From Collaborative RCE Tool Library

Jump to: navigation, search

Programming Libraries


Tool name: Codetective Analysis Tool
Rating: 5.0 (1 vote)
Author: Francisco Gama Tabanez Ribeiro                        
Website: https://github.com/blackthorne/Codetective
Current version: 0.8.2
Last updated: September 20, 2014
Direct D/L link: N/A
License type: GPL
Description: Sometimes we run into hashes and other artefacts and can't figure out where did they come from and how they were generated. This tool is able to recognise the output format of many different algorithms in many different possible encodings for analysis purposes. It also infers the levels of certainty for each finding based on traces of its representation .

This may be useful e.g. when you are testing systems from a security perspective and are able to grab a password file with hashed contents maybe from an exposed backup file or by dumping memory. This may also be useful as a part of a fingerprinting process or simply to verify valid implementations of different algorithms. You may also try running this tool against network traffic captures or large source code repositories to look out for interesting stuff.

You can either use a generic version or as a plugin for the Volatility framework. The usage is similar.
Currently supports:
web-cookie
mssql2000
md5
URL
md4
phone number
credit cards
mssql2005
lm hash
ntlm hash
MySQL4+
MySQL323
base64
SAM(*:ntlm)
SAM(lm:*)
SAM(lm:ntlm)
RipeMD320
sha1
sha224
sha256
sha384
sha512
whirpool
CRC
des-salt-unix
sha256-salt-django
sha256-django
sha384-salt-django
sha384-django
sha256-salt-unix
sha512-salt-unix
apr1-salt-unix
md5-salt-unix
md5-wordpress
md5-phpBB3
md5-joomla2
md5-salt-joomla2
md5-joomla1
md5-salt-joomla1
blowfish-salt-unix
uuid
Also listed in: Crypto Libraries, Data Extraction Tools, Data Search and Extraction Tools, Dongle Analysis Tools, Dongle Crypto Solver Tools, Memory Data Tracing Tools, Memory Search Tools, String Finders
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PVDasm Disassembly Core Engine
Rating: 5.0 (1 vote)
Author: Bengaly                        
Website: http://www.woodmann.com/forum/showthread.php?14287-PVDasm-v1.7b-%2832Bit-64Bit%29
Current version: 1.05
Last updated: March 27, 2011
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: The disassembler library that PVDasm is based on. Nice and clean.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 0.9.7
Last updated: March 3, 2014
Direct D/L link: http://www.radare.org/get/radare2-0.9.7.tar.xz
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BeaEngine
Rating: 4.0 (2 votes)
Author: Beatrix2004                        
Website: http://www.beaengine.org
Current version: 4.1
Last updated: December 31, 2010
Direct D/L link: http://www.beaengine.org/index.php?option=com_content&view=article&id=10&Itemid=11
License type: LGPL 3
Description: BeaEngine is a multi-plateform library coded in C (ISO99). It contains actually one function called "Disasm" which allows to disassemble any instruction from the intel instructions set for processors 32 bits and 64 bits. You can use this lib with following languages : C#, C, Python, Delphi, PureBasic, masm32, masm64, GoAsm32, GoAsm64, Nasm, Fasm, WinDev. You can use it in ring3 or ring0 because it doesn't use the windows API. The package you can download here contains the lib, the source code under LPGL3 license and examples including headers for C programmers, C#, masm, nasm, fasm ,GoAsm Python, Delphi, PureBasic, WinDev ones.
Also listed in: X64 Disassembler Libraries, X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OpenSSL libcrypto
Rating: 4.0 (1 vote)
Author: The OpenSSL Software Foundation                        
Website: http://openssl.org
Current version: 1.0.1e
Last updated: February 11, 2013
Direct D/L link: http://openssl.org/source/openssl-1.0.1e.tar.gz
License type: Free / Open Source (C)
Description: Very competent crypto library used in OpenSSL.

Online documentation at:

http://www.openssl.org/docs/crypto/crypto.html
Also listed in: Crypto Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinAppDbg (Python module)
Rating: 4.0 (1 vote)
Author: Mario Vilas                        
Website: http://winappdbg.sourceforge.net
Current version: 1.4
Last updated: August 24, 2010
Direct D/L link: http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/
License type: Free / Open Source (BSD)
Description: The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment.

It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows.

The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes.

Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing.
Also listed in: Debugger Libraries, Debuggers, Ring 3 Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: pynary
Rating: 1.0 (1 vote)
Author: c1de0x                        
Website: http://code.google.com/p/openrce-snippets/wiki/pynary
Current version: 0.0.1
Last updated:
Direct D/L link: N/A
License type: Open Source
Description: pynary will become a powerful platform independent framework for binary code analysis.

The initial goal is to the implementation of function signature matching using graph isomorphism and an extensible 'write-your-own-heuristic' model to allow tweaks for particular targets. It will also identify standard library global constants and structure where possible.

Once the initial goal is achieved, a number of cool features are planned:

* stack frame analysis
* un-inliner
* exception handling parsing/analysis
* 'functionally equivalent' matching
* c++ template function matching
* meta-data transfer between IDBs
* c++ class reconstruction (with/without RTTI)
* ...

This project is still in its infancy, and looking for volunteers.
Also listed in: Deobfuscation Tools, Executable Diff Tools, Reverse Engineering Frameworks, Exe Analyzers, Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Androguard
Rating: 0.0 (0 votes)
Author: Anthony Desnos                        
Website: http://code.google.com/p/androguard/
Current version: 0.9
Last updated: September 25, 2011
Direct D/L link: http://androguard.googlecode.com/files/androguard-0.9.tar.gz
License type: LGPL
Description: Androguard (Android Guard) is primarily a tool written in full python to play with :
- .class (JavaVM)
- .dex (DalvikVM)
- APK
- JAR
- Android's binary xml

Androguard has the following features :
- Map and manipulate (read/write) DEX/CLASS/APK/JAR files into full Python objects,
- Native support of DEX code in a c++ library,
- Access to the static analysis of your code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool,
- Check if an android application is present in a database (malwares, goodwares ?),
- Open source database of android malwares,
- Diffing of android applications,
- Measure the efficiency of obfuscators (proguard, ...),
- Determine if your application has been pirated (rip-off indicator),
- Risk indicator of malicious application,
- Reverse engineering of applications (goodwares, malwares),
- Transform Android's binary xml (like AndroidManifest.xml) into classic xml,
- Visualize your application into cytoscape (by using xgmml format), or PNG/DOT output,
- Patch JVM classes, add native library dependencies,
- Dump the jvm process to find classes into memory,
- ...
Also listed in: Android Tools, Binary Diff Tools, Disassembler Libraries, Disassemblers, Entropy Analyzers, Java Disassembler Libraries, Malware Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BCEL
Rating: 0.0 (0 votes)
Author: The Apache Jakarta Project                        
Website: http://jakarta.apache.org/bcel
Current version: 5.2
Last updated: June 6, 2006
Direct D/L link: N/A
License type: Free / Open Source
Description: The Byte Code Engineering Library is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class). Classes are represented by objects which contain all the symbolic information of the given class: methods, fields and byte code instructions, in particular.

Such objects can be read from an existing file, be transformed by a program (e.g. a class loader at run-time) and dumped to a file again. An even more interesting application is the creation of classes from scratch at run-time. The Byte Code Engineering Library (BCEL) may be also useful if you want to learn about the Java Virtual Machine (JVM) and the format of Java .class files.

BCEL contains a byte code verifier named JustIce, which usually gives you much better information about what's wrong with your code than the standard JVM message.

BCEL is already being used successfully in several projects such as compilers, optimizers, obsfuscators, code generators and analysis tools. Unfortunately there hasn't been much development going on over the past few years.
Also listed in: Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: bzip2
Rating: 0.0 (0 votes)
Author: Julian Seward                        
Website: http://www.bzip.org
Current version: 1.0.4
Last updated: December 20, 2006
Direct D/L link: N/A
License type: Free / Open Source
Description: bzip2 is a freely available, patent free (see below), high-quality data compressor. It typically compresses files to within 10% to 15% of the best available techniques (the PPM family of statistical compressors), whilst being around twice as fast at compression and six times faster at decompression.

The current version is 1.0.4, released 20 December 2006.

Why would I want to use it?

* Because it compresses well. So it packs more stuff into your overfull disk drives, distribution CDs, backup tapes, Zip disks, etc. And/or it reduces your phone bills, customer download times, long distance network traffic, etc. It's not the world's fastest compressor, but it's still fast enough to be very useful.

* Because it's open-source (BSD-style license), and, as far as I know, patent-free. (To the best of my knowledge. I can't afford to do a full patent search, so I can't guarantee this. Caveat emptor). So you can use it for whatever you like. Naturally, the source code is part of the distribution.

* Because it supports (limited) recovery from media errors. If you are trying to restore compressed data from a backup tape or disk, and that data contains some errors, bzip2 may still be able to decompress those parts of the file which are undamaged.

* Because you already know how to use it. bzip2's command line flags are similar to those of GNU Gzip, so if you know how to use gzip, you know how to use bzip2.

* Because it's very portable. It should run on any 32 or 64-bit machine with an ANSI C compiler. The distribution should compile unmodified on Unix and Win32 systems. Earlier versions have been ported with little difficulty to a large number of weird and wonderful systems.

* Because (by now, late 2006) everybody else uses it too.

The code is organised as a library with a programming interface. The bzip2 program itself is a client of the library. You can use the library in your own programs, to directly read and write .bz2 files, or even just to compress data in memory using the bzip2 algorithms.
Also listed in: Decompression Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Capstone engine
Rating: 0.0 (0 votes)
Author: Nguyen Anh Quynh                        
Website: http://www.capstone-engine.org
Current version: 1.0
Last updated: December 18, 2013
Direct D/L link: N/A
License type: BSD
Description: Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
Features

- Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.

- Clean/simple/lightweight/intuitive architecture-neutral API.

- Provide details on disassembled instruction (called “decomposer” by others).

- Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.

- Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.

- Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).

- Thread-safe by design.

- Distributed under the open source BSD license.

Also listed in: X64 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: cryptlib
Rating: 0.0 (0 votes)
Author: Peter Gutmann (yeah, that lunatic)                        
Website: http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
Current version: 3.3.1
Last updated: recent snapshots always available
Direct D/L link: http://www.cypherpunks.to/~peter/cl331.zip
License type: "GPL-compatible license", A.K.A. "Sleepycat license"...
Description: Besides very, very diverse and creative name, cryptlib comes with 400+ pages manual (...), and really fast implementations of common crypto primitives.
Also listed in: Crypto Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Crypto++
Rating: 0.0 (0 votes)
Author: Wei Dai                        
Website: http://www.cryptopp.com
Current version: 5.5.2
Last updated: September 24, 2007
Direct D/L link: http://www.cryptopp.com/cryptopp552.zip
License type: Public Domain (!)
Description: Cross platform library with usual crypto primitives: Hashing algos, asymmetric and symmetric algorithms, MAC's and support for elliptic curve cryptography.
Also listed in: Crypto Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DED
Rating: 0.0 (0 votes)
Author: Damien Octeau, Patrick McDaniel, William Enck                         
Website: http://siis.cse.psu.edu/ded/
Current version: 0.7.1
Last updated: August 17, 2011
Direct D/L link: http://siis.cse.psu.edu/ded/downloads.html
License type: free (copyrighted material)
Description: Background:
ded is a project which aims at decompiling Android applications. The ded tool retargets Android applications in .dex format to traditional .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications.

Usage:
% ded-<version> -d <output dir> <dex/apk file>
Also listed in: Android Tools, Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: diStorm64 x86-64 Disasm Lib
Rating: 0.0 (0 votes)
Author: Gil Dabah & Co.                        
Website: http://www.ragestorm.net/distorm
Current version: 1.7.29
Last updated: March 7, 2008
Direct D/L link: http://www.ragestorm.net/distorm/dl.php?id=11
License type: BSD license
Description: Cross platform x86, x64, MMX, SSE, SSE2, SSE3, SSE4 and soon SSE5 support with open opcode database support (tools available, carefully examine the whole page, you're looking for disops.zip, at the moment available at http://www.ragestorm.net/distorm/dl.php?id=13)

'nough said.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DisasMSIL
Rating: 0.0 (0 votes)
Author: Daniel Pistelli                        
Website: http://ntcore.com/Files/disasmsil.htm
Current version: 1.0
Last updated: April 30, 2008
Direct D/L link: http://ntcore.com/Files/disasmsil/DisasMSIL.zip
License type: Free / Open source
Description: DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

Note: Don't rely on the ECMA specification (Partition III: Common Language Infrastructure), since it's incomplete. Some new opcodes were introduced with the .NET Framework 2.0.
Also listed in: .NET Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Disasm32
Rating: 0.0 (0 votes)
Author: Russell Libby                        
Website: http://users.adelphia.net/~rllibby/source.html
Current version:
Last updated: March 1, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Delphi Disassembler Conversion of libdisasm 2.0. This is a Delphi conversion of the libdisasm project. The source code provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler class which can be called to disassemble instructions from memory. Disassembled information is in Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Disassemble Help Library
Rating: 0.0 (0 votes)
Author: Vasiliy Sotnikov                        
Website: http://dsmhelp.narod.ru/
Current version: 1.1
Last updated: May 6, 2011
Direct D/L link: http://dsmhelp.narod.ru/dsmhelp1.1.zip
License type: Free
Description: Disassembler and single line assembler with Epimorphic syntax.
dsmhelp.dll - main file, it`s native 64-bit library with base independent code.
dsmdemo.exe - demonstration file.

Works witn 16-bit,32-bit and 64-bit codes.
Supported instructions sets: Basic,System,SSE,SSE2,SSE3,SSSE3,SSE4,SSE4A,MMX,FPU,3DNOW,VMX,SVM,AVX,FMA3,FMA4,XOP
Also listed in: X64 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DynamoRIO
Rating: 0.0 (0 votes)
Author: Hewlett-Packard Laboratories & MIT & Derek Bruening                        
Website: http://dynamorio.org
Current version: 6.0.0.6
Last updated: October 6, 2015
Direct D/L link: https://github.com/DynamoRIO/dynamorio/releases/download/release_6_0_0/DynamoRIO-Windows-6.0.0-6.zip
License type: Free and open source (BSD-type license)
Description: DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.
DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.
Also listed in: Code Coverage Tools, Code Injection Tools, Debugger Libraries, Disassembler Libraries, Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: eXtended Disassembler Engine (XDE)
Rating: 0.0 (0 votes)
Author: Z0mbie                        
Website: http://vx.netlux.org/vx.php?id=ex01
Current version: 1.02
Last updated: October 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: XDE is based on the LDE/ADE engines. It allows you to find length of any x86 instruction, source/destination register usage for most commonly used instructions, and to split/merge instruction to/from some binary structure.

From program's viewpoint, CPU operates with: different types of registers, memory and io-devices. As such, there are introduced "object set" concept, which means bitset of registers/memory/etc. being read/written by each instruction.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Fixed OllyDbg Disasm DLL
Rating: 0.0 (0 votes)
Author: CondZero                        
Website: http://arteam.accessroot.com/releases.html
Current version: 1.10
Last updated: April 9, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: An improved and fixed version of the already known disasm library (released by Oleh, Olly's author and part of the Olly's disasm engine). A little tool might help for your tools.

This package includes source code of 32-bit Disassembler and 32-bit single line Assembler for 80x86-compatible processors. The source is a slightly stripped/modified version of code used in OllyDbg v1.10 and is well proven by its numerous users.

The disasm.dll has been built using VS2005 VC 8.0 (special note: I had to make a couple modifications for errors during compilation in the source).

To include in your program, make sure the disasm.lib file is in your project folder and the resultant disasm.dll in your executable folder. Be sure to add this to your source code:
#pragma hdrstop
#include "disasm.h"
Also listed in: Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: GNU Multiple Precision Arithmetic Library (GMP)
Rating: 0.0 (0 votes)
Author: Free Software Foundation                        
Website: http://gmplib.org
Current version: 4.2.2
Last updated: September 11, 2007
Direct D/L link: http://ftp.sunet.se/pub/gnu/gmp/gmp-4.2.2.tar.gz
License type: Free / Open Source
Description: GMP is a free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating point numbers. There is no practical limit to the precision except the ones implied by the available memory in the machine GMP runs on. GMP has a rich set of functions, and the functions have a regular interface.

The main target applications for GMP are cryptography applications and research, Internet security applications, algebra systems, computational algebra research, etc.

GMP is carefully designed to be as fast as possible, both for small operands and for huge operands. The speed is achieved by using fullwords as the basic arithmetic type, by using fast algorithms, with highly optimized assembly code for the most common inner loops for a lot of CPUs, and by a general emphasis on speed.

GMP is faster than any other bignum library. The advantage for GMP increases with the operand sizes for many operations, since GMP uses asymptotically faster algorithms.

The first GMP release was made in 1991. It is continually developed and maintained, with a new release about once a year.
Also listed in: BigNum Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hacker Disassembler Engine (HDE)
Rating: 0.0 (0 votes)
Author: Veacheslav Patkov                        
Website: http://patkov-site.narod.ru
Current version: 0.28
Last updated: March 09, 2009
Direct D/L link: http://patkov-site.narod.ru/download/hde32-0.28.tar.gz
License type: Free
Description: This is small disassembler engine intended to x86-32 code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode, immediate value, displacement, etc. For example, you can use HDE when writing unpackers, decryptors, viruses of executable files. HDE package include compiled object files in difference formats, header files and assembler source.

* Supports FPU, MMX, SSE, SSE2, SSE3, 3DNow! instructions
* High speed and small size (~ 1.5 kb)
* Position and OS independent code
* Compatibility with a most coding languages
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: jclasslib
Rating: 0.0 (0 votes)
Author: ej-technologies                        
Website: http://www.ej-technologies.com/products/jclasslib/overview.html
Current version: 3.0
Last updated: January 14, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: jclasslib bytecode viewer is a tool that visualizes all aspects of compiled Java class files and the contained bytecode. In addition, it contains a library that enables developers to read, modify and write Java class files and bytecode.
Also listed in: Java Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: libarchive
Rating: 0.0 (0 votes)
Author: kientzle@freebsd.org                        
Website: http://people.freebsd.org/~kientzle/libarchive
Current version: 2.4.11
Last updated: December 30, 2007
Direct D/L link: N/A
License type: Free / Open Source
Description: Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives. The bsdtar program is an implementation of tar(1) that is built on top of libarchive. It started as a test harness, but has grown into a feature-competitive replacement for GNU tar. The bsdcpio program is an implementation of cpio(1) that is built on top of libarchive.

The libarchive library offers a number of features that make it both very flexible and very powerful.

* Automatic format detection: libarchive can automatically determine both the compression and the archive format, regardless of the data source. (GNU tar and star only do full format detection when reading from a file, for instance. Gunnar Ritter's heirloom tar also does full automatic format detection.)

* Reads popular formats: libarchive can read GNU tar, ustar, pax interchange format, cpio, zip, and ISO9660 formats. The internal architecture is easily extensible. The only requirement for read support is that all metadata for a file must precede the file data itself within the archive.

* Writes popular formats: libarchive can write ustar, pax interchange format, cpio, and shar formats. The internal architecture is easily extensible. The only requirement for write support is that all metadata for a file must follow the preceding file's data within the archive. (Yes, there are formats that libarchive can write but not read and vice versa.)

* Reads and writes POSIX formats: libarchive reads and writes POSIX-standard formats, including "ustar," "pax interchange format," and the POSIX "cpio" format.

* Supports pax interchange format: Pax interchange format (which, despite the name, is really an extended tar format) eliminates almost all limitations of historic tar formats and provides a standard method for incorporating vendor-specific extensions. libarchive exploits this extension mechanism to support ACLs and file flags, for example. (Joerg Schilling's star archiver and recent versions of GNU tar also support pax interchange format.)

* High-Level API: the libarchive API makes it fairly simple to build an archive from a list of filenames or to extract the entries from an archive. However, the API also provides extreme flexibility with regards to data sources. For example, there are generic hooks that allow you to write an archive to a socket or read data from an archive entry into a memory buffer.

* Modular: The library design carefully minimizes link pollution. If you only need read support for a single format, for example, you will only get the required code. This minimizes the size of statically-linked executables. (In particular, zlib or libbz2 are only required if you specifically request gzip or bzip2 support.)

* Extensible: The internal design uses generic interfaces for compression, archive format detection and decoding, and archive data I/O. It should be very easy to add new formats, new compression methods, or new ways of reading/writing archives.

* Featureful: Libarchive handles ACLs, file flags, extended attributes, international characters, large files, long pathnames, and many other features. Details vary depending on the particular format, of course.

* Fast: Libarchive minimizes data copying when handling archive files and contains carefully-tuned code for recreating objects on disk.
Also listed in: Decompression Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: libdisasm
Rating: 0.0 (0 votes)
Author: mammon_, ReZiDeNt, The Grugq, MO_K, a_p, fbj                        
Website: http://bastard.sourceforge.net/libdisasm.html
Current version: 0.23
Last updated: January 16, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: x86 Disassembler Library

The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler which can be called from any application; the disassembly can be produced in AT&T syntax and Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.

This disassembler is derived from libi386.so in the bastard project; as such it is x86 specific and will not be expanded to include other CPU architectures. Releases for libdisasm are generated automatically alongside releases of the bastard; it is not a standalone project, though it is a standalone library.

The recent spate of objdump output analyzers has proven that many of the people [not necessarily programmers] interested in writing disassemblers have little knowledge of, or interest in, C programming; as a result, these "disassemblers" have been written in Perl. In order to address this audience, a HOWTO has been provided which demonstrates how to use the libdisasm opcode tables to implement a true disassembler using Perl.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MIRACL
Rating: 0.0 (0 votes)
Author: ShamusSoftware                        
Website: http://www.shamus.ie
Current version: 5.4
Last updated: July 18, 2009
Direct D/L link: ftp://ftp.computing.dcu.ie/pub/crypto/miracl.zip
License type: Free
Description: MIRACL is a Big Number Library which implements all of the primitives necessary to design Big Number Cryptography into your real-world application. It is primarily a tool for cryptographic system implementors. RSA public key cryptography, Diffie-Hellman Key exchange, DSA digital signature, they are all just a few procedure calls away. Support is also included for even more esoteric Elliptic Curves and Lucas function based schemes. The latest version offers full support for Elliptic Curve Cryptography over GF(p) and GF(2m) - see the links on this page for more details. Less well-known techniques can also be implemented as MIRACL allows you to work directly and efficiently with the big numbers that are the building blocks of number-theoretic cryptography. Although implemented as a C library, a well-thought out C++ wrapper is provided, which greatly simplifies program development. Most example programs (25+ of them) are provided in both C and C++ versions.

MIRACL now provides more support for conventional cryptography. The latest version implements the Advanced Encryption Standard (AES), Modes of Operation, and the new hashing standards SHA-160/256/384/512.

MIRACL is compact, fast and efficient and its now easier than ever to get the same near-optimal performance from any processor. Although essentially a portable library, inline assembly and special techniques can be invoked for blistering speed. MIRACL has also been successfully used in both embedded and DSP environments where space is at a premium. A new special purpose macro assembler feature facilitates the achievement of best possible performance from your embedded processor (see embedded.doc). MIRACL is, to an extent, self-configuring. Use your compiler to compile and run a simple configuration program, which proceeds with user interaction to generate optimal settings for your environment.
Also listed in: BigNum Libraries, Crypto Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MasmBasic
Rating: 0.0 (0 votes)
Author: jj2007                        
Website: http://masm32.com/board/index.php?topic=94.0
Current version: 2015.12.31
Last updated: December 31, 2015
Direct D/L link: http://masm32.com/board/index.php?action=dlattach;topic=94.0;attach=5016
License type: free and open source
Description: MasmBasic is a library that allows to use BASIC syntax in assembler, i.e. it is not a "separate" language but rather a library of macros and routines, fully compatible with the latest Masm32 SDK (version 11), MASM (version 6.15 and higher, e.g. version 8.0) and JWasm . While MasmBasic is pretty stable, it is still Assembler, therefore the usual disclaimers apply - do not use for military purposes, in hospitals and anywhere else where buggy applications could cause damage. You have been warned :)

To install the library, double-click MbSetup.exe in the downloaded archive.

For an overview of the about 200 functions available, see \Masm32\MasmBasic\MbGuide.rtf (after extracting the archive of course) or see the (incomplete) MasmBasic Quick Reference online.

Latest additions: GetFiles returns UTF8 now, WebCam, GetProcessArray(), new GSL lib, Choose, fast MemSet, Instr_() and Sinus() , Data, Read, GuiXX functions, Split$, Join$, Filter$, commandline to Files$(), GfCallback, true Unicode, also in file I/O; UnzipFile, ArraySet, SetReg64 for 64-bit registry settings, ArrayMerge, Age(), GetRegArrays, unsigned LONGLONG in Str$(), ShEx, xls interface, ArrayPlot, AddWin$, WritePipe, Plugins, IsFolder(), wOpen, FileOpen$/FileSave$, also as Unicode versions, Extract$, Dialogs, COM support (CoInvoke, GuidsEqual(), IUnknown, VARIANT, ...), improved ANSI and Unicode commandline macros CL$()/wCL$(), improved xHelp, Launch$(), Try/Catch/Finally, ...

From June 2015 onwards, MasmBasic is Windows 8 compatible. From March 2015 onwards, float counters are valid in For_ ... Next. From 10 Feb 2015 onwards, xmm regs are preserved for all
MasmBasic commands. Note that simple Windows API calls can trash them on 64-bit versions of Windows.

Note that you need either JWasm (highly recommended) or at least ML.EXE version 6.15 to use the MasmBasic library; ML 6.14 (the old version that is included with the Masm32 SDK, see \Masm32\bin) is not sufficient, because MasmBasic contains SSE2 code.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: mlde32
Rating: 0.0 (0 votes)
Author: uNdErX                        
Website: http://vx.netlux.org/vx.php?id=em24
Current version:
Last updated: January 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Micro Length-Disassembler Engine 32 (mlde32), is a length-disassembler engine, i.e. a piece of code that allows u to know the length of any x86 instruction. The mlde32 engine supports the ordinary 386 opcode set, plus the extensions: fpu, mmx, cmov, sse, sse2 etc...

It's usage is very simple here's the prototype:

int __cdecl mlde32(void *codeptr);
where:
codeptr -> is a pointer to the opcode that u want to know the size.

if you have any problem using the engine, just take look in some examples at the /examples (nothing more obvious). That's a very simple and powerful engine,and does not require too much system resources either,just 160 bytes of stack space is needed. This engine is only code, and no fixed offsets were used so it can be permutaded/perverted at your own will.

Engine was released in 29A#7 magazine. The size of the engine is 431 byte.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: opdis
Rating: 0.0 (0 votes)
Author: mkfs                        
Website: http://community.thoughtgang.org/content/opdis
Current version: 1.0.1
Last updated: April 19, 2010
Direct D/L link: http://github.com/downloads/mkfs/mkfs.github.com/opdis-1.0.1.tar.gz
License type: GPL
Description: Opdis is a wrapper for the libopcodes disassembler library distributed as part of GNU binutils. It extends the libopcodes library by offering linear and control-flow disassembly algorithms, instruction and operand objects that are suitable for analysis, and a command-line utility to perform disassembly on arbitrary locations in a file.

The Opdis project consists of the libopdis library and the opdis command-line utility.
Also listed in: Disassembler Libraries, Disassemblers, X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Open NT Native Template Library
Rating: 0.0 (0 votes)
Author:                         
Website: http://code.google.com/p/ontl
Current version:
Last updated: November 20, 2009
Direct D/L link: N/A
License type: zlib license
Description: A set of tiny C++ RAII wrappers for NT Native/Win32 APIs including its own C++0x Standard Library (formerly STL) implementation.
Also listed in: Low-level Development Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PaiMei
Rating: 0.0 (0 votes)
Author: Pedram Amini                        
Website: http://paimei.googlecode.com
Current version: 1.1-REV122
Last updated: May 22, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. The framework breaks down into the following core components:

* PyDbg: A pure Python win32 debugging abstraction class.
* pGRAPH: A graph abstraction layer with seperate classes for nodes, edges and clusters.
* PIDA: Built on top of pGRAPH, PIDA aims to provide an abstract and persistent interface over binaries (DLLs and EXEs) with separate classes for representing functions, basic blocks and instructions. The end result is the creation of a portable file that when loaded allows you to arbitrarily navigate throughout the entire original binary.

A layer above the core components you will find the remainder of the PaiMei framework broken into the following over-arching components:

* Utilities: A set of utilities for accomplishing various repetitive tasks.
* Console: A pluggable WxPython GUI for quickly and efficiently rolling out your own sexy RE utilities.
* Scripts: Individual scripts for accomplishing various tasks. One very important example of which is the pida_dump.py IDA Python script which is run from IDA to generate .PIDA modules.


The documentation for the framework is available online at: http://pedram.openrce.org/PaiMei/docs

A very informative discussion thread about PaiMei, including a bunch of tutorials on how to use the different aspects of it, can be found at:
http://www.woodmann.com/forum/showthread.php?t=10851
Also listed in: Debugger Libraries, Reverse Engineering Frameworks
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Pokas x86 Emulator for Generic Unpacking
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://sourceforge.net/projects/x86emu/
Current version: 1.2.0 and 1.21 visual C++
Last updated: December 28, 2012
Direct D/L link: http://sourceforge.net/projects/x86emu/files/1.2.0/x86emu-1.2.rar/download
License type: GPL
Description: Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon with the help of your feedback.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, Disassemblers, OEP Finders, PE Executable Editors, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Ragweed
Rating: 0.0 (0 votes)
Author: Matasano Security                        
Website: http://www.matasano.com/log/1799/ruby-for-pentesters-the-dark-side-i-ragweed/
Current version:
Last updated:
Direct D/L link: N/A
License type: Free / Open Source
Description: Ragweed is available as a gem through github:

sudo gem install tduehr-ragweed


Why a scriptable debugger?


When reversing, the usual debugging tools for developers aren’t as useful. They’re built for stepping interactively through programs you have source code for. They don’t generally have methods to get data out.

Reversing also requires being able to do mean and nasty things to the running process. When tracing calls, you want to watch how they interact. The last thing you want to do is anything manual. Automation is a requirement.

Also helpful is the ability to automate information gathering tasks, or the ability to dynamically add, remove or change breakpoints. These features are why scriptable debuggers have been created: To play with black boxes in a more dynamic and seedier manner.

What’s available already?


There are already scriptable debuggers out there. The most notable are PaiMei/PyDbg, Immunity Debugger and IDA.

PaiMei is written in Python, bills itself as “a reverse engineer’s swiss army knife” and uses the Python ctypes library for low level win32 calls.

Immunity Debugger is a GUI debuggger for win32 that uses Python for its scripting functionality.

IDA Pro is largely a win32 disassembler, but it is scriptable, again in Python, and includes a debugging module.

Before I get run off by a screaming mob with pitchforks, flightless birds, members of the family bovidae, etc., I will also mention GDB which has a library in development (libgdb) and can be scripted through macros.

With the exception of GDB which runs on most platforms and has its own macro language, these all share two common problems: Win32 and Python. Matasano is a Ruby shop. We like Ruby. It is good to us. We also wanted a tool for non-Win32 applications. But mostly, we just wanted something in Ruby.

Enter Ragweed


I’m going to stick to the OSX side of Ragweed for this article since I’m most familiar with it and there is still work to be done to unify the (currently) three debugging APIs —- Win32, Linux, and OSX —- inside Ragweed.

Under the hood, Ragweed (on OSX) uses Ruby/DL to perform the various low level system calls necessary to create a debugger. (More about that in my post from last year). These calls are abstracted somewhat to provide a smoother, more Ruby-like interface.

There are two caveats for Ragweed in OSX:

* Due to the changes in Ruby 1.9 to DL, it is currently incompatible with 1.9.
* Also, under OSX, Ragweed wants to run as root due to restrictions on
Code:

task_for_pid

.

A quick example (this we can do in IRB):


# debugging ftp using default signal handlers, printing registers every stop and logging calls to _lpwd

require ‘ragweed’
class DebugFtp < Debuggerosx

# print the registers every time the process stops

def on_stop(signal)

puts "Stopped with signal #{signal}"

self.threads.each {|t| self.get_registers(t).dump}

end

end

# no process lookup by name yet

d = DebugFtp.new(pid) # where pid is the id of ftp for this example

# set breakpoint for lpwd

d.breakpoint_set(0x420f,‘lpwd’, (bpl = lambda do | t, r, s | puts "#{ s.breakpoints[r.eip].first.function } hit in thread #{ t }\n"; end))

d.install_breakpoints

d.continue

d.loop #loop until child exits

# now go do stuff in in your other terminal window running ftp

That’s it. We just override the signal handlers for the signals we want to know about (or not), attach to a running process, set and install breakpoints, and it’s off to the traces. A simple hit tracer is only a CSV file and read loop away from this.

Want info on a region of memory?

d.region_info(0x0,:basic).dump

What about:

thread_info

?

d.threadinfo(threadid).dump

Break stuff by playing with registers?

regs = d.get_registers(thread_id) regs.eip = 0x420f d.set_registers(thread_id, regs)

Grope through the child’s memory?

Ragweed::Wraposx::vm_read(d.task, address, size) #returns a string of child's memory

There you have it. It’s not pretty but it’s only begun.
Also listed in: Debugger Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Security Research and Development Framework
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://blog.amrthabet.co.cc
Current version: v 1.00
Last updated: November 25, 2012
Direct D/L link: http://code.google.com/p/srdf
License type: GPL v.2
Description: Do you see writing a security tool in windows is hard?
Do you have a great idea but you can’t implement it?
Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?
So, Security Research and Development Framework is for you.


Abstract:

This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

· Assembler and Disassembler
· x86 Emulator
· Debugger
· PE Analyzer
· Process Analyzer (Loaded DLLs, Memory Maps … etc)
· MD5, SSDeep and Wildlist Scanner (YARA)
· API Hooker and Process Injection
· Backend Database, XML Serializer
· And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

· Object-oriented and easy to use development framework
· Easy IRP dispatching mechanism
· SSDT Hooker
· Layered Devices Filtering
· TDI Firewall
· File and Registry Manager
· Kernel Mode easy to use internet sockets
· Filesystem Filter

Still the Kernel-Mode in progress and many features will be added in the near future.

Source Code: http://code.google.com/p/srdf
Facebook Page: http://www.facebook.com/SecDevelop

JOIN US ... just mail me at: amr.thabet[at]student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debugger Libraries, Debuggers, Disassembler Libraries, Disassemblers, Driver & IRP Monitoring Tools, Exe Analyzers, Kernel Filter Monitoring Tools, Kernel Tools, Low-level Development Libraries, Malware Analysis Tools, Reverse Engineering Frameworks, X64 Disassembler Libraries, X86 Disassembler Libraries, X86 Emulators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SharpZipLib
Rating: 0.0 (0 votes)
Author: IC#Code                        
Website: http://www.icsharpcode.net/OpenSource/SharpZipLib/Default.aspx
Current version: 0.85.4
Last updated: September 9, 2007
Direct D/L link: N/A
License type: Free / Open Source
Description: #ziplib (SharpZipLib, formerly NZipLib) is a Zip, GZip, Tar and BZip2 library written entirely in C# for the .NET platform. It is implemented as an assembly (installable in the GAC), and thus can easily be incorporated into other projects (in any .NET language). The creator of #ziplib put it this way: "I've ported the zip library over to C# because I needed gzip/zip compression and I didn't want to use libzip.dll or something like this. I want all in pure C#."
Also listed in: Decompression Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SysDasm
Rating: 0.0 (0 votes)
Author: Kayaker                        
Website: http://rootkit.com/newsread.php?newsid=208
Current version:
Last updated: October 26, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Full-Text Disassembler DLL Export Module for Kernel Mode

I use the source code of NDISASM, the Netwide Disassembler portion of NASM, compiled into a user mode DLL, for use in various reversing projects that incorporate a disassembler component. Recently I decided to recompile the code into a *kernel mode* DLL, to see what use might be made of it in a driver context. The result may be of interest to some, perhaps as a self contained full-text disassembly module for testing or development (i.e. "playing"), or simply as an example of creating and using kernel mode export drivers.

The full-text disassembly module, SysDasm.sys, is created with a single export, which acts as a wrapper around the NDISASM internal disasm routine. This export-only driver is loaded from another driver, either by linking to it explicitly, or by loading it with ZwSetSystemInformation using the SystemLoadImage class.

In this type of export module, the DriverEntry routine is never called but exists so the file is compiled correctly as a .sys driver. If you want to design such a Kernel Mode DLL with functional entry/exit routines, you can add PRIVATE exports declared as DllInitialize/DllUnload. For more on this see for example
DLLs in Kernel Mode by Tim Roberts
http://www.wd-3.com/archive/KernelDlls.htm

The easiest way to use such a kernel mode DLL is to include its .LIB file when compiling the driver which will communicate with it, and to declare the functions you want to import with EXTERN_C DECLSPEC_IMPORT. When the driver is loaded by the system, this second module is loaded as a required kernel DLL and the functions can then be called directly by name. The DLL is unloaded by the system when the driver closes.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: TurboPower LockBox
Rating: 0.0 (0 votes)
Author: benoram, chaoticpup, fredhuffman & tpsfadmin                         
Website: http://sourceforge.net/projects/tplockbox
Current version: 2.07
Last updated: January 21, 2003
Direct D/L link: N/A
License type: Free / Open Source
Description: LockBox is a cross-platform toolkit for data encryption. It contains routines & components for use with Borland Delphi, C++Builder, & Kylix. It provides support for Blowfish, RSA, MD5, SHA-1, DES, triple- DES, Rijndael, & digital signing of messages.
Also listed in: Crypto Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Udis86
Rating: 0.0 (0 votes)
Author: Vivek Mohan                        
Website: http://udis86.sourceforge.net
Current version: 1.7
Last updated: June 6, 2008
Direct D/L link: N/A
License type: Free / Open Source
Description: Udis86 is an easy-to-use minimalistic disassembler library (libudis86) for the x86 and AMD64 (x86-64) range of instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis.

1. Full support for the x86 and x86-64 (AMD64) range of instruction set architectures.
2. Full support for all AMD-V, INTEL-VMX, MMX, SSE, SSE2, SSE3, FPU(x87), and AMD 3Dnow! instructions.
3. Supports 16bit, 32bit, and 64bit disassembly modes.
4. Generates output in AT&T or INTEL assembler language syntaxes.
5. Supports flexbile input methods: File, Buffer, and Hooks.
6. Thread-safe and Reentrant.
7. Clean and very easy-to-use API.
8. Builds on *nix systems, Win32, DJGPP (new), Standalone, etc.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VirtualBox Disassembler Library
Rating: 0.0 (0 votes)
Author: OHPen                        
Website: http://www.woodmann.com/forum/showthread.php?t=11904
Current version:
Last updated: July 15, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Because I needed a good disassembler for my projects I check different distributions in the internet. Most of them are homebrew and the support, or let's better say MAINTAINANCE is in most cases not the best.

I really hate it if use a component and realize that there is a bug and the releaser of the component is not able to fix it or sometimes has no real interest in fixing it. That sucks.

That's why I focused on a disassembler which is well maintained and last but not least a good one.

During my search I stumbled over VirtualBox, which is an similar SUN implementation of VMWare's Workstation. The difference is that VirtualBox comes with source, or at least you can download the source (http://www.sun.com/software/products/virtualbox/get.jsp).

I thought that they'd pretty sure have to have an working disassembler inside there virtual machine and bingo... they have.
The problem was that the disassembler was not contained in form of a library, it was simply integrated in the source.

It took me about 2 hours to extract the needed source parts out of virtualbox and built a project for a library for it.

I now use it for my projects and it is very useful for me.
Also listed in: X86 Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WinPcap
Rating: 0.0 (0 votes)
Author: WinPcap team                        
Website: http://www.winpcap.org
Current version: 4.1.2
Last updated: July 2, 2010
Direct D/L link: http://www.winpcap.org/install/bin/WinPcap_4_1_2.exe
License type: Freeware / Open Source (C)
Description: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
Also listed in: Networking Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: zlib
Rating: 0.0 (0 votes)
Author: Jean-loup Gailly & Mark Adler                        
Website: http://zlib.net
Current version: 1.2.8
Last updated: April 28, 2013
Direct D/L link: http://zlib.net/zlib-1.2.8.tar.gz
License type: Freeware / Open Source (C)
Description: zlib is designed to be a free, general-purpose, legally unencumbered -- that is, not covered by any patents -- lossless data-compression library for use on virtually any computer hardware and operating system. The zlib data format is itself portable across platforms. Unlike the LZW compression method used in Unix compress(1) and in the GIF image format, the compression method currently used in zlib essentially never expands the data. (LZW can double or triple the file size in extreme cases.) zlib's memory footprint is also independent of the input data and can be reduced, if necessary, at some cost in compression. A more precise, technical discussion of both points is available on another page.

zlib was written by Jean-loup Gailly (compression) and Mark Adler (decompression). Jean-loup is also the primary author/maintainer of gzip(1), the author of the comp.compression FAQ list and the former maintainer of Info-ZIP's Zip; Mark is also the author of gzip's and UnZip's main decompression routines and was the original author of Zip. Not surprisingly, the compression algorithm used in zlib is essentially the same as that in gzip and Zip, namely, the `deflate' method that originated in PKWARE's PKZIP 2.x.
Also listed in: Decompression Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 7 subcategories to this category.





Views
Category Navigation Tree
   Needs New Category  (3)