareware
Description: * view and edit files of any length in text, hex, and decode modes
* x86-64 disassembler & assembler
* physical & logical drive view & edit
* support for NE, LE, LX, PE/PE32+ and little-endian ELF/ELF64 executable formats
* support for Netware Loadable Modules like NLM, DSK, LAN,...
* following direct call/jmp instructions in any executable file with one touch
* pattern search in disassembler
* built-in simple 64bit decrypt/crypt system
* built-in powerful 64bit calculator
* block operations: read, write, fill, copy, move, insert, delete, crypt
* multifile search and replace
* keyboard macros
* unicode support
* Hiew Extrenal Module (HEM) support
* ArmV6 disassembler
Also listed in: Hex Editors, PE Executable Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: W32DASM
Rating: 2.0 (2 votes)
Author: URsoftware                        
Website: N/A
Current version: 8.94
Last updated: March 11, 2003
Direct D/L link: Locally archived copy
License type: Commercial (abandonware)
Description: Before IDA Pro, W32DASM was the king of Windows 32 bit executable disassemblers.

It also has a ring 3 debugger built-in.
Also listed in: Ring 3 Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Adobe Flash disassembler
Rating: 0.0 (0 votes)
Author: Marian Radu                        
Website: http://www.hex-rays.com/contest2009
Current version:
Last updated: November 19, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Shockwave Flash is a very common and widely used file format that, unfortunatelly, has not been able to make its way into IDA's recognized file formats. The increasing numbers of grayware and malware SWF files require security researchers to disassemble and analyse such files and IDA is again an ideal tool to use.

The 2 plugins present in this archive will enable IDA to parse SWF files, load all SWF tags as segments for fast search and retrieval, parse all tags that can potentially contain ActionScript2 code, discover all such code(a dedicated processor module has been written for it) and even name the event functions acording to event handled in it (eg. OnInitialize).

There are two different modules: a file loader module and a processor module. Together, they make it possible to analyze Flash SWF files with IDA, as simple as that. It was very easy to install and run the plugin: just copy 2 files to the IDA subdirectories and it is ready.

Flash files can be loaded very easily into IDA, and you'll see a bytecode, as in the screenshot here below.
Also listed in: Flash Disassemblers, IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Androguard
Rating: 0.0 (0 votes)
Author: Anthony Desnos                        
Website: http://code.google.com/p/androguard/
Current version: 0.9
Last updated: September 25, 2011
Direct D/L link: http://androguard.googlecode.com/files/androguard-0.9.tar.gz
License type: LGPL
Description: Androguard (Android Guard) is primarily a tool written in full python to play with :
- .class (JavaVM)
- .dex (DalvikVM)
- APK
- JAR
- Android's binary xml

Androguard has the following features :
- Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
- Native support of DEX code in a c++ library,
- Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
- Check if an android application is present in a database (malwares, goodwares ?),
- Open source database of android malwares,
- Diffing of android applications,
- Measure the efficiency of obfuscators (proguard, ...),
- Determine if your application has been pirated (rip-off indicator),
- Risk indicator of malicious application,
- Reverse engineering of applications (goodwares, malwares),
- Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
- Visualize your application into cytoscape (by using xgmml format), or PNG/DOT output,
- Patch JVM classes, add native library dependencies,
- Dump the jvm process to find classes into memory,
- ...
Also listed in: Android Tools, Binary Diff Tools, Disassembler Libraries, Entropy Analyzers, Java Disassembler Libraries, Malware Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: asmDIFF
Rating: 0.0 (0 votes)
Author: Michael Willigens, Rene Laemmert                        
Website: http://duschkumpane.org/index.php/asmdiff
Current version: 1.1
Last updated: August 28, 2012
Direct D/L link: N/A
License type:
Description: asmDiff is an binary assembly search, diff and disassembly tool. It supports Windows PE (exe/dll) and Linux ELF binary format compiled for x86 and x68_64 architectures. It is particular useful when searching for asm functions, instructions or memory pointers in a patched, updated or otherwise modified binary.

Features:
- Single search mode, if one needs to test one or several addresses by hand.
- Supports batch mode updates. A header file (containing lots of hardcoded pointers) and two binary files (old, new) is given as input. asmDIFF can then output a "new" header file for the updated binary. Extremely helpful on reverse engineering projects that get updated.
- Can find similar functions in different programs. But this can behave very fuzzy. It was tested on related programs where it workes with moderate success.
- Full diff mode. It prints out the entry points of "new", "modified" and "removed" functions.

Currently a full featured WebBased version is available. asmDIFF is also included in mmBBQ (http://duschkumpane.org/index.php/mmbbq) version 3.X and upwards.
Also listed in: Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BCEL
Rating: 0.0 (0 votes)
Author: The Apache Jakarta Project                        
Website: http://jakarta.apache.org/bcel
Current version: 5.2
Last updated: June 6, 2006
Direct D/L link: N/A
License type: Free / Open Source
Description: The Byte Code Engineering Library is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular.

Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files.

BCEL contains a byte code verifier named JustIce, which usually gives you much better information about what's wrong with your code than the standard JVM message.

BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators, code generators and analysis tools. Unfortunately there hasn't been much development going on over the past few years.
Also listed in: Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Bastard
Rating: 0.0 (0 votes)
Author:                         
Website: http://bastard.sourceforge.net
Current version: 0.16
Last updated: 2002
Direct D/L link: N/A
License type: Free / Open Source
Description: The Bastard is a disassembler -- or, more appropriately, a disassembly environment. The idea is that you have an interpreter, much as you would in Perl or Python, which allows you to load files, disassemble them, dump the disassembly, write/run macros, and various other operations. The x86 instruction disassembler written for this project has been packaged seperately as libdisasm, and is intended to be used in other open source projects.

This interpreter can be used interactively, it can be fed commands via STDIN [just like a scripting interpreter], and it can be communicated with via a pair of FIFOs. Now, on top of this any number of UI front ends can be stacked -- ncurses console front ends, Gtk X front-ends, Tk front ends, etc. It is the reponsibility of the front-ends to display the information obtained by querying the disassembler, supplying syntax highlighting, displaying strings, xrefs, etc; however the disassembler will retain all of this information, do all of the 'brute' processing, and will provide any of the information when requested.

The bastard currently runs on x86 Linux and FreeBSD [CVS version]. It can disassemble x86 ELF, a.out, and PE files as well as flat binary files [.com, .bin].
Also listed in: Linux Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Capstone
Rating: 0.0 (0 votes)
Author: Nguyen Anh Quynh                        
Website: http://www.capstone-engine.org
Current version: 1.0
Last updated: December 18, 2013
Direct D/L link: N/A
License type: BSD
Description: Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
Features

- Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.

- Clean/simple/lightweight/intuitive architecture-neutral API.

- Provide details on disassembled instruction (called “decomposer” by others).

- Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.

- Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.

- Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).

- Thread-safe by design.

- Distributed under the open source BSD license.

Also listed in: Mobile Platform Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Capstone engine
Rating: 0.0 (0 votes)
Author: Nguyen Anh Quynh                        
Website: http://www.capstone-engine.org
Current version: 1.0
Last updated: December 18, 2013
Direct D/L link: N/A
License type: BSD
Description: Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
Features

- Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.

- Clean/simple/lightweight/intuitive architecture-neutral API.

- Provide details on disassembled instruction (called “decomposer” by others).

- Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.

- Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.

- Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).

- Thread-safe by design.

- Distributed under the open source BSD license.

Also listed in: X64 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DED
Rating: 0.0 (0 votes)
Author: Damien Octeau, Patrick McDaniel, William Enck                         
Website: http://siis.cse.psu.edu/ded/
Current version: 0.7.1
Last updated: August 17, 2011
Direct D/L link: http://siis.cse.psu.edu/ded/downloads.html
License type: free (copyrighted material)
Description: Background:
ded is a project which aims at decompiling Android applications. The ded tool retargets Android applications in .dex format to traditional .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications.

Usage:
% ded-<version> -d <output dir> <dex/apk file>
Also listed in: Android Tools, Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: dedexer
Rating: 0.0 (0 votes)
Author: Gabor Paller                        
Website: http://dedexer.sourceforge.net
Current version: 1.9
Last updated: December 12, 2009
Direct D/L link: N/A
License type: Public Domain
Description: "Dedexer is a disassembler tool for DEX files. DEX is a format introduced by the creators of the Android platform. The format and the associated opcode set is in distant relationship with the Java class file format and Java bytecodes. Dedexer is able to read the DEX format and turn into an "assembly-like format". This format was largely influenced by the Jasmin syntax but contains Dalvik opcodes. For this reason, Jasmin is not able to compile the generated files."
Also listed in: Android Tools, Mobile Platform Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: diStorm64 x86-64 Disasm Lib
Rating: 0.0 (0 votes)
Author: Gil Dabah & Co.                        
Website: http://www.ragestorm.net/distorm
Current version: 1.7.29
Last updated: March 7, 2008
Direct D/L link: http://www.ragestorm.net/distorm/dl.php?id=11
License type: BSD license
Description: Cross platform x86, x64, MMX, SSE, SSE2, SSE3, SSE4 and soon SSE5 support with open opcode database support (tools available, carefully examine the whole page, you're looking for disops.zip, at the moment available at http://www.ragestorm.net/distorm/dl.php?id=13)

'nough said.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DisasMSIL
Rating: 0.0 (0 votes)
Author: Daniel Pistelli                        
Website: http://ntcore.com/Files/disasmsil.htm
Current version: 1.0
Last updated: April 30, 2008
Direct D/L link: http://ntcore.com/Files/disasmsil/DisasMSIL.zip
License type: Free / Open source
Description: DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

Note: Don't rely on the ECMA specification (Partition III: Common Language Infrastructure), since it's incomplete. Some new opcodes were introduced with the .NET Framework 2.0.
Also listed in: .NET Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Disasm32
Rating: 0.0 (0 votes)
Author: Russell Libby                        
Website: http://users.adelphia.net/~rllibby/source.html
Current version:
Last updated: March 1, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Delphi Disassembler Conversion of libdisasm 2.0. This is a Delphi conversion of the libdisasm project. The source code provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler class which can be called to disassemble instructions from memory. Disassembled information is in Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DisasmViewer
Rating: 0.0 (0 votes)
Author: Naggingmachine                        
Website: N/A
Current version: 0.1
Last updated: December 12, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: DisasmViewer is a disassembler that use several disassembler libraries and assemblers. It converts binary codes to assembly codes. Support many options and can generate shell code from assembly code.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Disassemble Help Library
Rating: 0.0 (0 votes)
Author: Vasiliy Sotnikov                        
Website: http://dsmhelp.narod.ru/
Current version: 1.1
Last updated: May 6, 2011
Direct D/L link: http://dsmhelp.narod.ru/dsmhelp1.1.zip
License type: Free
Description: Disassembler and single line assembler with Epimorphic syntax.
dsmhelp.dll - main file, it`s native 64-bit library with base independent code.
dsmdemo.exe - demonstration file.

Works witn 16-bit,32-bit and 64-bit codes.
Supported instructions sets: Basic,System,SSE,SSE2,SSE3,SSSE3,SSE4,SSE4A,MMX,FPU,3DNOW,VMX,SVM,AVX,FMA3,FMA4,XOP
Also listed in: X64 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Dot Net String Decoder
Rating: 0.0 (0 votes)
Author: DARKER                        
Website: http://progress-tools.x10.mx/dnsd.html
Current version: 1.10
Last updated: April 17, 2013
Direct D/L link: http://progress-tools.x10.mx/dnsd.zip
License type: Freeware
Description: Description:
Program can list or decrypt strings used in .NET executable based on user decryption plugins and rebuild new assembly with decoded strings. Method names, control flow etc. are unchanged in assembly!

Features:
- List all strings that are used in .NET executable
- Generic search for decoding function like: DecodeFunction(Byval Coded_String as String) As String
- Decrypt strings based on your own plugin
- Very simple plugin interface (C#, VB.NET)
- Preview of string decryption (checking results)
- Rebuild application with decoded strings (removing decoding function)
- Explorer with all methods for fast navigation
- Export method tree to text file
- Fast string extraction
- Very good and easy searching
- Export strings to text file for further processing
- DisAssemble selected method
- Instruction coloring for fast navigation (Strings, Numbers, Calls, Jumps)
- See real file offset and opcode bytes
- Jump from opcode to file with hexeditor (patching)
Also listed in: .NET Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DotFuckScator v1.3
Rating: 0.0 (0 votes)
Author: LibX                        
Website: http://www.reteam.org/tools.html
Current version: v1.3
Last updated: May 9, 2009
Direct D/L link: http://reteam.org/tools/tf35.zip
License type: Free
Description: DotFuckScator.V1.3

DotFuckScator is a reversing engineering tool used to remove string encryption
from dotfuscator protected files

If the original file was strong name signed DotFuckScator will create a new keypair
and re-sign the file with this pair, be carefull since file depending on this file will
need to be edited manualy to support the new strong name signature.
You can use RE-Sign for this and the editor of your choice

Also if you like the file re-signed with a specific key place your key in the same
folder as the file you are about to process and rename it to DotFuckScator.snk
now DotFuckScator will use this key for the re-sign process.

Hope this tool is of any use

Changes:
* v1.1 has a minor bugfix that prevented some strings from proper decrypting
* v1.2 small bugfix in re-signing, added indicator to show the amount of
strings decrypted so far
* v1.3 Fixed royal fuck-up in string decryption code replacement function
meaning the output will now run after string decryption removal ;x
Also listed in: .NET Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Dotnet IL Editor (DILE)
Rating: 0.0 (0 votes)
Author: zsozsop                        
Website: http://sourceforge.net/projects/dile
Current version: 0.2.6
Last updated: September 30, 2007
Direct D/L link: N/A
License type: Free / Open Source
Description: Dotnet IL Editor (DILE) is an editor program which helps modifying .NET assemblies. It is intended to be able to disassemble .NET assemblies, modify the IL code, recompile it and run inside a debugger.
Also listed in: .NET Debuggers, .NET Disassemblers, .NET Executable Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DynamoRIO
Rating: 0.0 (0 votes)
Author: Hewlett-Packard Laboratories & MIT & Derek Bruening                        
Website: http://dynamorio.org
Current version: 6.0.0.6
Last updated: October 6, 2015
Direct D/L link: https://github.com/DynamoRIO/dynamorio/releases/download/release_6_0_0/DynamoRIO-Windows-6.0.0-6.zip
License type: Free and open source (BSD-type license)
Description: DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.
DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.
Also listed in: Code Coverage Tools, Code Injection Tools, Debugger Libraries, Disassembler Libraries, Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: eXtended Disassembler Engine (XDE)
Rating: 0.0 (0 votes)
Author: Z0mbie                        
Website: http://vx.netlux.org/vx.php?id=ex01
Current version: 1.02
Last updated: October 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: XDE is based on the LDE/ADE engines. It allows you to find length of any x86 instruction, source/destination register usage for most commonly used instructions, and to split/merge instruction to/from some binary structure.

From program's viewpoint, CPU operates with: different types of registers, memory and io-devices. As such, there are introduced "object set" concept, which means bitset of registers/memory/etc. being read/written by each instruction.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Fixed OllyDbg Disasm DLL
Rating: 0.0 (0 votes)
Author: CondZero                        
Website: http://arteam.accessroot.com/releases.html
Current version: 1.10
Last updated: April 9, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: An improved and fixed version of the already known disasm library (released by Oleh, Olly's author and part of the Olly's disasm engine). A little tool might help for your tools.

This package includes source code of 32-bit Disassembler and 32-bit single line Assembler for 80x86-compatible processors. The source is a slightly stripped/modified version of code used in OllyDbg v1.10 and is well proven by its numerous users.

The disasm.dll has been built using VS2005 VC 8.0 (special note: I had to make a couple modifications for errors during compilation in the source).

To include in your program, make sure the disasm.lib file is in your project folder and the resultant disasm.dll in your executable folder. Be sure to add this to your source code:
#pragma hdrstop
#include "disasm.h"
Also listed in: Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Flash Decompiler Trillix
Rating: 0.0 (0 votes)
Author: Eltima Software                        
Website: http://www.eltima.com/products/flashdecompiler/
Current version: 5.3.1370
Last updated: October 17, 2011
Direct D/L link: http://www.eltima.com/download/flash_decompiler.exe
License type: Shareware
Description: Flash Decompiler Trillix is a feature rich and powerful SWF to FLA converter, which will help you decompile Flash movies, convert SWF elements into multiple formats and edit SWF files (texts, hyperlinks and more) on the go without Adobe Flash installed. Since version 4.X you can also convert Flex files back into Flex projects in case your SWF files were built in Flex!

Moreover, you will be able to extract all elements from SWF files and save them to your hard drive in various formats.
Flash Decompiler is the only decompiler that supports Flash versions up to CS 5.5 (with TLF texts) and Flex!

And last, but not least, is that Flash Decompiler supports batch conversion mode. You can simply leave several files to be converted and go have a cup of coffee while Flash Decompiler is working.

Flash Decompiler doesn't decompile Captivate projectors (EXE), projectors created outside of Adobe Flash.
Also listed in: Flash Decompilers, Flash Disassemblers, Flash Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Flasm
Rating: 0.0 (0 votes)
Author: Igor Kogan                        
Website: http://nowrap.de/flasm.html
Current version: 1.62
Last updated: June 15, 2007
Direct D/L link: http://nowrap.de/flasm.html/#download
License type: Freeware, Open Source
Description: Flasm is a free command line assembler/disassembler of Flash ActionScript bytecode. It lets you make changes to any SWF. Flasm fully supports SWFs produced by Macromedia Flash 8 and earlier Flash versions.

Flasm disassembles your entire SWF including all the timelines and events. Looking at disassembly, you learn how the Flash compiler works, which improves your ActionScript skills. You can also do some optimizations on the disassembled code by hand or adjust the code as you wish. Flasm then applies your changes to the original SWF, replacing original actions.

It's also possible to embed Flasm actions in your ActionScript, making optimizing of large projects more comfortable.

Flasm is not a decompiler. What you get is the human readable representation of SWF bytecodes, not ActionScript source. If you're looking for a decompiler, Flare may suit your needs. However, Flare can't alter the SWF.
Also listed in: Flash Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: HT Editor
Rating: 0.0 (0 votes)
Author: Stefan Weyergraf (steveman), Sebastian Biallas (seppel)                        
Website: http://hte.sourceforge.net/
Current version: 2.0.21
Last updated: November 20, 2012
Direct D/L link: http://hte.sourceforge.net/downloads.html
License type: GPL2
Description: General features

Supported file formats
common object file format (COFF/XCOFF32)
- header
- image with code/data analyser (x86)

executable and linkable format (ELF)
- header
- section headers
- program headers
- symbol tables
- image with code/data analyser (x86, AMD64, IA-64, Alpha, PowerPC, ARM) and relocations

linear executables (LE)
- header
- VxD descriptor
- object table
- page table
- image with code/data analyser (x86)
- auto-relocation layer (only internal refs for now)

standard dos executables (MZ)
- header
- relocations
- image (disassembly only)

new executables (NE)
- header
- segments
- names
- entrypoints
- image with code/data analyser (x86)
- auto-relocation layer (pretty complete)

portable executables (PE32, PE64)
- header
- import section
- delay-import section
- export section
- resources
- image with code/data analyser (x86, AMD64, PowerPC, IA-64, Alpha, ARM)
- preliminary support for .net executables

java class files (CLASS)
- header
- image with code/data analyser (java bytecode disassembler)

Mach exe/link format (MachO)
- header
- image with code/data analyser (x86, AMD64, PowerPC, ARM)

X-Box executable (XBE)
- header
- imports
- image with code/data analyser (x86)

Flat (FLT)
- header
- image with data analyser (no disassembler yet)

PowerPC executable format (PEF)
- header
- imports - image with code/data analyser (PowerPC)

Still some to be implemented (M$-OBJ, ARCH, LX)

Code & Data Analyser
- finds branch sources and destinations recursively
- finds procedure entries
- creates labels based on this information
- creates xref information
- allows to interactively analyse unexplored code (press 'c')
- allows to create/rename/delete labels (press 'n')
- allows to create/edit comments (press '#')

Target systems
- DJGPP
- GNU/Linux
- FreeBSD
- Win32
Also listed in: Linux Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hacker Disassembler Engine (HDE)
Rating: 0.0 (0 votes)
Author: Veacheslav Patkov                        
Website: http://patkov-site.narod.ru
Current version: 0.28
Last updated: March 09, 2009
Direct D/L link: http://patkov-site.narod.ru/download/hde32-0.28.tar.gz
License type: Free
Description: This is small disassembler engine intended to x86-32 code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode, immediate value, displacement, etc. For example, you can use HDE when writing unpackers, decryptors, viruses of executable files. HDE package include compiled object files in difference formats, header files and assembler source.

* Supports FPU, MMX, SSE, SSE2, SSE3, 3DNow! instructions
* High speed and small size (~ 1.5 kb)
* Position and OS independent code
* Compatibility with a most coding languages
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hackman Suite
Rating: 0.0 (0 votes)
Author: TechnoLogismiki                        
Website: http://www.technologismiki.com/prod.php?id=31
Current version: 9.1
Last updated: March 2010
Direct D/L link: N/A
License type: Shareware
Description: Description
Hackman Suite is a multi-module all purpose debugging tool. It includes a hex editor, a disassembler, a template editor, a hex calculator and other everyday useful tools to assist programmers and code testers with the most common tasks.

The Editor
With Hackman Hex Editor you can edit any type of file in your hard disk, even your hard disk itself or a process in memory. Data are presented in 6 different ways (modes): ASCII, Hex, Binary, Octal, Decimal and Custom mode. The editor comes with unlimited undo/redo with undo/redo lists, full clipboard control: cut, copy, paste, paste special, clear clipboard, highly sophisticated find and replace, unlimited watches and bookmarks and numerous conversion modes, including Java, C++, VB, ASCII, text and more.
You can always use the Patch Maker, the MS-DOS Executable Maker, Merger/Splitter and Checksums (CRC16/32, MD5, SHA1 and more) to check and / or manipulate files. Embedded cryptographic capabilities (Skipjack, NSA, RCA algorithms), support for macros, inline command bar, numerous plugins and external tools, configurable toolbar, shortcuts and menus, multilingual interface and online help consist a part of the features list.

The Disassembler
Hackman Disassembler 9.0 is an ultra fast multi processor disassembler, capable of disassembling code at a rate of 250 Kb/sec (PIII/900 MHz). The opcodes cover all x86 Intel and AMD architecture, starting at 8086 and ending at 3DNow! and Pentium 4 specific instructions. With Hackman Disassembler you have a multi-disassembling suite integrated into one program with a handy interface. Opcode sets are available for Intel 8086/80286/80386/80486 (*), Intel Pentium/Pro/MMX/II/III/P4 (*), AMD 3DNow! (*), 1802 (*), 6502/6510/8500/8502, 65816, 65C02/65SC02, 65CE02, Motorola 6800/6802/6808 (*), Motorola 6801/6803 (*), Motorola 6805/146805 (*), Hitachi 6809/6309, 8085, Zilog Z80, Gameboy CPU, Java Bytecode. Asterisk (*) denotes detailed online help availability.

The Template Editor
Hackman Template Editor is an ultra fast editor based on multi-format templates. The templates can be either simple structures or complicated layered formats. With Hackman Template Editor you have a powerful template based multipurpose editor integrated into one program with a handy interface.
Supported Formats are Characters, Hex, Binary, Octal, Decimal, 8, 16, 32 and 64 bit signed and unsigned numbers, Floating numbers, DOS and UNIX Date/Time among others. You can edit both files or disks (physical, logical, compact flash, smart media, etc) and of course you can construct your own templates to match your needs.

The Calculator
Hackman Calculator is a versatile scientific calculator that can operate in any mode (decimal, hex, binary and octal) up to 1024 bits. It is able to perform both signed and unsigned operations. From simple arithmetics to advanced logical or boolean operations, Hackman Calculator can provide you with fast and accurate results up to 1024 bits.

The Bundled Utilities
Hackman INI Editor is developed by Innovation Systems as an extension for Hackman Hex Editor. You can edit INI and INF files with the ease of a few clicks!
Hackman DIZ Editor is developed by Innovation Systems as an extension for Hackman Hex Editor. You can edit DIZ files which you can include in your distribution zip files.
Hackman Autorun Generator is developed by Innovation Systems as an extension for Hackman Hex Editor. You can create autorun.inf files that you can distribute in your application's CD-Rom.
Other tools include MP3 Tag Editor, Version Changer, Date Changer and more!
Also listed in: Hex Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ILSpy
Rating: 0.0 (0 votes)
Author: David Srbecky                        
Website: http://wiki.sharpdevelop.net/ILSpy.ashx
Current version: 1.0.0.729
Last updated: April 12, 2011
Direct D/L link: http://build.sharpdevelop.net/BuildArtefacts/#ILSpy
License type: Open-source
Description: ILSpy is the open-source .NET assembly browser and decompiler.

Development started after Red Gate announced that the free version of .NET Reflector would cease to exist by end of February 2011.

ILSpy Features:

Assembly browsing
IL Disassembly
Decompilation to C#
Supports lambdas and 'yield return'
Saving of resources
Search for types/methods/properties (substring)
Hyperlink-based type/method/property navigation
Base/Derived types navigation
Navigation history
BAML to XAML decompiler
Save Assembly as C# Project
Find usage of field/method
Extensibile via plugins (MEF)
Also listed in: .NET Decompilers, .NET Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: jclasslib
Rating: 0.0 (0 votes)
Author: ej-technologies                        
Website: http://www.ej-technologies.com/products/jclasslib/overview.html
Current version: 3.0
Last updated: January 14, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: jclasslib bytecode viewer is a tool that visualizes all aspects of compiled Java class files and the contained bytecode. In addition, it contains a library that enables developers to read, modify and write Java class files and bytecode.
Also listed in: Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: libdisasm
Rating: 0.0 (0 votes)
Author: mammon_, ReZiDeNt, The Grugq, MO_K, a_p, fbj                        
Website: http://bastard.sourceforge.net/libdisasm.html
Current version: 0.23
Last updated: January 16, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: x86 Disassembler Library

The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler which can be called from any application; the disassembly can be produced in AT&T syntax and Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.

This disassembler is derived from libi386.so in the bastard project; as such it is x86 specific and will not be expanded to include other CPU architectures. Releases for libdisasm are generated automatically alongside releases of the bastard; it is not a standalone project, though it is a standalone library.

The recent spate of objdump output analyzers has proven that many of the people [not necessarily programmers] interested in writing disassemblers have little knowledge of, or interest in, C programming; as a result, these "disassemblers" have been written in Perl. In order to address this audience, a HOWTO has been provided which demonstrates how to use the libdisasm opcode tables to implement a true disassembler using Perl.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: lida
Rating: 0.0 (0 votes)
Author: Mario Schallner                        
Website: http://lida.sourceforge.net
Current version: 00.03.00
Last updated: December 5, 2004
Direct D/L link: N/A
License type: Free / Open Source
Description: lida is basically a disassembler and code analysis tool. It uses the bastards libdisasm for single opcode decoding (see http://bastard.sourceforge.net/libdisasm.html). It allows interactive control over the generated deadlisting via commands and builtin tools.


Short Overview of (planned) features:

* ELF, RAW file disassembly (generating stringtable, symboltable, crossreferences, ... )
* trace execution flow of binary
* work with symbolic names: interactive naming of functions, labels, commenting of code
* scan for known anti-debugging, anti-disassembling techniques
* scan for user defined code sequences
* integrated patcher
* integrated cryptoanalyzer
* handy ("intelligent") browsing
* openssl support (customizeable "init values", apply to programs datablocks)


Why lida?

The project lida was initiated because of the lack of handy reverse engineering software for linux. Therefore it is designed to (and should) fit several needs of some typical reverse-engineering sessions.
lida addresses people who like to work on deadlistings, and should be especially useful for people with previous experience in windows reverse engineering. lida should be a good "entry point" for examining the "new targets".
A typical use is to run it while debugging your program and comment the deadlisting / name functions with the information gathered.

So basically it is a disassembler. Why another one? :)

Many disassemblers out there use the output of objdump - lida tries a more serious approach. The several limitations of objdump (see 3.1) are broken by using libdisasm (thx to HCUNIX!), and by tracing the execution flow of the program.
Further, by having the control over the disassembly - more features can be included. Everybody who has already worked on some deadlisting will immediate feel a need to work interactive with the code - and be able to change it.
Therefore lida will have an integrated patcher, resolves symbolic names, provides the ability to comment the code, serves efficient browsing methods, ...
The more exotic features of lida should be on the analysis side. The code can be scanned for custom sequences, known antidebugging techniques, known encryption algorithms, ... also you will be able to directly work with the programs data and for example pass it to several customizable en-/decryption routines.
This of course only makes limited sense as it is not a debugger. Tough often I really missed this functionality.
Also listed in: Linux Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: mlde32
Rating: 0.0 (0 votes)
Author: uNdErX                        
Website: http://vx.netlux.org/vx.php?id=em24
Current version:
Last updated: January 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Micro Length-Disassembler Engine 32 (mlde32), is a length-disassembler engine, i.e. a piece of code that allows u to know the length of any x86 instruction. The mlde32 engine supports the ordinary 386 opcode set, plus the extensions: fpu, mmx, cmov, sse, sse2 etc...

It's usage is very simple here's the prototype:

int __cdecl mlde32(void *codeptr);
where:
codeptr -> is a pointer to the opcode that u want to know the size.

if you have any problem using the engine, just take look in some examples at the /examples (nothing more obvious). That's a very simple and powerful engine,and does not require too much system resources either,just 160 bytes of stack space is needed. This engine is only code, and no fixed offsets were used so it can be permutaded/perverted at your own will.

Engine was released in 29A#7 magazine. The size of the engine is 431 byte.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: mmBBQ
Rating: 0.0 (0 votes)
Author: Michael Willigens, Rene Laemmert                        
Website: http://web.archive.org/web/20150507114635/http://duschkumpane.org/index.php/mmbbq
Current version: 3.1.0RC1
Last updated: October 16, 2014
Direct D/L link: http://hellgateaus.info/files/mmbbq_3.1.0_RC1.zip
License type: public domain, closed source
Description: mmBBQ injects an interactive codecaving Lua API into a win32 process. It is easy to use, there are no dependencies and only little knowledge is required. It was initially built to create APIs for MMORPGs. However it is fully generic and can attach to any kind of program. It can also inject into many protected processes, as it's meant to bypass some protective mechanisms. It offers debugging functionality, but not being a debugger itself makes it harder to detect.

It's easy to place any form of generic codecaves by using plain Lua code (LuaJIT C-Types). For Example:
codecave.inject(nil, getProcAddress("user32", "GetMessageA"), function(context) print("Hellow World Codecave") end)

It can also call arbitrary functions of the host process:
asmcall.cdecl(getProcAddress("user32", "MessageBoxA"), 0, "Hello World!", "Title", 0)

Aside that it includes a debugging and disassembly module, that can be used to script breakpoints. This can be useful when making packed .exe extractors etc.


64 bit support is underway. And further future maybe also a Linux and Mac version.
Also listed in: Code Injection Tools, Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Nemo 440
Rating: 0.0 (0 votes)
Author: Vadim Melnik                        
Website: http://www.docsultant.com/nemo440
Current version: 1.0.5
Last updated: January 21, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Advanced ActionScript 3/ABC2/Flex 2/Flex 3/Flex 4/AIR disassembler.

To continue learning Flex/AIR, to better understand how Flash engine and undocumented Flex classes works, and for fun, Nemo 440 tool has been created. It's free ABC code diassembler implemented as AIR-based application. This is my first experience with AIR platform. Nemo 440 can read SWF files compiled with Flex 2/Flex 3/Flex 4 and translates ActionScript 3 byte code to more understandable text dump. Actually similar tool was created year or so before by other people, I only added minor changes and started connecting these ideas with user interface.

There are good programs like Flare and Flasm tools from Igor Kogan. Unfortunately with ActionScript 3/Flash 9/Flex 2 it doesn't work anymore.

With Flex 3 Adobe provides Java "swfutils.jar" tool to disassemble SWF content. Gordon Smith published good article describing this functionality: Disassembling a SWF with swfdump . Interesting fact that for early Flex 2 builds (around alpha version), we used similar tool located in "swfkit.jar", but it had problem with parsing runtime and for 30% of classes in other libraries. With Flex 2 Beta version it started to work worse. Sounds like now Adobe again reborned this tool. Hope it will work well in future.

Nemo 440 is free tool, USE IT AT YOUR OWN RISK, NO WARRANTIES ARE EXTENDED. It is not going to be commercial product in future. Ideally it would be nice to get something like Lutz Roeder's Reflector for .NET, disassembler, decompiler and more in one box, but for Flex. At this moment I am completely busy and probably won't do any good progress in these fields...

Nemo 440 can load files from URL via HTTP or from disk ("Open URL..."/"Open File..." commands accordingly). Supported binary formats are:

* Uncompressed SWF (*.swf),
* Compressed SWF (*.swf),
* ActionScript library (*.swc),
* Raw ABC2 byte code (*.abc).
Also listed in: Flash Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: opdis
Rating: 0.0 (0 votes)
Author: mkfs                        
Website: http://community.thoughtgang.org/content/opdis
Current version: 1.0.1
Last updated: April 19, 2010
Direct D/L link: http://github.com/downloads/mkfs/mkfs.github.com/opdis-1.0.1.tar.gz
License type: GPL
Description: Opdis is a wrapper for the libopcodes disassembler library distributed as part of GNU binutils. It extends the libopcodes library by offering linear and control-flow disassembly algorithms, instruction and operand objects that are suitable for analysis, and a command-line utility to perform disassembly on arbitrary locations in a file.

The Opdis project consists of the libopdis library and the opdis command-line utility.
Also listed in: Disassembler Libraries, X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PEBrowse Professional
Rating: 0.0 (0 votes)
Author: SmidgeonSoft                        
Website: http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
Current version: 10.1.5
Last updated: April 14, 2011
Direct D/L link: http://www.smidgeonsoft.com/download/PEBrowseV10_1_5.zip
License type: Free
Description: PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows XP, Windows 2000, and others. (We have received reports that the software also works on other OSes, including Wine (!) and Windows CE.)

With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using PEBrowse. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu.

While the binary dump display offers various display options, e.g., BYTE, WORD, or DWORD alignment, the greatest value of PEBrowse comes when one disassembles an entry-point. An entry-point in PEBrowse is defined as:

* Module entry-point
* Exports (if any)
* Debug-symbols (if a valid PDB, i.e., program database file, is present)
* Imported API references
* Relocation addresses
* Internal functions/subroutines
* Any valid address inside of the module

Selecting and disassembling any number of these entry-points produces a versatile display rich in detail including upper/lowercase display, C/Pascal/Assembler suffix/prefixing, object code, color-coded statements, register usage highlighting, and jump/call target preview popups. Additional information, such as variable and function names, will also be present if one has access to a valid PDB file. Disassembly comes in two flavors: linear sweep (sequential disassembly from a starting address) and recursive traversal, aka, analysis mode (disassembly of all statements reachable by non-call statements - extended analysis disassembles all internal call statements as well). The latter mode also presents local variables with cross-referencing, highlighting, and renaming options. If one adds/changes variable name or adds comments to specific lines, these can be displayed in a session file which will record and save all currently opened displays.

PEBrowse Professional will decompile type library information either embedded inside of the binary as the resource "TYPELIB" or inside of individual type libraries, i.e., .TLB or .OLB files.

PEBrowse Professional also displays all metadata for .NET assemblies and displays IL (Intermediate Language) for .NET methods. It seamlessly handles mixed assemblies, i.e., those that contain both native and managed code.

Finally, PEBrowse can be employed as a file browse utility for any type of file with the restriction that the file must be small enough that it can be memory-mapped.
Also listed in: .NET Disassemblers, .NET Tools, COM Tools, Delphi Tools, Exe Analyzers, Memory Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: pev
Rating: 0.0 (0 votes)
Author: Fernando Mercês, Jardel Weyrich                        
Website: http://pev.sf.net
Current version: 0.70
Last updated: December 27, 2013
Direct D/L link: http://sourceforge.net/projects/pev/files/pev-0.70/pev-0.70-win32.zip/download
License type: Open Source (GPLv3)
Description: pev is a free and open source multi-platform PE file analysis toolkit,
that provide the following tools:

* pehash - calculate PE file hashes
* pedis - PE disassembler
* pepack - packer detector
* peres - view and extract PE file resources
* pescan - search for suspicious things in PE files, including TLS callbacks
* pesec - check security features and certificates in PE files
* pestr - search for unicode and ascii strings in PE files
* readpe - show PE file headers, sections and more
* rva2ofs - convert RVA to raw file offsets
* ofs2rva - convert raw file offsets to RVA

Features include:

* Based on own PE library, called libpe
* Support for PE32 and PE32+ (64-bit) files
* Formatted output in text and CSV (other formats in development)
* pesec: check security features in PE files, extract certificates and more
* readpe: parse PE headers, sections, imports and exports
* pescan: detect TLS callback functions, DOS stub modification,
suspicious sections and more
* pedis: disassembly a PE file section or function with support for
Intel and AT&T syntax
* Include tools to convert RVA from file offset and vice-versa
* pehash: calculate PE file hashes
* pepack: detect if an executable is packed or not
* pestr: search for hardcoded Unicode and ASCII strings simultaneously
in PE files
* peres: show and extract PE file resources
Also listed in: Entropy Analyzers, Exe Analyzers, Malware Analysis Tools, Packer Identifiers, String Finders
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Pokas x86 Emulator for Generic Unpacking
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://sourceforge.net/projects/x86emu/
Current version: 1.2.0 and 1.21 visual C++
Last updated: December 28, 2012
Direct D/L link: http://sourceforge.net/projects/x86emu/files/1.2.0/x86emu-1.2.rar/download
License type: GPL
Description: Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon with the help of your feedback.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, OEP Finders, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RABCDAsm
Rating: 0.0 (0 votes)
Author: Vladimir Panteleev                        
Website: https://github.com/CyberShadow/RABCDAsm
Current version: 1.8
Last updated: July 6, 2011
Direct D/L link: https://github.com/downloads/CyberShadow/RABCDAsm/RABCDAsm_v1.8.7z
License type: GPLv3
Description: RABCDAsm is a collection of utilities including an ActionScript 3 assembler/disassembler, and a few tools to manipulate SWF files.

This package was created due to lack of similar software out there. Particularly, I needed an utility which would allow me to edit ActionScript 3 bytecode with the following properties:
1. Speed. Less waiting means more productivity. rabcasm can assemble large projects (>200000 LOC) in under a second on modern machines.
2. Comfortably-editable output. Each class is decompiled to its own file, with files arranged in subdirectories representing the package hierarchy. Class files are #included from the main file.
3. Most importantly - robustness! If the Adobe AVM can load and run the file, then it must be editable - no matter if the file is obfuscated or otherwise mutilated to prevent reverse-engineering. RABCDAsm achieves this by using a textual representation closer to the ABC file format, rather than to what an ActionScript compiler would generate.
Also listed in: Flash Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RIMJava
Rating: 0.0 (0 votes)
Author: Hex                        
Website: http://www.woodmann.com/forum/showthread.php?t=9685&page=2
Current version:
Last updated: November 29, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: IDA loader for Blackberry executables, including literals deobfuscation.
Also listed in: BlackBerry Tools, Mobile Platform Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Relyze
Rating: 0.0 (0 votes)
Author: Relyze Software Limited                        
Website: https://www.relyze.com
Current version: 1.1.0
Last updated: June 17, 2015
Direct D/L link: N/A
License type: Commercial
Description: Relyze is an interactive software analysis application that allows the disassembling and analysis of native x86 and x64 Windows software. It presents the results of the analysis using several different views.

* Overview - The overview presents general information about the file being analysed and includes such things as embedded file version metadata, file hash values as well as information about the analysis such as the duration and the amount of code and data analysed. An interactive entropy graph is displayed to visualize the files data.

* Structure view - The Structure view displays the parsed file format of the executable file being analysed. An interactive hex viewer displays the raw bytes that compose the file format.

* Code view - The Code view displays the disassembly of the executable's files code. The disassembly is viewed through interactive graphs which represent the control flow of the disassembled functions. The user can navigate the code and annotate the results of the analysis by adding comments or renaming variables. Interactive reference graphs can be generated to visualize what code or data references other code or data.

* Diff view - The Diff view displays the results of performing a differential analysis against a second executable file in order to visually observe the changes between the two executable's at a function level. A list of all equal, modified, removed and added functions will be displayed along with a split graph view, allowing the user to see a side by side comparison of two modified functions.

Relyze supports analyzing the Portable Executable (PE) file format for either the x86 or x64 architecture. It can load debug symbol information from PDB, embedded COFF and MAP files. Relyze offers plugin support through an embedded Ruby interpreter which exposes an API allowing a user to interact with the application and access the results of the analysis.
Also listed in: Binary Diff Tools, Executable Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Security Research and Development Framework
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://blog.amrthabet.co.cc
Current version: v 1.00
Last updated: November 25, 2012
Direct D/L link: http://code.google.com/p/srdf
License type: GPL v.2
Description: Do you see writing a security tool in windows is hard?
Do you have a great idea but you can’t implement it?
Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?
So, Security Research and Development Framework is for you.


Abstract:

This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

· Assembler and Disassembler
· x86 Emulator
· Debugger
· PE Analyzer
· Process Analyzer (Loaded DLLs, Memory Maps … etc)
· MD5, SSDeep and Wildlist Scanner (YARA)
· API Hooker and Process Injection
· Backend Database, XML Serializer
· And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

· Object-oriented and easy to use development framework
· Easy IRP dispatching mechanism
· SSDT Hooker
· Layered Devices Filtering
· TDI Firewall
· File and Registry Manager
· Kernel Mode easy to use internet sockets
· Filesystem Filter

Still the Kernel-Mode in progress and many features will be added in the near future.

Source Code: http://code.google.com/p/srdf
Facebook Page: http://www.facebook.com/SecDevelop

JOIN US ... just mail me at: amr.thabet[at]student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debugger Libraries, Debuggers, Disassembler Libraries, Driver & IRP Monitoring Tools, Exe Analyzers, Kernel Filter Monitoring Tools, Kernel Tools, Low-level Development Libraries, Malware Analysis Tools, Programming Libraries, Reverse Engineering Frameworks, X64 Disassembler Libraries, X86 Disassembler Libraries, X86 Emulators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Sourcer
Rating: 0.0 (0 votes)
Author: V Communications                        
Website: N/A
Current version: 8.0
Last updated: 2001
Direct D/L link: Locally archived copy
License type: Commercial (abandonware)
Description: Sourcer was a popular "commenting disassembler" back in the DOS day, trying to help your disassembling by adding informational comments to the disassembly.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysDasm
Rating: 0.0 (0 votes)
Author: Kayaker                        
Website: http://rootkit.com/newsread.php?newsid=208
Current version:
Last updated: October 26, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Full-Text Disassembler DLL Export Module for Kernel Mode

I use the source code of NDISASM, the Netwide Disassembler portion of NASM, compiled into a user mode DLL, for use in various reversing projects that incorporate a disassembler component. Recently I decided to recompile the code into a *kernel mode* DLL, to see what use might be made of it in a driver context. The result may be of interest to some, perhaps as a self contained full-text disassembly module for testing or development (i.e. "playing"), or simply as an example of creating and using kernel mode export drivers.

The full-text disassembly module, SysDasm.sys, is created with a single export, which acts as a wrapper around the NDISASM internal disasm routine. This export-only driver is loaded from another driver, either by linking to it explicitly, or by loading it with ZwSetSystemInformation using the SystemLoadImage class.

In this type of export module, the DriverEntry routine is never called but exists so the file is compiled correctly as a .sys driver. If you want to design such a Kernel Mode DLL with functional entry/exit routines, you can add PRIVATE exports declared as DllInitialize/DllUnload. For more on this see for example
DLLs in Kernel Mode by Tim Roberts
http://www.wd-3.com/archive/KernelDlls.htm

The easiest way to use such a kernel mode DLL is to include its .LIB file when compiling the driver which will communicate with it, and to declare the functions you want to import with EXTERN_C DECLSPEC_IMPORT. When the driver is loaded by the system, this second module is loaded as a required kernel DLL and the functions can then be called directly by name. The DLL is unloaded by the system when the driver closes.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: TatraDAS
Rating: 0.0 (0 votes)
Author: Ivan Kohút                        
Website: http://tatradas.sourceforge.net
Current version: 2.9.8
Last updated: December 27, 2007
Direct D/L link: N/A
License type: Free / Open Source
Description: TatraDAS is disassembler of x86 executables which supports PE, NE, MZ, COM, ELF and binary file formats. It includes disassembler, text viewer with syntax highlighting. After initial disassembling of input file you can redisassemble any part of code. Disassembled text can be saved as project and opened agein later, as a plain text or exported to NASM compilable files.

TatraDAS is written in Delphi/Object Pascal. It is distributed under GNU GPL in two versions:

* GUI version for Windows (all features)
* OS independent (source code) console version (only disassembling and saving)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Telerik JustDecompile
Rating: 0.0 (0 votes)
Author: Telerik                        
Website: http://www.telerik.com/
Current version: 2014.1.225.0
Last updated:
Direct D/L link: http://www.telerik.com/downloads/productfiles/bgkht/JustDecompile_2014.1.225.0.msi
License type: Developer Licence is Free
Description: An alternative to Reflector and IlSpy.
JustDecompile is .NET assembly browser and decompiler.

- Fast code navigation
- Create Visual Studio projects
- Extract resources from assemblies
- Easy assembly management
- Zip file distribution
- Visual Studio Extension - decompile referenced assemblies
- Visual Studio inline decompilation (through JustCode)
- Command line support
- Integrate with Windows Explorer Context Menu
- SL XAP decompilation from URL
- Open API (extensible)
- Edit assemblies with Reflexil
- Deobfuscate with de4dot
- C#5 (WinRT) support
- APPX and WinMD support
Also listed in: .NET Decompilers, .NET Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Udis86
Rating: 0.0 (0 votes)
Author: Vivek Mohan                        
Website: http://udis86.sourceforge.net
Current version: 1.7
Last updated: June 6, 2008
Direct D/L link: N/A
License type: Free / Open Source
Description: Udis86 is an easy-to-use minimalistic disassembler library (libudis86) for the x86 and AMD64 (x86-64) range of instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis.

1. Full support for the x86 and x86-64 (AMD64) range of instruction set architectures.
2. Full support for all AMD-V, INTEL-VMX, MMX, SSE, SSE2, SSE3, FPU(x87), and AMD 3Dnow! instructions.
3. Supports 16bit, 32bit, and 64bit disassembly modes.
4. Generates output in AT&T or INTEL assembler language syntaxes.
5. Supports flexbile input methods: File, Buffer, and Hooks.
6. Thread-safe and Reentrant.
7. Clean and very easy-to-use API.
8. Builds on *nix systems, Win32, DJGPP (new), Standalone, etc.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VBReFormer
Rating: 0.0 (0 votes)
Author: Sylvain Bruyere                        
Website: http://www.decompiler-vb.net/
Current version: v6.2 Free Edition
Last updated: November 3, 2014
Direct D/L link: http://download.decompiler-vb.net/setup_free.exe
License type: Shareware
Description: VBReFormer Free Edition is a limited edition of VBReFormer Professional Edition, a powerful set of recovery tools for Visual Basic 5 & 6 application.

Decompiler, disassembler, and design editor at the same time, VBReFormer is a must-have tool for companies and professionals who work with version 5 & 6 of Visual Basic.

VBReFormer disassemble all functions and methods in forms, controls, classes, and modules of Visual Basic application and try to recover the most complete Visual Basic source code than possible (if compiled with the native code option).

Furthermore, thanks to its integrated decompilation engine, VBReFormer perfoms a native decompilation from Native code to Visual Basic code, in the fullest extent possible.

Note: VBReFormer is not able to disassemble P-Code applications at the moment.

VBReFormer recovers UI meta information and resources of Visual Basic 5 & 6 application (forms, usercontrols, designers, pictures, etc.) and extracts these information into a Visual Basic project.

Even better, the integrated design editor of VBReFormer succeeds where others resources editors fail with Visual Basic applications with its ability to edit UI design of Visual Basic applications in a simple and easy way with no limitation of size, and with no need to recompile the application, working directly on its binary.
Also listed in: Decompilers, PE Executable Editors, Resource Editors, Visual Basic Decompilers, Visual Basic Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VirtualBox Disassembler Library
Rating: 0.0 (0 votes)
Author: OHPen                        
Website: http://www.woodmann.com/forum/showthread.php?t=11904
Current version:
Last updated: July 15, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Because I needed a good disassembler for my projects I check different distributions in the internet. Most of them are homebrew and the support, or let's better say MAINTAINANCE is in most cases not the best.

I really hate it if use a component and realize that there is a bug and the releaser of the component is not able to fix it or sometimes has no real interest in fixing it. That sucks.

That's why I focused on a disassembler which is well maintained and last but not least a good one.

During my search I stumbled over VirtualBox, which is an similar SUN implementation of VMWare's Workstation. The difference is that VirtualBox comes with source, or at least you can download the source (http://www.sun.com/software/products/virtualbox/get.jsp).

I thought that they'd pretty sure have to have an working disassembler inside there virtual machine and bingo... they have.
The problem was that the disassembler was not contained in form of a library, it was simply integrated in the source.

It took me about 2 hours to extract the needed source parts out of virtualbox and built a project for a library for it.

I now use it for my projects and it is very useful for me.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: vivisect
Rating: 0.0 (0 votes)
Author:                         
Website: http://visi.kenshoto.com/
Current version:
Last updated: August 6, 2012
Direct D/L link: Locally archived copy
License type:
Description: Vivisect is a Python static-analysis framework.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: W32Dasm 8.94 Full
Rating: 0.0 (0 votes)
Author: URSoft                        
Website: http://N/A
Current version: 8.94
Last updated: March 9, 2002
Direct D/L link: Locally archived copy
License type: Retail/abandonware
Description: W32DASM is a program disassembler designed for educational purposes. It provides you with the possibility to take a look at the code of any application, thus giving you some insight into the world of programming.

It includes save, print and search functions and bundles an easy-to-use 32-bit program debugger. Other abilities consist of full cross referencing for Call / Jump instructions, functions for importing and exporting and a hex utility.

There is no installation process, so your efforts are reduced to simply launching an executable file. The user interface has a rather basic appearance, but simplicity in terms of look is what makes it intuitive and easy-to-use.

There’s nothing complicated about the program’s usage: just load the file of interest, disassemble it and use the additional functions that the application offers. Once you open a project, you might be struck by the strange looking font. Make sure to switch to another one in the Disassembler menu by checking with the font sample.

You are going to love W32DASM if you're a fan of reverse engineering (start with the ending and work through the beginning). What can you do with it? For example, you can create a key generator.

In addition, the application takes up minimum CPU and memory resources, so the costs involve only your attention. Possibilities to learn about code are endless with this application.

So, if you want to get the true programmer experience and “time travel to low-level programming”, then use W32DASM with confidence.
Also listed in: Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Whiskey Kon Tequilla VB P-Code Debugger
Rating: 0.0 (0 votes)
Author: WKT Team                        
Website: N/A
Current version: 1.3e
Last updated: Around 2001
Direct D/L link: Locally archived copy
License type: Free
Description: Also known as "WKT Debugger".

At the time it showed up, the one and only P-Code disassembler / debugger mankind was able to use.

Before it, debugging of the P-Code (Runtime interpreted Pseudo-VB code) with ordinary disassemblers / debuggers was really pain in your neck. This one saved me a lot of time, and probably helped postpone my deportation to the psychiatric research facility.
Also listed in: Visual Basic Debuggers, Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 4 subcategories to this category.





Views
Category Navigation Tree
   Needs New Category  (3)