From Collaborative RCE Tool Library

Jump to: navigation, search

Import Editors


Tool name: Explorer Suite
Rating: 5.0 (1 vote)
Author: Daniel Pistelli                        
Website: http://ntcore.com/exsuite.php
Current version: III
Last updated: March 2, 2008
Direct D/L link: http://ntcore.com/Files/ExplorerSuite.exe
License type: Free
Description: A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium.

Features:

* Process Viewer
* Windows Viewer
* PE and Memory Dumper
* Full support for PE32/64
* Special fields description and modification (.NET supported)
* PE Utilities
* PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer)
* View and modification of .NET internal structures
* Resource Editor (full support for Windows Vista icons)
* Support in the Resource Editor for .NET resources (dumpable as well)
* Hex Editor
* Import Adder
* PE integrity checks
* Extension support
* Visual Studio Extensions Wizard
* Powerful scripting language
* Dependency Walker
* Quick Disassembler (x86, x64)
* Name Unmangler
* Extension support
* File Scanner
* Directory Scanner
* Deep Scan method
* Recursive Scan method
* Multiple results
* Report generation
* Signatures Manager
* Signatures Updater
* Signatures Collisions Checker
* Signatures Retriever
Also listed in: .NET Executable Editors, .NET Resource Editors, .NET Signature Removers, .NET Tools, Dependency Analyzer Tools, Exe Analyzers, Executable CRC Calculators, Hex Editors, Memory Dumpers, PE Executable Editors, Process Dumpers, Protection Identifiers, Resource Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IIDKing
Rating: 0.0 (0 votes)
Author: SantMat                        
Website: http://www.reteam.org/tools.html
Current version: 2.01
Last updated: November 2004
Direct D/L link: Locally archived copy
License type: Free
Description: IIDKing allows you to add/remove imports to/from ANY PE file's import table, thereby
eliminating the need to have to do LoadLibrary then GetProcAddress.

Whats New:
-Added the ability to add an unlimited number of DLL(s) and their
corresponding Function(s) to the target exe.

-You can now run IIDKing an unlimited number of times on any given target and
IIDKing will only ever use ONE section called ".IIDKING" in your target. Old
versions of IIDKing required more.

-When you run IIDKing on a target that has already been modified via IIDKing
v1/v2 it will notify you of this fact and subsequently load the previously
added DLL(s)/Function(s) into the IIDKing dialog. This allows you to re-run
IIDKing for the purpose of removing or adding to past import additions to
your targets.

-Added an easy to use interface for adding DLL(s)/Function(s) in the form of a
list dialog. You simply select the DLL filename as you wish and it will list
all it's available exports for you to choose from. Leaves no room for case
sensitive or spelling errors when adding DLL(s)/Function(s).

-IIDKing v2 is much more intuitive in handling user actions and hence can be
kept open and used continuously on the same target or any given number of
targets. No need to restart IIDKing ever.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LordPE
Rating: 4.0 (1 vote)
Author: y0da                        
Website: N/A
Current version: 1.41 (Deluxe b)
Last updated: December 31, 2002
Direct D/L link: Locally archived copy
License type: Free
Description: LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,...

Main features:

* Task viewer/dumper
* Huge PE editor (with big ImportTable viewer, ...)
* Break'n'Enter (break at the EntryPoint of dll or exe files)
* PE Rebuilder

News:

* The first GUI PE editor in the world supporting the new PE32+ (64bit) format ?! (only editing support - no rebuilding, dumping, comparing etc.)
* New plugin interface added! You can develop LordPE Dump Engines (LDE) now.
Look at \Docs\LDE.tXt for more information.
* Added LDE: IntelliDump which can dump .NET CLR processes
* Added structure lister for SectionHeaderTable, PE headers and DataDirectories (the "L" buttons)
* Added hex edit buttons (the "H" buttons) in the DataDirectoryTable viewer
* Added PE.OptionalHeader.Magic and PE.OptionalHeader.NumberOfRvaAndSizes to the PE editor
* TLSTable DataDirectory is now editable
* Possibility to increment/decrement the number of DataDirectories added
* Etc etc etc...
Also listed in: Dump Fixers, Process Dumpers, Memory Dumpers, PE Executable Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Malcode Analysis Pack
Rating: 0.0 (0 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://labs.idefense.com/files/labs/releases/previews/map/
Current version:
Last updated: November 13, 2006
Direct D/L link: http://labs.idefense.com/software/download/?downloadID=8
License type: GPL2
Description: The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 4 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes
Also listed in: Malware Analysis Tools, Network Tools, Process Monitoring Tools, TCP Proxy Tools, Network Sniffers, Reverse Engineering Frameworks, API Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Stud_PE
Rating: 0.0 (0 votes)
Author: CGSoftLabs                        
Website: http://www.cgsoftlabs.ro/studpe.html
Current version: 2.4.0.1
Last updated: April 2, 2008
Direct D/L link: http://www.cgsoftlabs.ro/zip/Stud_PE.zip
License type: Freeware
Description: Stud_PE The Portable Executables Viewer/Editor

Features:
* View/edit PE basic Header information (DOS also):
- Header structures to hexeditor;
* View/edit Section Table:
- Add new section;
* View/edit Directory Table:
- Import/Export Table viewer;
- Import adder;
- Resource viewer/editor (save/replace ico/cur/bmp);
PE Scanner (PEiD sig database):
- 400 packers/protectors/compilers;
* Task viewer/dumper/killer;
* PEHeader/Binary file compare;
* RVA to RAW to RVA;
* Drag'nDrop shell menu integration;
* Basic HexEditor;
* Process region dumper/viewer;
Also listed in: PE Executable Editors, Resource Editors
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Ripping Tools  (1)
   Crypto Tools  (2)
   Firefox Extensions  (1)
   Hex Editors  (10)
   Memory Patchers  (3)
   Packers  (10)
   Profiler Tools  (9)
   Resource Editors  (7)
   String Finders  (5)
   Tool Hiding Tools  (1)
   Tracers  (10)