From Collaborative RCE Tool Library
Import Editors
| Tool name: | IIDKing |
| ||
|---|---|---|---|---|
| Author: | SantMat | |||
| Website: | http://www.reteam.org/tools.html | |||
| Current version: | 2.01 | |||
| Last updated: | November 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IIDKing allows you to add/remove imports to/from ANY PE file's import table, thereby eliminating the need to have to do LoadLibrary then GetProcAddress. Whats New: -Added the ability to add an unlimited number of DLL(s) and their corresponding Function(s) to the target exe. -You can now run IIDKing an unlimited number of times on any given target and IIDKing will only ever use ONE section called ".IIDKING" in your target. Old versions of IIDKing required more. -When you run IIDKing on a target that has already been modified via IIDKing v1/v2 it will notify you of this fact and subsequently load the previously added DLL(s)/Function(s) into the IIDKing dialog. This allows you to re-run IIDKing for the purpose of removing or adding to past import additions to your targets. -Added an easy to use interface for adding DLL(s)/Function(s) in the form of a list dialog. You simply select the DLL filename as you wish and it will list all it's available exports for you to choose from. Leaves no room for case sensitive or spelling errors when adding DLL(s)/Function(s). -IIDKing v2 is much more intuitive in handling user actions and hence can be kept open and used continuously on the same target or any given number of targets. No need to restart IIDKing ever. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Explorer Suite |
| ||
|---|---|---|---|---|
| Author: | Daniel Pistelli | |||
| Website: | http://ntcore.com/exsuite.php | |||
| Current version: | III | |||
| Last updated: | August 19, 2009 | |||
| Direct D/L link: | http://ntcore.com/Files/ExplorerSuite.exe | |||
| License type: | Free | |||
| Description: | A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium. Features: * Process Viewer * Windows Viewer * PE and Memory Dumper * Full support for PE32/64 * Special fields description and modification (.NET supported) * PE Utilities * PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer) * View and modification of .NET internal structures * Resource Editor (full support for Windows Vista icons) * Support in the Resource Editor for .NET resources (dumpable as well) * Hex Editor * Import Adder * PE integrity checks * Extension support * Visual Studio Extensions Wizard * Powerful scripting language * Dependency Walker * Quick Disassembler (x86, x64) * Name Unmangler * Extension support * File Scanner * Directory Scanner * Deep Scan method * Recursive Scan method * Multiple results * Report generation * Signatures Manager * Signatures Updater * Signatures Collisions Checker * Signatures Retriever | |||
| Also listed in: | .NET Executable Editors, .NET Resource Editors, .NET Signature Removers, .NET Tools, Dependency Analyzer Tools, Exe Analyzers, Executable CRC Calculators, Hex Editors, Memory Dumpers, PE Executable Editors, Process Dumpers, Protection Identifiers, Resource Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | LordPE |
| ||
|---|---|---|---|---|
| Author: | y0da | |||
| Website: | N/A | |||
| Current version: | 1.41 (Deluxe b) | |||
| Last updated: | September 30, 2009 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,... Main features: * Task viewer/dumper * Huge PE editor (with big ImportTable viewer, ...) * Break'n'Enter (break at the EntryPoint of dll or exe files) * PE Rebuilder News: * The first GUI PE editor in the world supporting the new PE32+ (64bit) format ?! (only editing support - no rebuilding, dumping, comparing etc.) * New plugin interface added! You can develop LordPE Dump Engines (LDE) now. Look at \Docs\LDE.tXt for more information. * Added LDE: IntelliDump which can dump .NET CLR processes * Added structure lister for SectionHeaderTable, PE headers and DataDirectories (the "L" buttons) * Added hex edit buttons (the "H" buttons) in the DataDirectoryTable viewer * Added PE.OptionalHeader.Magic and PE.OptionalHeader.NumberOfRvaAndSizes to the PE editor * TLSTable DataDirectory is now editable * Possibility to increment/decrement the number of DataDirectories added * Etc etc etc... | |||
| Also listed in: | Dump Fixers, Memory Dumpers, PE Executable Editors, Process Dumpers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | CHimpREC |
| ||
|---|---|---|---|---|
| Author: | Sébastien Doucet (TiGa) | |||
| Website: | http://www.iitac.org | |||
| Current version: | ReCon Edition | |||
| Last updated: | June 23rd, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Freeware | |||
| Description: | CHimpREC: The Cheap Imports Reconstructor by TiGa of ARTeam IITAC (http://www.iitac.org) This is the 32/64-bit imports rebuilder that I introduced at ReCon 2008 in Montreal. Made for the best compatibility with WoW64 on x64-based Windows XP or Vista. This is the same version that was used at the conference. The first official release will come soon. +Features The first universal 64-bit imports rebuilder 32-bit version included Interface similar to ImpREC Integrated 32/64-bit process dumper IAT AutoSearch from ImageBase or OEP Unshuffle thunks function Manual imports editor -Limitations No plugin support yet No AutoTrace feature No disassembler The Visual Studio 2005 SP1 redistributable package might be necessary too: x86: http://www.microsoft.com/downloads/details.aspx?familyid=200b2fd9-ae1a-4a14-984d-389c36f85647&displaylang=en x64: http://www.microsoft.com/downloads/details.aspx?familyid=EB4EBE2D-33C0-4A47-9DD4-B9A6D7BD44DA&displaylang=en | |||
| Also listed in: | Dump Fixers, IAT Restore Tools, Process Dumpers, Unpacking Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Comrade's PE Tools |
| ||
|---|---|---|---|---|
| Author: | Comrade | |||
| Website: | http://comrade.ownz.com/projects/petools.html | |||
| Current version: | ||||
| Last updated: | July 31, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | * Inject Tool Inject is a tool that injects a DLL into a running process. Its command-line usage is as follows: 1. Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll 2. Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll 3. Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll 4. Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll 5. Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll Note that in all uses, you should specify the full path to the injected DLL. * Loader Tool Loader is a tool that injects a DLL before launching a process. Its command-line usage is as follows: 1. Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll Note that you should specify the full path to the injected DLL. * Patch Tool Patch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool. The tool's command-line usage is as follows: 1. Patch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll * Reimport Tool Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll. | |||
| Also listed in: | Code Injection Tools, PE Executable Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Malcode Analysis Pack |
| ||
|---|---|---|---|---|
| Author: | David Zimmer (iDefense Labs) | |||
| Website: | http://labs.idefense.com/files/labs/releases/previews/map/ | |||
| Current version: | ||||
| Last updated: | November 13, 2006 | |||
| Direct D/L link: | http://labs.idefense.com/software/download/?downloadID=8 | |||
| License type: | GPL2 | |||
| Description: | The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis. Included in this package are: • ShellExt - 4 explorer shell extensions • socketTool - manual TCP Client for probing functionality. • MailPot - mail server capture pot • fakeDNS - spoofs dns responses to controlled ip's • sniff_hit - HTTP, IRC, and DNS sniffer • sclog - Shellcode research and analysis application • IDCDumpFix - aids in quick RE of packed applications • Shellcode2Exe - embeds multiple shellcode formats in exe husk • GdiProcs - detect hidden processes | |||
| Also listed in: | Malware Analysis Tools, Network Tools, Process Monitoring Tools, TCP Proxy Tools, Network Sniffers, Reverse Engineering Frameworks, API Monitoring Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Stud_PE |
| ||
|---|---|---|---|---|
| Author: | CGSoftLabs | |||
| Website: | http://www.cgsoftlabs.ro/studpe.html | |||
| Current version: | 2.6.0.5 | |||
| Last updated: | October 31, 2009 | |||
| Direct D/L link: | http://www.cgsoftlabs.ro/zip/Stud_PE.zip | |||
| License type: | Freeware | |||
| Description: | Stud_PE The Portable Executables Viewer/Editor (32/64 bit PE files) Features: * View/edit PE basic Header information (DOS also): - Header structures to hexeditor; * View/edit Section Table: - Add new section; * View/edit Directory Table: - Import/Export Table viewer; - Import adder; - Resource viewer/editor (save/replace ico/cur/bmp); PE Scanner (PEiD sig database): - 400 packers/protectors/compilers; * Task viewer/dumper/killer; * PEHeader/Binary file compare; * RVA to RAW to RVA; * Drag'nDrop shell menu integration; * Basic HexEditor; * Process region dumper/viewer; | |||
| Also listed in: | PE Executable Editors, Resource Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
