From Collaborative RCE Tool Library
Import Editors
| Tool name: | Explorer Suite |
| ||
|---|---|---|---|---|
| Author: | Daniel Pistelli | |||
| Website: | http://ntcore.com/exsuite.php | |||
| Current version: | III | |||
| Last updated: | March 2, 2008 | |||
| Direct D/L link: | http://ntcore.com/Files/ExplorerSuite.exe | |||
| License type: | Free | |||
| Description: | A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium. Features: * Process Viewer * Windows Viewer * PE and Memory Dumper * Full support for PE32/64 * Special fields description and modification (.NET supported) * PE Utilities * PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer) * View and modification of .NET internal structures * Resource Editor (full support for Windows Vista icons) * Support in the Resource Editor for .NET resources (dumpable as well) * Hex Editor * Import Adder * PE integrity checks * Extension support * Visual Studio Extensions Wizard * Powerful scripting language * Dependency Walker * Quick Disassembler (x86, x64) * Name Unmangler * Extension support * File Scanner * Directory Scanner * Deep Scan method * Recursive Scan method * Multiple results * Report generation * Signatures Manager * Signatures Updater * Signatures Collisions Checker * Signatures Retriever | |||
| Also listed in: | .NET Executable Editors, .NET Resource Editors, .NET Signature Removers, .NET Tools, Dependency Analyzer Tools, Exe Analyzers, Executable CRC Calculators, Hex Editors, Memory Dumpers, PE Executable Editors, Process Dumpers, Protection Identifiers, Resource Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | IIDKing |
| ||
|---|---|---|---|---|
| Author: | SantMat | |||
| Website: | http://www.reteam.org/tools.html | |||
| Current version: | 2.01 | |||
| Last updated: | November 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | IIDKing allows you to add/remove imports to/from ANY PE file's import table, thereby eliminating the need to have to do LoadLibrary then GetProcAddress. Whats New: -Added the ability to add an unlimited number of DLL(s) and their corresponding Function(s) to the target exe. -You can now run IIDKing an unlimited number of times on any given target and IIDKing will only ever use ONE section called ".IIDKING" in your target. Old versions of IIDKing required more. -When you run IIDKing on a target that has already been modified via IIDKing v1/v2 it will notify you of this fact and subsequently load the previously added DLL(s)/Function(s) into the IIDKing dialog. This allows you to re-run IIDKing for the purpose of removing or adding to past import additions to your targets. -Added an easy to use interface for adding DLL(s)/Function(s) in the form of a list dialog. You simply select the DLL filename as you wish and it will list all it's available exports for you to choose from. Leaves no room for case sensitive or spelling errors when adding DLL(s)/Function(s). -IIDKing v2 is much more intuitive in handling user actions and hence can be kept open and used continuously on the same target or any given number of targets. No need to restart IIDKing ever. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | LordPE |
| ||
|---|---|---|---|---|
| Author: | y0da | |||
| Website: | N/A | |||
| Current version: | 1.41 (Deluxe b) | |||
| Last updated: | December 31, 2002 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,... Main features: * Task viewer/dumper * Huge PE editor (with big ImportTable viewer, ...) * Break'n'Enter (break at the EntryPoint of dll or exe files) * PE Rebuilder News: * The first GUI PE editor in the world supporting the new PE32+ (64bit) format ?! (only editing support - no rebuilding, dumping, comparing etc.) * New plugin interface added! You can develop LordPE Dump Engines (LDE) now. Look at \Docs\LDE.tXt for more information. * Added LDE: IntelliDump which can dump .NET CLR processes * Added structure lister for SectionHeaderTable, PE headers and DataDirectories (the "L" buttons) * Added hex edit buttons (the "H" buttons) in the DataDirectoryTable viewer * Added PE.OptionalHeader.Magic and PE.OptionalHeader.NumberOfRvaAndSizes to the PE editor * TLSTable DataDirectory is now editable * Possibility to increment/decrement the number of DataDirectories added * Etc etc etc... | |||
| Also listed in: | Dump Fixers, Process Dumpers, Memory Dumpers, PE Executable Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Malcode Analysis Pack |
| ||
|---|---|---|---|---|
| Author: | David Zimmer (iDefense Labs) | |||
| Website: | http://labs.idefense.com/files/labs/releases/previews/map/ | |||
| Current version: | ||||
| Last updated: | November 13, 2006 | |||
| Direct D/L link: | http://labs.idefense.com/software/download/?downloadID=8 | |||
| License type: | GPL2 | |||
| Description: | The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis. Included in this package are: • ShellExt - 4 explorer shell extensions • socketTool - manual TCP Client for probing functionality. • MailPot - mail server capture pot • fakeDNS - spoofs dns responses to controlled ip's • sniff_hit - HTTP, IRC, and DNS sniffer • sclog - Shellcode research and analysis application • IDCDumpFix - aids in quick RE of packed applications • Shellcode2Exe - embeds multiple shellcode formats in exe husk • GdiProcs - detect hidden processes | |||
| Also listed in: | Malware Analysis Tools, Network Tools, Process Monitoring Tools, TCP Proxy Tools, Network Sniffers, Reverse Engineering Frameworks, API Monitoring Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Stud_PE |
| ||
|---|---|---|---|---|
| Author: | CGSoftLabs | |||
| Website: | http://www.cgsoftlabs.ro/studpe.html | |||
| Current version: | 2.4.0.1 | |||
| Last updated: | April 2, 2008 | |||
| Direct D/L link: | http://www.cgsoftlabs.ro/zip/Stud_PE.zip | |||
| License type: | Freeware | |||
| Description: | Stud_PE The Portable Executables Viewer/Editor Features: * View/edit PE basic Header information (DOS also): - Header structures to hexeditor; * View/edit Section Table: - Add new section; * View/edit Directory Table: - Import/Export Table viewer; - Import adder; - Resource viewer/editor (save/replace ico/cur/bmp); PE Scanner (PEiD sig database): - 400 packers/protectors/compilers; * Task viewer/dumper/killer; * PEHeader/Binary file compare; * RVA to RAW to RVA; * Drag'nDrop shell menu integration; * Basic HexEditor; * Process region dumper/viewer; | |||
| Also listed in: | PE Executable Editors, Resource Editors | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
