From Collaborative RCE Tool Library

Jump to: navigation, search

Exe Analyzers


Tool name: AT4RE FastScanner
Rating: 5.0 (1 vote)
Author: AT4RE Team                        
Website: http://www.at4re.com
Current version: 1.0
Last updated: April 9, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: Yet another Win32 PE Packer/Protector Identifier.

[ Features ]

- Detect About 2017 Signatures in PE Files.
- Easy & Amazing & Fast GUI .
- Drag and drop Capabilities.
- Shell integration .
- Signatures Update by user , and notify after 3 month if Signatures file hasn't updated.
- Special Plugins by AT4RE , ' AT4RE PE Editor' , ...
- PEID Plugins Supported , just copy them to plugins directory.
- Full Package Contains most needed plugins.
Also listed in: Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Explorer Suite
Rating: 5.0 (1 vote)
Author: Daniel Pistelli                        
Website: http://ntcore.com/exsuite.php
Current version: III
Last updated: March 2, 2008
Direct D/L link: http://ntcore.com/Files/ExplorerSuite.exe
License type: Free
Description: A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium.

Features:

* Process Viewer
* Windows Viewer
* PE and Memory Dumper
* Full support for PE32/64
* Special fields description and modification (.NET supported)
* PE Utilities
* PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer)
* View and modification of .NET internal structures
* Resource Editor (full support for Windows Vista icons)
* Support in the Resource Editor for .NET resources (dumpable as well)
* Hex Editor
* Import Adder
* PE integrity checks
* Extension support
* Visual Studio Extensions Wizard
* Powerful scripting language
* Dependency Walker
* Quick Disassembler (x86, x64)
* Name Unmangler
* Extension support
* File Scanner
* Directory Scanner
* Deep Scan method
* Recursive Scan method
* Multiple results
* Report generation
* Signatures Manager
* Signatures Updater
* Signatures Collisions Checker
* Signatures Retriever
Also listed in: .NET Executable Editors, .NET Resource Editors, .NET Signature Removers, .NET Tools, Dependency Analyzer Tools, Executable CRC Calculators, Hex Editors, Import Editors, Memory Dumpers, PE Executable Editors, Process Dumpers, Protection Identifiers, Resource Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ActiveMARK Version Viewer
Rating: 0.0 (0 votes)
Author: Nacho_Dj                        
Website: http://arteam.accessroot.com/releases.html
Current version: 1.0
Last updated: April 14, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: Tool for getting the ActiveMARK protection version used in a target.

It works an all released versions of the protection.

If the file selected is an executable, it will launch the target with the proper argument that lets you viewing the AM version:
- In AM releases previous to 6, it uses --AmClientVersion
- in 6 releases, it uses the Main Encription Key of the target.

If the file selected is a data file, it extracts the info to get the Packager used in its compresion & encryption.
This is available in executable files if the 'Don't launch executable' option is checked.

NB: Some AV detects this tool as a generic malware. Obviously it is not a malware and as all our release is 100% guaranteed to be free of any malware!
Also listed in: Packer Identifiers, Protection Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: dELTA EXE Analyzer
Rating: 0.0 (0 votes)
Author: dELTA                        
Website: http://www.woodmann.com/forum/showthread.php?t=5264
Current version: 1.0
Last updated: 2001
Direct D/L link: Locally archived copy
License type: Free
Description: Back in 2001 I wrote my own exe analyzer just for fun, while looking into the MZ and PE format. I never released it to anyone, but since it contains quite cool cave finding and cave analysis abilities, which I have never seen in any other program, I'll upload it here now for anyone to play with. You can also feel free to distribute it to anyone or upload it anywhere, I don't care.

But note that the program is just my own little ugly dirty hack, so I won't support it, the GUI isn't exactly the most beautiful, and I won't guarantee it won't crash and so on, but it has been quite stable while I have played around with it anyway.

It analyzes quite many aspects of the executable file, but one extra interesting and unique feature is the bunch of tools under "Extended executable info (PE)" ---> "File anatomy & offsets". It will give you details of all section padding areas (caves), and it will also automatically find any area inside the executable file which does not belong to any section (I actually found an alignment bug in a compiler/linker with this tool, which left a 512 byte block of null-bytes between two sections in the middle of the compiled file, ready to be exploited as a mega-size cave :)), including any data which is appended after the last section of the file. Quite useful sometimes. But the really juicy stuff will be found when you select a section in the box to the right and click "Show detailed map". It will the give you a graphical overview on the screen, of each and every single byte in that section. You can even click inside the graphic map to select any area and see what it is (click and hold down the mouse button and drag the mouse over the map for extra fun). This is very cool for "getting a feel" for how a certain linker/packer/whatever builds its sections, and also for finding "micro caves", consisting only of a few bytes, in the middle of a section! You can choose to display an analysis map of the free space or the used space of the selected section by clicking the radiobuttons on the upper right of the map.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DiE (Detect it Easy)
Rating: 0.0 (0 votes)
Author: Hellsp@wn                        
Website: http://hellspawn.nm.ru
Current version: 0.64
Last updated: May 6, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Packer identifier that is supposed to be good.
Also listed in: Packer Identifiers, Compiler Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ExeInfo PE
Rating: 0.0 (0 votes)
Author: A.S.L.                        
Website: http://www.exeinfo.go.pl
Current version: 0.0.1.8 G
Last updated: May 08, 2008
Direct D/L link: http://w14.easy-share.com/1700345643.html
License type: Free
Description: Good detector for packers, compressors + unpack info + internal exe tools.
Also listed in: Compiler Identifiers, Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Jim Clausing's Malware Packer Signatures
Rating: 0.0 (0 votes)
Author: Jim Clausing                        
Website: http://isc.sans.org/diary.html?storyid=3432
Current version:
Last updated:
Direct D/L link: http://handlers.sans.org/jclausing/userdb.txt
License type:
Description: Custom malware packer signatures by Jim Clausing.
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Neil's Collection of Packer Signatures
Rating: 0.0 (0 votes)
Author: Neil The Hippie Killer                        
Website: http://www.peid.info/BobSoft/
Current version:
Last updated: December 5, 2007
Direct D/L link: http://www.peid.info/BobSoft/Downloads/UserDB.zip
License type:
Description: Neil's Collection of Packer Signatures
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PEBrowse Professional
Rating: 0.0 (0 votes)
Author: SmidgeonSoft                        
Website: http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html
Current version: 9.2.5
Last updated: 28 December, 2007
Direct D/L link: http://www.smidgeonsoft.com/download/PEBrowse.zip
License type: Free
Description: PEBrowse Professional is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies produced according to the Portable Executable specifications published by Microsoft. For Microsoft Windows Vista, Windows XP, Windows 2000, and others. (We have received reports that the software also works on other OSes, including Wine (!) and Windows CE.)

With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using PEBrowse. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu.

While the binary dump display offers various display options, e.g., BYTE, WORD, or DWORD alignment, the greatest value of PEBrowse comes when one disassembles an entry-point. An entry-point in PEBrowse is defined as:

* Module entry-point
* Exports (if any)
* Debug-symbols (if a valid PDB, i.e., program database file, is present)
* Imported API references
* Relocation addresses
* Internal functions/subroutines
* Any valid address inside of the module

Selecting and disassembling any number of these entry-points produces a versatile display rich in detail including upper/lowercase display, C/Pascal/Assembler suffix/prefixing, object code, color-coded statements, register usage highlighting, and jump/call target preview popups. Additional information, such as variable and function names, will also be present if one has access to a valid PDB file. Disassembly comes in two flavors: linear sweep (sequential disassembly from a starting address) and recursive traversal, aka, analysis mode (disassembly of all statements reachable by non-call statements - extended analysis disassembles all internal call statements as well). The latter mode also presents local variables with cross-referencing, highlighting, and renaming options. If one adds/changes variable name or adds comments to specific lines, these can be displayed in a session file which will record and save all currently opened displays.

PEBrowse Professional will decompile type library information either embedded inside of the binary as the resource "TYPELIB" or inside of individual type libraries, i.e., .TLB or .OLB files.

PEBrowse Professional also displays all metadata for .NET assemblies and displays IL (Intermediate Language) for .NET methods. It seamlessly handles mixed assemblies, i.e., those that contain both native and managed code.

Finally, PEBrowse can be employed as a file browse utility for any type of file with the restriction that the file must be small enough that it can be memory-mapped.
Also listed in: Disassemblers, .NET Disassemblers, COM Tools, .NET Tools, Delphi Tools, Memory Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PEiD
Rating: 4.0 (1 vote)
Author: Jibz, Qwerton, snaker, xineohP                        
Website: http://www.peid.info/
Current version: 0.94
Last updated: May 10, 2006
Direct D/L link: http://www.peid.info/files/PEiD-0.94-20060510.zip
License type: Free
Description: PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.

PEiD is special in some aspects when compared to other identifiers already out there!

1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
Also listed in: Compiler Identifiers, Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: packerid.py
Rating: 0.0 (0 votes)
Author: Jim Clausing                        
Website: http://handlers.sans.org/jclausing
Current version:
Last updated:
Direct D/L link: http://handlers.sans.org/jclausing/packerid.py
License type:
Description:
Also listed in: Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Panda Security Packer Signatures
Rating: 0.0 (0 votes)
Author: Panda Security                        
Website: N/A
Current version:
Last updated:
Direct D/L link: http://research.pandasecurity.com/blogs/images/userdb.txt
License type:
Description: Panda Security Packer Signatures
Also listed in: Packer Identifier Signatures
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Protection ID
Rating: 5.0 (2 votes)
Author: CDKiLLER and Tippex                        
Website: http://pid.gamecopyworld.com
Current version: 6.0 beta
Last updated: December 24, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: The ultimate Game Protection Scanner

The current version does detect more than
250 exe-packers, PC ISO Protections, Dongles, Licenses and Installers in
such an exact and fake proof way you haven´t seen before in any scanning tool due the detailed checks.
False reports and detection where other tools fail are history.

Features

* Scanning of PC Games & Application files to detect the protection used(s)
* Detects most of the available executable compressor / crypter and it´s up to date in detecting the newest PC-Game protections
* Scanning CDs / DVDs for Tagés (only available on win2k / winxp, but no ASPI drivers required)
* Scan folders with all the included files
* Coded in 100% Win32 Assembly language, allowing it to run on every WinOS since Windows 95
* Easy scanning with the shell context menu 'Scan with Protection ID...' or drag & drop files into the (simple to use) GUI
* Ability to scan a cracked file and to get possible information which protection was originally used
* Check for the newest update and download it
* More strong scanning routines allowing it to detect multiple (!) protections in one file
* No additional files like VB Runtimes, MSVC dlls or ASPI drivers are required, you simply need one exe file !
* Constantly updated to detect the newest protections available for PC Games & Applications (hey which other tool has this feature too ? ;-)

* Detection for most of the available PC Game Protections
- 3P Lock
- CDCops
- CDLock
- Codelok
- JoWood X-Prot
- Laserlok / Laserlok Marathon
- Protect DiSC
- Ring-Protech
- Safedisc
- SecuROM
- Settec Alpha ROM
- SmartE
- SolidShield
- StarForce
- Sysiphus
- Tages
- VOB Protect CD/DVD


* PC Game Trial Protections
- ActiveMARK
- GameHouse Trial Wrapper
- INTENIUM Try & Buy detection
- KochMedia ePolice
- ReflexiveArcade Wrapper
- SVKP Online
- WildTangent Wrapper
- Zylom Wrapper


* Dongles
- DinKey
- Hardlock
- Guardant
- HASP Hardware Lock
- HASP Hardware Lock Envelope
- Key-Lok II
- SENTiNEL
- SENTiNEL SUPER PRO
- SmartKey
- WIBU


* Licenses
- CrypKey Instant
- CrypKey SDK
- eLicense
- FlexLM
- FlexNET
- HASP SL Licensing System
- InterLok
- nTitles Activator
- Protection Plus
- Release Software Corporations SalesAgent
- Safecast
- Sentinel License Manager


* .NET protectors
- {smartassembly}
- .NetZ
- dotFuscator
- DotNet Guard
- dotNet Protector v4 & v5
- dotNet Reactor v2.x / v3.x
- Sixxpack .Net Compressor
- XHEO CodeVeil


* EXE Packers / Protectors (freeware)
- ABC Crypt v1.0
- Alex Protector v1.0 Beta 2
- ANDpakk2
- Anslym Packer
- ARM Protector v0.1, v0.2, v0.3
- ASDPack v2
- Aver Cryptor v1.00, v1.02 Beta
- BamBam v0.0.1
- BeRoEXEPacker v1.00
- Beria v0.0.7
- Berio v1.0
- BitShape PE Crypt v1.5
- BJFNT v1.1, v1.2, v1.3
- CDS SS 1.0 Beta 1
- Celsius Crypter v2.1
- cEXE 1.0a / 1.0b
- CICompress v1.0
- CodeCrypt v0.15, v0.16 - v0.161, v0.163 - v0.164, [unknown version]
- Cryptic v2.0
- CRYPToCRACks PE Protector v0.9.2, v0.9.3
- DalKrypt v1.0
- Daemon Protect v0.6.7
- DEF v1.0
- DePack
- Dot Fix Fake Signer
- DragonArmor v0.0.4.1
- Dual´s EXE Encryptor v1.0, v1.1b
- Encrypt PE v1.2003.5.18, v2.2004.8.10 / 2.2006.1.15, v2.2006.10.1, v2.2007.4.11
- EP (EXE Pack)
- EP Protector v0.3 [AHTeam]
- Excalibur v1.03
- EXE Evil v1.0
- EXE ReFactor v0.2
- fEaRz Crypter v1.0 Beta 1
- fEaRz Packer v0.3
- FishPe Shield v2.0.1
- Forgot v1.0
- Frensh Layor v1.81
- FSG v1.0, v1.2, 1.3 - v1.31, 1.3.3, 1.33, v1.33a, 2.0
- Goat´s PE Mutilator v1.6
- Hide PE (ASProtect 1.2 [New Strain] method, VBOX 4.3 MTE method)
- hmimys PE-Pack v0.1
- JD Pack v1.01, v2.00
- KByS Packer v0.28 Beta
- KaOs PE eXecutable Undetecter
- kkrunchy
- Krypton v0.2, v0.3, v0.4, v0.5
- LameCrypt
- marcrypt v0.1
- MarjinZ ScramblerSE
- Mew 5 EXE Coder 0.1
- Mew 10
- Mew 11 SE v1.1 - v1.2
- mkfPack
- Morphine v1.2 - v1.3, 1.4 - v2.7
- mPack v0.0.2 & v0.0.3
- MSLRH v0.31a, v0.32
- MuCruncher
- MZ0oPE v1.0.6b
- MZ Crypt v1.0
- NFO v1.0
- Noodlecrypt v2
- nPack v1.1.250.2006 Beta, v1.1.300.2006 Beta
- Packanoid v1.0, v1.1
- PackItBitch v1.0
- Packman v0.0.0.1, v1.0
- Pack Master v1.6
- Passlock 2000
- PE 123 v2006.4.4
- PE-Armot (Hying) v0.x
- PEQuake v0.06
- PE Crypt v1.0x
- PE Diminisher v0.1
- PE LockNT v2.01, v2.02, v2.04
- PE Mangle
- PE Nguincrypt v1.0
- PE Nightmare
- PE Ninja
- PE Pack v0.99, v1.0
- PE Shield v0.1d, v0.2, v0.25, [unknown version]
- PE Shrink
- PE Spin v0.0b, v0.3, v0.41, v0.7, v1.0, v1.1, v1.3, [unknown version]
- PE Stub OEP v1.x (Entry Point Faker)
- PE Zip v1.0
- Perplex PE Protector v1.01
- PEX v0.99
- Poisen Ivy Crypter v1
- PolyCrypt PE
- PolyEnE
- Program Protector v1.x - v2.x
- Protect v0.1.3
- Protect EXE v0.4a Beta
- Punisher v1.5 (DEMO)
- QrYPt0r v1.0
- RLPack v1.16, v1.17, v1.18, v1.19, [unknown version]
- Sexe Crypter v1.1
- Shrink Wrap v1.4
- SimplePack v1.11
- Simple PE Crypter
- SLVc0deProtector v0.61, v1.1, v1.11
- Smokes EXE Shield v0.5
- Ste@lth PE v1.x, v2.x
- Stones PE Crypter v1.13
- TELock v0.42, v0.51, v0.60, v0.70, v0.71, v0.80, v0.85f, v0.90, v0.92a, v0.95, v0.96, v0.98b1, v1.00
- The Best Cryptor [by FsK]
- Thunderbolt v0.0.2
- TPP Pack
- unkOwn Crypter v1.0
- UPack v0.10 - v0.12, v0.20, v0.21, v0.22 - v0.23, v0.24 - v0.28, v0.29 - v0.33, v0.34 - v0.35, v0.36 - v0.39
- UPX, UPX Mutator, Visual UPX v0.2, [unknown / modified UPX]
- UPX Mutanter v0.2
- UPX Protector v1.0e
- UPX Scrambler
- UPX$HiT 0.0.1
- USSR v0.31
- VCrypt v0.9b
- Virogen Crypt v0.75
- VPacker v0.02.10
- WinKrypt v1.0
- XCR v0.12, v0.13
- xxPack v0.1
- Yoda´s Crypter v1.1, v1.2, v1.3
- Yoda´s Protector v1.0b, v1.02b, v1.02d, v1.02.05, v1.03.01 BETA, v1.03.02 BETA, v1.03.3
- YZPack v1.1 & v1.2
- Z-Code v1.01


* EXE Packers / Protectors (commercial)
- ACProtect v1.09, v1.10, v1.20, v1.21, v1.22, v1.23, v1.3c, v1.32, v1.35 - v1.40, v2.0
- Air EXE Lock
- Akala EXE Lock
- Armadillo (lots of specific versions and version ranges)
- ASPack v1.00b, v1.01b, v1.02b, v1.03b, v1.05b, v1.06b / v1.061b, v1.07b, v1.08.00, v1.08.01, v1.08.02, v1.08.03, v1.08.04, v2.000, v2.001, v2.1, v2.11, v2.11c / v2.11d, v2.12, v2.12b
- ASProtect v1.0, v1.1, v1.11, v1.2, v1.22 - v1.23, 1.23 RC4 - v1.3.08.24, v1.23 RC4 (Registered), v1.31 Build 2004.04.27, v1.32, v2.0, v2.1 SKE, v2.2, v2.3, 2.1 - v2.3, 2.x [unknown version]
- Bit-Arts Crunch v5.0
- CopyMinder
- Cryptolock
- DBPE v2.33
- Enigma Protector v1.02 Build 3.10, v1.02 Build 4.00, v1.11, v1.12, v1.14, v1.16
- EXE32Pack v1.37, v1.38, v1.42
- EXE Cryptor v1.5.x
- EXE Cryptor 2.0.0 - 2.1.0, 2.2.0 - v2.2.6, 2.3.0 - v2.3.9, 2.2.0 - 2.4.0, 2.4.0 (or newer), 2.xx [unknown version]
- EXE Guard v1.3
- EXE Password 2004 v1.111, 1.112, v1.114, [unknown version]
- EXE Password Lock v1.01
- EXE Prot v1.x
- EXE Protector v2.x
- EXE Safe v2.0
- EXE Shield 2.7, v2.7b, v2.8a, v2.9, v3.6, v3.7
- EXEStealth v2.70, v2.73, v2.74, v2.75, v2.75a
- ExPressor v1.0, v1.1, v1.2, v1.3, v1.4, v1.5
- E-Zip v1.0
- Ion Ice EXE Lock v1.0
- KasperSky Pack
- MazePath EXELockout v3.0
- MoleBox 2.0.0 - v2.3.0, 2.2.3, 2.2.4, 2.2.5, v2.2.6, v2.2.8, v2.3.0, v2.3.3 v2.4.0, v2.5.0, v2.5.5, v2.5.12 - v2.6.3, 2.3.3 - v2.6.4
- Neolite v1.x - v2.x
- NSPack 2.3 - v2.7, v2.9, v3.0, v3.1, v3.3, v3.4, v3.5, v3.6, v3.7, [unknown version]
- nTitles Verifier for .NET
- NTkernelPacker v0.1 (exe + dlls)
- Obsidium v1.0.0.61, v1.1.1.0, v1.1.1.4, v1.2.0.0, v1.2.5.0, v1.3.0.0, v1.3.0.4, v1.3.3.4, v1.3.3.7, v1.3.3.9, v1.3.4.1, [unknown version]
- ORiEN v2.12
- PC Guard v4.06, v5.00, v5.01
- PEBundle v3.xx
- PE Compact v1.00 - v1.3x, v1.40 - v1.50, v1.55, v1.56 - v1.65, v1.66 - v1.84 v2.0 Beta Build 52, v2.00 - v2.10, v2.20 - v2.79, 2.xx [unknown version]
- PE Lock v1.0x
- Petite v1.2, v1.3, v1.4, v2.2, v2.3, [unknown version]
- PKLite32 v1.1
- Private EXE v2.x
- SD Protector v1.12, v1.16
- Special EXE Password Protector
- Shegerd EXE Protector & Anti-Debugger
- Shrinker v3.4, v3.5, [unknown version]
- Softdefender v1.0 - v1.1
- Soft Sentry v3
- Software Compress v1.2, v1.4
- SoftWrap
- SVKP v1.051, v1.11, v1.3x - v1.4x, [unknown version]
- Themida v1.0.0.0 - v1.8.1.0, v1.8.2.0 (or newer)
- Trial Master v2.x
- VBO Watch 3
- Visual Protect
- Vcasm-Protector v1.0
- VM Protect 1.00 - v1.10, 1.20 - v1.50
- WinLicense v1.0.0.0 - v1.8.1.0, v1.8.2.0 (or newer)
- WWPack32 v1.xx
- X-treme Protector v1.00 - v1.06, 1.07 - v1.08, 1.07 BUiLD 12-12-03, 1.08 BUiLD 15-12-03, 1.08 FiNAL


* Installers
- 7 - Zip SFX Setup Module
- AKInstaller Module
- Aquarius Soft Self-Extractor Archive
- Astrum Install Wizard
- AW Install Engine
- BinPatch
- Bitarts Install Wrap
- Blizzard PrePatch Module
- Clickteam Install Maker
- Clickteam Patch Maker
- Create Install 2003
- Gentee Installer
- Ghost Installer
- GKWare SFX Setup
- Inno Setup
- InstallAware Setup Module
- Installer 2 Go
- InstallShield v5.53.168.0, v6.31.100.1221, v7.1.100.1242, v7.7.0.262, v8.x, v9.1.0.429, v10, v10.5, v11, v12
- Install Zip Setup
- IZarc Self Extractor
- Microsoft SFX CAB Module
- Nullsoft SFX Setup
- Paquet Builder - Enhanced Self-Extracting Zip Module
- Patch Wise
- PKSFX Module
- Power Archiver 2003 v8.x SFX Module
- QSetup SFX Kernel
- Red Shift Installation System
- RTPatch Module
- Setup Factory
- SFX Factory!
- Silicon Realms Install Module
- Sony Self-Extracting Packager Archive
- Spoon Installer
- Tarma Installer Module
- VISE Mindvision Wizard
- WinAce Self-Extractor Module
- WinRAR SFX Archive
- WinZip SFX
- Wise Installation Wizard
- Zip Central SFX Module
- Zip SFX Archive
- Z-Up Maker SFX Archive
- Zylom Games Setup Module
Also listed in: Packer Identifiers, Protection Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: pynary
Rating: 0.0 (0 votes)
Author: c1de0x                        
Website: http://code.google.com/p/openrce-snippets/wiki/pynary
Current version: 0.0.1
Last updated:
Direct D/L link: N/A
License type: Open Source
Description: pynary will become a powerful platform independent framework for binary code analysis.

The initial goal is to the implementation of function signature matching using graph isomorphism and an extensible 'write-your-own-heuristic' model to allow tweaks for particular targets. It will also identify standard library global constants and structure where possible.

Once the initial goal is achieved, a number of cool features are planned:

* stack frame analysis
* un-inliner
* exception handling parsing/analysis
* 'functionally equivalent' matching
* c++ template function matching
* meta-data transfer between IDBs
* c++ class reconstruction (with/without RTTI)
* ...

This project is still in its infancy, and looking for volunteers.
Also listed in: Deobfuscation Tools, Executable Diff Tools, Reverse Engineering Frameworks, Programming Libraries, Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RDG Packer Detector
Rating: 0.0 (0 votes)
Author: RDGMax                        
Website: http://www.rdgsoft.8k.com
Current version: 0.6.5
Last updated:
Direct D/L link: Locally archived copy
License type: Free
Description: Packer detector that should be good.

RDG Packer Detector is a detector for packers, Cryptors, Compilators, Packer Scramblers, Joiners, Installers.

-Rapid detection engine.
-Potent detection engine that analyses the whole file,allowing multi-detection of simultaneous packers.
-Allows the creation of your own signatures.
-Contains a crypto-analyzer.
-Calculates file checksums.
-Able to analyze entropy, detecting program compression or encryption state.
-OEP Detector.
-You can check and download signatures from the server, RDG Packer Detector is always up to date.
-Plug-in Loader..
-Signature convertor.
-Detection of false Entry Point tricks.
-De-Binder: an extractor of bundled files.
-Improved heuristic engine.
Also listed in: Compiler Identifiers, Packer Identifiers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 3 subcategories to this category.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:Exe_Analyzers"



Views