From Collaborative RCE Tool Library

Disassemblers

Tool name:	IDA Pro	Currently5/5 1 2 3 4 5 Rating: 5.0 (3 votes)
Author:	Ilfak Guilfanov
Website:	http://www.hex-rays.com/idapro
Current version:	5.2
Last updated:	November 26, 2007
Direct D/L link:	N/A
License type:	Commercial
Description:	The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows or on Linux. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. There is also a free (crippled) version available (IDA Pro Free). See its own entry in the library for more info. As of January 7, 2007, the official IDA Pro website moved from the old URL (http://www.datarescue.com/idabase) to the one listed above.
Also listed in:	.NET Disassemblers, Linux Debuggers, Linux Disassemblers, Mobile Platform Debuggers, Mobile Platform Disassemblers, Ring 3 Debuggers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	IDA Pro Free	Currently4.3333333333333/5 1 2 3 4 5 Rating: 4.3 (3 votes)
Author:	DataRescue
Website:	http://www.datarescue.com/idabase/idadownfreeware.htm
Current version:	4.9
Last updated:	November 2, 2007
Direct D/L link:	http://tiarater.datarescue.be/freefiles/idafree49.exe
License type:	Free
Description:	This is the (crippled) freeware edition of the IDA Pro debugger (see its own entry in the library for more info). Differences from the commercial version is, among others: * No remote debugging * No Linux debugging (disassembling only) * No other OS support at all (Mac OSX, WinCE) * Only PE, COFF, OMF, ELF and Dos is supported (not NE) * No console version (idaw.exe) * No graphical view (5.0+) * Only x86 family processor module included (metapc) * No x64 support at all * Some FLIRT signatures are out-dated * Fewer included plugins * Difficulty identifying parameters in some cases (no PIT) * Buggy WINE support * Incompatible with plugins for commercial versions (plugins can be patched with another tool available in this library to work with the free version though!) The previous free version (4.3) is available at the following URL, if you for some reason wouldn't like the latest free version 4.9: http://www.datarescue.be/idafreeware/freeida43.exe
Also listed in:	Ring 3 Debuggers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	BeaEngine	Currently3/5 1 2 3 4 5 Rating: 3.0 (1 vote)
Author:	Beatrix2004
Website:	http://www.binary-reverser.org
Current version:	2.3
Last updated:	June 28, 2007
Direct D/L link:	http://binary-reverser.org/tools/BeaEngine/index.php
License type:	X11
Description:	(french) BeaEngine est une bibliothèque (library) que j’ai écrite en assembleur pour processeurs INTEL (avec masm32) qui permet de désassembler du code IA-32 ou EM64T en fournissant le mnémonic, le modrm, le sib, le regopcode et la taille de l’instruction. Cette bibliothèque est assez rapide et gère la totalité des opcodes INTEL. Cette lib est fournie avec les sources ainsi que quelques exemples d’utilisation. Elle est publiée sous licence X11.
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	BCEL	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	The Apache Jakarta Project
Website:	http://jakarta.apache.org/bcel
Current version:	5.2
Last updated:	June 6, 2006
Direct D/L link:	N/A
License type:	Free / Open Source
Description:	The Byte Code Engineering Library is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular. Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files. BCEL contains a byte code verifier named JustIce, which usually gives you much better information about what's wrong with your code than the standard JVM message. BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators, code generators and analysis tools. Unfortunately there hasn't been much development going on over the past few years.
Also listed in:	Java Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Bastard	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:
Website:	http://bastard.sourceforge.net
Current version:	0.16
Last updated:	2002
Direct D/L link:	N/A
License type:	Free / Open Source
Description:	The Bastard is a disassembler -- or, more appropriately, a disassembly environment. The idea is that you have an interpreter, much as you would in Perl or Python, which allows you to load files, disassemble them, dump the disassembly, write/run macros, and various other operations. The x86 instruction disassembler written for this project has been packaged seperately as libdisasm, and is intended to be used in other open source projects. This interpreter can be used interactively, it can be fed commands via STDIN [just like a scripting interpreter], and it can be communicated with via a pair of FIFOs. Now, on top of this any number of UI front ends can be stacked -- ncurses console front ends, Gtk X front-ends, Tk front ends, etc. It is the reponsibility of the front-ends to display the information obtained by querying the disassembler, supplying syntax highlighting, displaying strings, xrefs, etc; however the disassembler will retain all of this information, do all of the 'brute' processing, and will provide any of the information when requested. The bastard currently runs on x86 Linux and FreeBSD [CVS version]. It can disassemble x86 ELF, a.out, and PE files as well as flat binary files [.com, .bin].
Also listed in:	Linux Disassemblers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	diStorm64 x86-64 Disasm Lib	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Gil Dabah & Co.
Website:	http://www.ragestorm.net/distorm
Current version:	1.7.27
Last updated:	December 10, 2007
Direct D/L link:	http://www.ragestorm.net/distorm/dl.php?id=11
License type:	BSD license
Description:	Cross platform x86, x64, MMX, SSE, SSE2, SSE3, SSE4 and soon SSE5 support with open opcode database support (tools available, carefully examine the whole page, you're looking for disops.zip, at the moment available at http://www.ragestorm.net/distorm/dl.php?id=13) 'nough said.
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	DisasMSIL	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Daniel Pistelli
Website:	http://ntcore.com/Files/disasmsil.htm
Current version:	1.0
Last updated:	April 30, 2008
Direct D/L link:	http://ntcore.com/Files/disasmsil/DisasMSIL.zip
License type:	Free / Open source
Description:	DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any). Note: Don't rely on the ECMA specification (Partition III: Common Language Infrastructure), since it's incomplete. Some new opcodes were introduced with the .NET Framework 2.0.
Also listed in:	.NET Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Disasm32	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Russell Libby
Website:	http://users.adelphia.net/~rllibby/source.html
Current version:
Last updated:	March 1, 2004
Direct D/L link:	Locally archived copy
License type:	Free / Open Source
Description:	Delphi Disassembler Conversion of libdisasm 2.0. This is a Delphi conversion of the libdisasm project. The source code provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler class which can be called to disassemble instructions from memory. Disassembled information is in Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Fixed OllyDbg Disasm DLL	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	CondZero
Website:	http://arteam.accessroot.com/releases.html
Current version:	1.10
Last updated:	April 9, 2008
Direct D/L link:	Locally archived copy
License type:	Free
Description:	An improved and fixed version of the already known disasm library (released by Oleh, Olly's author and part of the Olly's disasm engine). A little tool might help for your tools. This package includes source code of 32-bit Disassembler and 32-bit single line Assembler for 80x86-compatible processors. The source is a slightly stripped/modified version of code used in OllyDbg v1.10 and is well proven by its numerous users. The disasm.dll has been built using VS2005 VC 8.0 (special note: I had to make a couple modifications for errors during compilation in the source). To include in your program, make sure the disasm.lib file is in your project folder and the resultant disasm.dll in your executable folder. Be sure to add this to your source code: #pragma hdrstop #include "disasm.h"
Also listed in:	Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Hacker Disassembler Engine (HDE)	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Veacheslav Patkov
Website:	N/A
Current version:	0.09
Last updated:	October 26, 2007
Direct D/L link:	Locally archived copy
License type:	Free
Description:	This is small disassembler engine intended to x86-32 code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode, immediate value, displacement, etc. For example, you can use HDE when writing unpackers, decryptors, viruses of executable files. HDE package include compiled object files in difference formats, header files and assembler source. * Supports FPU, MMX, SSE, SSE2, SSE3, 3DNow! instructions * High speed and small size (660 bytes) * Position and OS independent code * Compatibility with a most coding languages
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Hackman Suite	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	TechnoLogismiki
Website:	http://www.technologismiki.com/prod.php?id=31
Current version:	9.01
Last updated:	June 2007
Direct D/L link:	N/A
License type:	Shareware
Description:	Description Hackman Suite is a multi-module all purpose debugging tool. It includes a hex editor, a disassembler, a template editor, a hex calculator and other everyday useful tools to assist programmers and code testers with the most common tasks. The Editor With Hackman Hex Editor you can edit any type of file in your hard disk, even your hard disk itself or a process in memory. Data are presented in 6 different ways (modes): ASCII, Hex, Binary, Octal, Decimal and Custom mode. The editor comes with unlimited undo/redo with undo/redo lists, full clipboard control: cut, copy, paste, paste special, clear clipboard, highly sophisticated find and replace, unlimited watches and bookmarks and numerous conversion modes, including Java, C++, VB, ASCII, text and more. You can always use the Patch Maker, the MS-DOS Executable Maker, Merger/Splitter and Checksums (CRC16/32, MD5, SHA1 and more) to check and / or manipulate files. Embedded cryptographic capabilities (Skipjack, NSA, RCA algorithms), support for macros, inline command bar, numerous plugins and external tools, configurable toolbar, shortcuts and menus, multilingual interface and online help consist a part of the features list. The Disassembler Hackman Disassembler 9.0 is an ultra fast multi processor disassembler, capable of disassembling code at a rate of 250 Kb/sec (PIII/900 MHz). The opcodes cover all x86 Intel and AMD architecture, starting at 8086 and ending at 3DNow! and Pentium 4 specific instructions. With Hackman Disassembler you have a multi-disassembling suite integrated into one program with a handy interface. Opcode sets are available for Intel 8086/80286/80386/80486 (*), Intel Pentium/Pro/MMX/II/III/P4 (*), AMD 3DNow! (*), 1802 (*), 6502/6510/8500/8502, 65816, 65C02/65SC02, 65CE02, Motorola 6800/6802/6808 (*), Motorola 6801/6803 (*), Motorola 6805/146805 (*), Hitachi 6809/6309, 8085, Zilog Z80, Gameboy CPU, Java Bytecode. Asterisk (*) denotes detailed online help availability. The Template Editor Hackman Template Editor is an ultra fast editor based on multi-format templates. The templates can be either simple structures or complicated layered formats. With Hackman Template Editor you have a powerful template based multipurpose editor integrated into one program with a handy interface. Supported Formats are Characters, Hex, Binary, Octal, Decimal, 8, 16, 32 and 64 bit signed and unsigned numbers, Floating numbers, DOS and UNIX Date/Time among others. You can edit both files or disks (physical, logical, compact flash, smart media, etc) and of course you can construct your own templates to match your needs. The Calculator Hackman Calculator is a versatile scientific calculator that can operate in any mode (decimal, hex, binary and octal) up to 1024 bits. It is able to perform both signed and unsigned operations. From simple arithmetics to advanced logical or boolean operations, Hackman Calculator can provide you with fast and accurate results up to 1024 bits. The Bundled Utilities Hackman INI Editor is developed by Innovation Systems as an extension for Hackman Hex Editor. You can edit INI and INF files with the ease of a few clicks! Hackman DIZ Editor is developed by Innovation Systems as an extension for Hackman Hex Editor. You can edit DIZ files which you can include in your distribution zip files. Hackman Autorun Generator is developed by Innovation Systems as an extension for Hackman Hex Editor. You can create autorun.inf files that you can distribute in your application's CD-Rom. Other tools include MP3 Tag Editor, Version Changer, Date Changer and more!
Also listed in:	Hex Editors
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Hiew	Currently3/5 1 2 3 4 5 Rating: 3.0 (2 votes)
Author:	Eugene Suslikov
Website:	http://www.hiew.ru/
Current version:	7.50
Last updated:	February 6, 2008
Direct D/L link:	http://www.hiew.ru/files/hiew750.zip
License type:	Shareware
Description:	* view and edit files of any length in text, hex, and decode modes * x86-64 disassembler & assembler * physical & logical drive view & edit * support for NE, LE, LX, PE, PE32+ and little-endian ELF executable formats * support for Netware Loadable Modules like NLM, DSK, LAN,... * following direct call/jmp instructions in any executable file with one touch * pattern search in disassembler * built-in simple 64bit decrypt/crypt system * built-in powerful 64bit calculator * block operations: read, write, fill, copy, move, insert, delete, crypt * multifile search and replace * keyboard macros * unicode support * Hiew Extrenal Module (HEM) support
Also listed in:	Hex Editors, PE Executable Editors
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	libdisasm	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	mammon_, ReZiDeNt, The Grugq, MO_K, a_p, fbj
Website:	http://bastard.sourceforge.net/libdisasm.html
Current version:	0.23
Last updated:	January 16, 2008
Direct D/L link:	Locally archived copy
License type:	Free / Open Source
Description:	x86 Disassembler Library The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler which can be called from any application; the disassembly can be produced in AT&T syntax and Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information. This disassembler is derived from libi386.so in the bastard project; as such it is x86 specific and will not be expanded to include other CPU architectures. Releases for libdisasm are generated automatically alongside releases of the bastard; it is not a standalone project, though it is a standalone library. The recent spate of objdump output analyzers has proven that many of the people [not necessarily programmers] interested in writing disassemblers have little knowledge of, or interest in, C programming; as a result, these "disassemblers" have been written in Perl. In order to address this audience, a HOWTO has been provided which demonstrates how to use the libdisasm opcode tables to implement a true disassembler using Perl.
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	lida	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Mario Schallner
Website:	http://lida.sourceforge.net
Current version:	00.03.00
Last updated:	December 5, 2004
Direct D/L link:	N/A
License type:	Free / Open Source
Description:	lida is basically a disassembler and code analysis tool. It uses the bastards libdisasm for single opcode decoding (see http://bastard.sourceforge.net/libdisasm.html). It allows interactive control over the generated deadlisting via commands and builtin tools. Short Overview of (planned) features: * ELF, RAW file disassembly (generating stringtable, symboltable, crossreferences, ... ) * trace execution flow of binary * work with symbolic names: interactive naming of functions, labels, commenting of code * scan for known anti-debugging, anti-disassembling techniques * scan for user defined code sequences * integrated patcher * integrated cryptoanalyzer * handy ("intelligent") browsing * openssl support (customizeable "init values", apply to programs datablocks) Why lida? The project lida was initiated because of the lack of handy reverse engineering software for linux. Therefore it is designed to (and should) fit several needs of some typical reverse-engineering sessions. lida addresses people who like to work on deadlistings, and should be especially useful for people with previous experience in windows reverse engineering. lida should be a good "entry point" for examining the "new targets". A typical use is to run it while debugging your program and comment the deadlisting / name functions with the information gathered. So basically it is a disassembler. Why another one? :) Many disassemblers out there use the output of objdump - lida tries a more serious approach. The several limitations of objdump (see 3.1) are broken by using libdisasm (thx to HCUNIX!), and by tracing the execution flow of the program. Further, by having the control over the disassembly - more features can be included. Everybody who has already worked on some deadlisting will immediate feel a need to work interactive with the code - and be able to change it. Therefore lida will have an integrated patcher, resolves symbolic names, provides the ability to comment the code, serves efficient browsing methods, ... The more exotic features of lida should be on the analysis side. The code can be scanned for custom sequences, known antidebugging techniques, known encryption algorithms, ... also you will be able to directly work with the programs data and for example pass it to several customizable en-/decryption routines. This of course only makes limited sense as it is not a debugger. Tough often I really missed this functionality.
Also listed in:	Linux Disassemblers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	PE Explorer	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Heaventools Software
Website:	http://www.heaventools.com/overview.htm
Current version:	1.99 R2
Last updated:	August 19, 2007
Direct D/L link:	http://www.heaventools.com/download/pexsetup.zip
License type:	Shareware
Description:	PE Explorer provides powerful tools for disassembly and inspection of unknown binaries, modifying the properties of executable files and customizing and translating their resources. Use this product to do reverse engineering, analyze the procedures and libraries an executable uses. Features include: * Working with PE files - exe, dll, sys, drv, bpl, dpl, cpl, ocx and more. * The ability to open a broken or packed file in Safe mode. * Support for custom plug-ins to perform any startup processing. * Collecting the full information contained in the file header. * Checksum computing and modification. * Review and editing Data Directories. * Review of all the sections and info about their location and size. * Review of contents of section as Raw Data - up to 16 view windows. * Extracting and deleting sections. * Section header recalculation. * Section Editor to modify and repair the damaged section headers. * Resource Editor to view and modify almost any kind of resources. * Saving changes to disk as a new file image. * Full info on exported and imported functions. Review of contents of the base relocation table. * Quick Function Syntax Lookup. Syntax Description Editor. * Source code and package information analyzer. Dependency Scanner. * Built-in Disassembler. * Customize GUI elements of your favorite Windows programs * Special support for Delphi applications * Automatic UPX and Upack unpacking See multiple screenshots at: http://www.heaventools.com/scrshots.htm
Also listed in:	PE Executable Editors, Resource Editors
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	PEBrowse Professional	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	SmidgeonSoft
Website:	http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
Current version:	9.2.5
Last updated:	28 December, 2007
Direct D/L link:	http://www.smidgeonsoft.com/download/PEBrowse.zip
License type:	Free
Description:	PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows XP, Windows 2000, and others. (We have received reports that the software also works on other OSes, including Wine (!) and Windows CE.) With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using PEBrowse. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu. While the binary dump display offers various display options, e.g., BYTE, WORD, or DWORD alignment, the greatest value of PEBrowse comes when one disassembles an entry-point. An entry-point in PEBrowse is defined as: * Module entry-point * Exports (if any) * Debug-symbols (if a valid PDB, i.e., program database file, is present) * Imported API references * Relocation addresses * Internal functions/subroutines * Any valid address inside of the module Selecting and disassembling any number of these entry-points produces a versatile display rich in detail including upper/lowercase display, C/Pascal/Assembler suffix/prefixing, object code, color-coded statements, register usage highlighting, and jump/call target preview popups. Additional information, such as variable and function names, will also be present if one has access to a valid PDB file. Disassembly comes in two flavors: linear sweep (sequential disassembly from a starting address) and recursive traversal, aka, analysis mode (disassembly of all statements reachable by non-call statements - extended analysis disassembles all internal call statements as well). The latter mode also presents local variables with cross-referencing, highlighting, and renaming options. If one adds/changes variable name or adds comments to specific lines, these can be displayed in a session file which will record and save all currently opened displays. PEBrowse Professional will decompile type library information either embedded inside of the binary as the resource "TYPELIB" or inside of individual type libraries, i.e., .TLB or .OLB files. PEBrowse Professional also displays all metadata for .NET assemblies and displays IL (Intermediate Language) for .NET methods. It seamlessly handles mixed assemblies, i.e., those that contain both native and managed code. Finally, PEBrowse can be employed as a file browse utility for any type of file with the restriction that the file must be small enough that it can be memory-mapped.
Also listed in:	.NET Disassemblers, COM Tools, .NET Tools, Delphi Tools, Exe Analyzers, Memory Dumpers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Proview aka PVDasm	Currently4/5 1 2 3 4 5 Rating: 4.0 (1 vote)
Author:	Bengaly
Website:	http://pvdasm.reverse-engineering.net
Current version:	1.6d
Last updated:	September 19, 2006
Direct D/L link:	http://pvdasm.reverse-engineering.net/PVDasm.v1.6d.zip
License type:	Free
Description:	The Proview (a.k.a PVDasm) Disassembler is Free, Interactive, Multi-CPU (Intel 80x86/ Chip8) that includes many features which allows the user to perform analysis on the target image file. PVDasm currently support image files of executable files (.exe), dynamic executable images (.dll) and Game-Boy image files (.gb/.gbc). Proview disassembler is being developed now for over 6 years and the work has never stopped (might be delayed) since than. PVDasm is always intended to be a free disassembler without any profits what so ever, this makes Proview different than the other disassemblers' out there. PVDasm has been coded by me in 2002, history can shows that the first Proview engine was developed as a side project and was integrated as a part of a packer identifier which was also coded by me and was released in the name and version of Proview v0.8. Later that year this has changed, PVDasm disassembly engine has recoded from scratch with the aid of Intel x86 Books and the online opcode decoding tutorials and information of The-Svin as a project for my university. Proview disassembler disassembly engine does not use any 3rd party code or any other disassembler's code and operates by its own code. Currently the engine decodes the Intel 80x86 (32Bit) architecture (and hopefully later on will support the 64Bit architecture decoding) and support the different operation sets such as MMX/SSEx/3D Now! More than Intel, PVDasm also decodes the Chip8 CPU (and old CPU with minimal set of opcodes) which was used year back for gaming. Support and Features in Proview Disassembler: * Reads/Edits the PE (32Bit) / PE+ (64Bit) Image files. * Integrated Hex Editor. * Integrated Process Manager and Dumper. * Source Code Generator and Wizard (Currently only for MASM Compiler). * Plug-in SDK Architecture. * Coloring Themes/Custom Themes for disassembly coloring. * Function Parameters Recognition. * Data/Function Entries Manger (Define your own data/code section). * Produce PVDasm MAP and Support for IDA MAP Files (using ida2pv IDC script) for better analysis. * First Pass analyzer (Simple Analyzer). * Easy GUI Interface and features. * Code Patcher (Edit image and apply changes on the fly). * View/Search Function References and String References. * View Call/Jxx Bodies without the need to trance (Hover on the address) * Create and Load PVDasm Disassembly projects. * Create And Execute Scripts using PVScript Engine. There is both a Vista and a pre-Vista version available for download.
Also listed in:	(Not listed in any other category)
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	radare	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	pancake
Website:	http://radare.nopcode.org
Current version:	0.9.3
Last updated:	February 19, 2008
Direct D/L link:	http://radare.nopcode.org/get/radare-0.9.3.tar.gz
License type:	GPL
Description:	The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc. The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls. The debugger and disassembler has a code analysis module for x86, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary. The toolchain provides assemblers and disasemblers for x86, arm and java. The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so). The debugger currently works on linux,*bsd x86-32 but it has initial support for x86-64 and linux-ARM, and w32 support is in mind too. But there are IO plugins for debugging windows and DOS applications via wine and dosemu. Initial gxemul support gives us the possibility to also debug ARM, MIPS, SPARC, .. binaries. There are some internal commands to handle memory maps, mount a syscall proxy, inject code, patch data, dump user data sections, step-back, syscall tracing, hardware DRx register manipulation, conditional watchpoints with expressions, signalling manipulation, syscall injection and very early threading support.. Data structures can be parsed with hand-written C programs called as extensions from radare. So the hexadecimal editor comes with a set of views for different bases and print formats like URL-encoding, binary, octal, shellcode, C string-like, which is really useful for developing shellcodes. There's a minimal GUI frontend written in C that interacts directly with an VTE running radare. But I plan to write a new native frontend written in Vala. Current development plugins are: * ewf: EnCase (R) forensic disk images * winedbg: WineDebugger interface ( winedbg://./program.exe ) * haret: Remotely read WindowsCE memory ( haret://host:port ) * ptrace: Debugs or attach to a process ( dbg://file or pid://PID ) * sysproxy: Connects to a remote syscallproxy server * remote: TCP IO ( listen://:port or connect://host:port ) * gdb: Debugs or attach to a process using gdb (gdb://file, gdb://PID, gdb://host:port) * w32: posix to native w32 api io * posix: plain posix file access The tools provided around the core are: * radare: command line hexadecimal editor with IO plugin extensions * rabin: get info from ELF/MZ/PE/CLASS files * rasc: shellcode generator and tester (outputs in raw, hexpairs or C) * bindiff: binary diffing utilities for raw files, binaries, data blocks, etc * xrefs: find crossed references on raw images for ppc, arm and x86 * hasher: calculate different algorithms over data blocks of a file or stream * rsc: command line helpers written in shellscript or perl * javasm: minimalistic java assembler/disassembler/classdumper * armasm: minimalistic arm assembler * xc: converts between multiple radix numeric bases FMI see the mailing list Have fun!
Also listed in:	Assemblers, Binary Diff Tools, Code Injection Tools, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	RosAsm	Currently5/5 1 2 3 4 5 Rating: 5.0 (1 vote)
Author:	Betov/Rene
Website:	http://www.rosasm.org
Current version:	2.051a
Last updated:	January 23, 2008
Direct D/L link:	http://www.quanta-it.com/RosForum/viewtopic.php?t=2412
License type:	Free / Open Source / GPLed
Description:	Previously known as SpAsm. The easy way for writing full 32 Bits Applications in Assembly IDE with full integration of all components. RosAsm is auto-compilable and the Sources are hosted inside the PEs. No installation overhead (the silent auto-install coming with RosAsmFull.zip makes RosAsm the only actual Click&Go Assembler environment). Real Sources Editor with tons of unique features, specificaly devoted to secure editions and to huge mono-files assembly sources: Tree-view, instant jump to any type of declaration by simple right-click, division of the mono-files into TITLEs, advanced IncIncluder pre-parser, and so on... The fastest of the actual assemblers, (1.5 Mega/second on a Celeron 1.3 Ghz...) directly outputting PE files on a simple click, with a powerful macros system (a macros unfolder is available by a double-click, through a float menu). Simplified Intel syntax. Does not need any include, prototype or header companion file. Nothing but a single simple source. Complete implementation of the mnemonics set, up to SSE3. RosAsm Bottom-Up Assembler is a true low level Assembler, enabling HLL writing styles by user defined macros and/or by HLL pre-parsers selections. Selectable Pre-Parsers performing various tasks, like HLL expressions parsing, alternate syntaxes, Includes Managements, ... Source level Debugger with a state-of-the-art memory inspector and very advanced features, like the dynamic break-points, that can be set/removed by simple clicks, as well as at write-time and/or at run-time, like with the most advanced HLLs. To run the Debugger, You simply click on Run and your application is running through the debugger. Any error (or break-point, enabling advanced stepping modes) is pointed out directly in your source code. Accurate messages are delivered on errors cases. Disassembler. To date, RosAsm is the one and only two-clicks-disassembler-reassembler ever seen. It is, actually, fully effective on most small files and on many middle size applications: The dream tool for study and/or for porting your works to assembly. Original Resources Editors, with control of matching styles, outputting as well resources, files, and memory templates. Integrated Help system, with a complete 32 bits Assembly Tutorials, Opcode help, and RosAsm Manual (2 megas of documentation, more than 600 organised rtf files). Clip file system, for templates reuse. Integrated OS Equates, and Structures files, saving from any boring include. ... and much more... Take care that, as opposed to most RAD/IDEs, RosAsm does not attempt to impress you with multiple windows jumping all over the screen and with insistant features. Instead, RosAsm features implementations have always been made as discreet and as silent as possible, and the overall look-and-feel has always been made as naked and as simple as possible. Many implementations are optional, through the configuration tab. Though RosAsm is the most accurate tool for learning the marvelous simplicity of Assembly - particulary since the inclusion of the Interactive Visual Tutorials - and though it is the easiest way to jump right into the true thing, it has been thought and designed, first, as a professional tool for real life applications programming in full assembly. Its final purpose is to compete with the current most commonly used HLLs, for serious applications writing. This goal will be achieved, in the near future, with the upcoming implementations of the Visual Components Designers (Wizards) and with the implementations of some Applications builders.
Also listed in:	Assembler IDE Tools, Assemblers, Debuggers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	SysDasm	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Kayaker
Website:	http://rootkit.com/newsread.php?newsid=208
Current version:
Last updated:	October 26, 2007
Direct D/L link:	Locally archived copy
License type:	Free / Open Source
Description:	Full-Text Disassembler DLL Export Module for Kernel Mode I use the source code of NDISASM, the Netwide Disassembler portion of NASM, compiled into a user mode DLL, for use in various reversing projects that incorporate a disassembler component. Recently I decided to recompile the code into a *kernel mode* DLL, to see what use might be made of it in a driver context. The result may be of interest to some, perhaps as a self contained full-text disassembly module for testing or development (i.e. "playing"), or simply as an example of creating and using kernel mode export drivers. The full-text disassembly module, SysDasm.sys, is created with a single export, which acts as a wrapper around the NDISASM internal disasm routine. This export-only driver is loaded from another driver, either by linking to it explicitly, or by loading it with ZwSetSystemInformation using the SystemLoadImage class. In this type of export module, the DriverEntry routine is never called but exists so the file is compiled correctly as a .sys driver. If you want to design such a Kernel Mode DLL with functional entry/exit routines, you can add PRIVATE exports declared as DllInitialize/DllUnload. For more on this see for example DLLs in Kernel Mode by Tim Roberts http://www.wd-3.com/archive/KernelDlls.htm The easiest way to use such a kernel mode DLL is to include its .LIB file when compiling the driver which will communicate with it, and to declare the functions you want to import with EXTERN_C DECLSPEC_IMPORT. When the driver is loaded by the system, this second module is loaded as a required kernel DLL and the functions can then be called directly by name. The DLL is unloaded by the system when the driver closes.
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	TatraDAS	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Ivan Kohút
Website:	http://tatradas.sourceforge.net
Current version:	2.9.8
Last updated:	December 27, 2007
Direct D/L link:	N/A
License type:	Free / Open Source
Description:	TatraDAS is disassembler of x86 executables which supports PE, NE, MZ, COM, ELF and binary file formats. It includes disassembler, text viewer with syntax highlighting. After initial disassembling of input file you can redisassemble any part of code. Disassembled text can be saved as project and opened agein later, as a plain text or exported to NASM compilable files. TatraDAS is written in Delphi/Object Pascal. It is distributed under GNU GPL in two versions: * GUI version for Windows (all features) * OS independent (source code) console version (only disassembling and saving)
Also listed in:	(Not listed in any other category)
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Udis86	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	Vivek Mohan
Website:	http://udis86.sourceforge.net
Current version:	1.6
Last updated:	August 5, 2007
Direct D/L link:	N/A
License type:	Free / Open Source
Description:	Udis86 is an easy-to-use minimalistic disassembler library (libudis86) for the x86 and AMD64 (x86-64) range of instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis. 1. Full support for the x86 and x86-64 (AMD64) range of instruction set architectures. 2. Full support for all AMD-V, INTEL-VMX, MMX, SSE, SSE2, SSE3, FPU(x87), and AMD 3Dnow! instructions. 3. Supports 16bit, 32bit, and 64bit disassembly modes. 4. Generates output in AT&T or INTEL assembler language syntaxes. 5. Supports flexbile input methods: File, Buffer, and Hooks. 6. Thread-safe and Reentrant. 7. Clean and very easy-to-use API. 8. Builds on *nix systems, Win32, DJGPP (new), Standalone, etc.
Also listed in:	X86 Disassembler Libraries
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	W32DASM	Currently3/5 1 2 3 4 5 Rating: 3.0 (1 vote)
Author:	URsoftware
Website:	N/A
Current version:	8.94
Last updated:	March 11, 2003
Direct D/L link:	N/A
License type:	Commercial
Description:	Before IDA Pro, W32DASM was the king of Windows 32 bit executable disassemblers. It also has a ring 3 debugger built-in.
Also listed in:	Ring 3 Debuggers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:	Whiskey Kon Tequilla VB P-Code Debugger	Currently0/5 1 2 3 4 5 Rating: 0.0 (0 votes)
Author:	WKT Team
Website:	N/A
Current version:	1.3e
Last updated:	Around 2001
Direct D/L link:	Locally archived copy
License type:	Free
Description:	At the time it showed up, the one and only P-Code disassembler / debugger mankind was able to use. Before it, debugging of the P-Code (Runtime interpreted Pseudo-VB code) with ordinary disassemblers / debuggers was really pain in your neck. This one saved me a lot of time, and probably helped postpone my deportation to the psychiatric research facility.
Also listed in:	Visual Basic Decompilers, Ring 3 Debuggers
More details:	Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Feed containing all updates and additions for this category.

Feed containing all updates and additions for this category, including sub-categories.