Symbol Retrievers

Tool name:

Symbol Type Viewer

Currently4/5
1
2
3
4
5

Rating: 4.0 (1 vote)

Author:

Lionel d'Hauenens

Website:

http://www.syseclabs.com/english/tools.php

Current version:

32Bit/64Bit Version 1.0.0.4 (beta)

Last updated:

March 20th, 2008

Direct D/L link:

http://www.syseclabs.com/software/SymbolTypeViewer_v1.0_beta.zip

License type:

Free

Description:

Symbol Type Viewer 32Bit/64Bit Version 1.0.0.4 beta

Symbol Type Viewer is a tool which makes it possible to easily visualize the types which can be defined in the symbols of the modules of the systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert these informations for the C language (.h) and the disassembler IDA of DataRescue (.idc).

Symbol Type Viewer allows to :
- download the symbols (pdb) very simply.
- sail and visualize in a detailed way the types and their members in the form of tree structure
easily find the unused areas in the structures (padding). These areas are theoretically usable to put personal data there
- translate the structures for the C Language (.h) and for IDA script (.idc) of DataRescue (http://www.datarescue.com/idabase/)
- personalize the formatting: addition of suffix in the names of types, freeze the sizes of structures and members (the pointers become ULONG32 for a 32bit system and UINT64 for a 64bit system)
- apply searchs of texts or regular expressions
- do a batch processing by treating all modules met in a directory and its under-directories. For example: C:\Windows;)

CHRONOLOGY

[+] March 20th, 2008 : Version 1.0.0.4 beta (32Bit / 64Bit)
- Addition of a filter allows to limit the translation scan (Thank to Orkblutt and buri)
- [bug] Correction of a problem of inappropriate error message when the symbols don't contain Types (Thank to Orkblutt and memo5)

[+] February 27th, 2008 : Version 1.0.0.3 beta (32Bit / 64Bit)
- Addition of a function of research starting from a text or a regular expression
- Addition of buttons of navigation keeping in memory the 100 last selections
- Possibility of fixing the size of the pointers in the structures for the C language. This option can be very useful when one wishes to make a work with 32bits processes in an 64bits environment.
- Possibility of personalizing a suffix at the end of all the names of the unions, structures, enumerations and functions. This makes it possible to use the entities formatted in projects while avoiding the conflicts of declaration which can appear.
- All the entities deduced or without name (unnamed) met in the members from the structures have a single name then. In order to give a maximum of information making it possible to identify the role of these entities, it is added to the single name the names of all the members dependant on this entity. Each name of added member is separated by a character “_”
- Addition of Exit menu (Thank to ouadji (most crazy of my friends) -> "An application without Exit menu is not a application. It's like the Camenbert… There doesn't exist Alsatian Camembert cheese..." )
- [bug] Correction of a problem of size of pointers in 64bit structures formatted for IDA script
- [bug] Correction of a problem of principal window refresh under Vista.
- [bug] Correction of a problem when one makes “Brut copy” with the “Format view” panel wich is empty. (Thank to ouadji )

[+] January 15th, 2008 : Version 1.0.0.2 beta (32Bit / 64Bit)
- Symbol Type Viewer is now compatible with the versions 32bits and 64bits of Windows.
- The functions met in the structures are now accessible directly since the tree view.
- Preparing of the tree with icons significant.
- In the format C structures, the unused zones appear now clearly in red. These zones are theoretically available to store personal data.
- [bug] Correction of bad size estimate with certain local structures.

[+] December 29th, 2007 : Version 1.0.0.1 beta (32Bit)
- [bug] Correction of a problem giving (with certain parameters of system appearance) a nonwhite background in the formatted structures view. This can be disturbing. Especially when the background appears in black. (Thank to DarKPhoeniX).
- [bug] Correction of a bad management of the variable system _NT_SYMBOLS_PATH when this one isn't completly in lower case (Thank to Neitsa)

[+] December 28th, 2007 : Version 1.0.0.0 beta (32Bit)
- Initial version

Bugs report : stv(at)syseclabs.com

www.syseclabs.com
www.laboskopia.com

Also listed in:

Symbol Tools

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

radare

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

pancake

Website:

http://radare.nopcode.org

Current version:

0.9.3

Last updated:

February 19, 2008

Direct D/L link:

http://radare.nopcode.org/get/radare-0.9.3.tar.gz

License type:

GPL

Description:

The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc.

The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls.

The debugger and disassembler has a code analysis module for x86, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary.

The toolchain provides assemblers and disasemblers for x86, arm and java.

The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so).

The debugger currently works on linux,*bsd x86-32 but it has initial support for x86-64 and linux-ARM, and w32 support is in mind too.

But there are IO plugins for debugging windows and DOS applications via wine and dosemu. Initial gxemul support gives us the possibility to also debug ARM, MIPS, SPARC, .. binaries.

There are some internal commands to handle memory maps, mount a syscall proxy, inject code, patch data, dump user data sections, step-back, syscall tracing, hardware DRx register manipulation, conditional watchpoints with expressions, signalling manipulation, syscall injection and very early threading support..

Data structures can be parsed with hand-written C programs called as extensions from radare. So the hexadecimal editor comes with a set of views for different bases and print formats like URL-encoding, binary, octal, shellcode, C string-like, which is really useful for developing shellcodes.

There's a minimal GUI frontend written in C that interacts directly with an VTE running radare. But I plan to write a new native frontend written in Vala.

Current development plugins are:

* ewf: EnCase (R) forensic disk images
* winedbg: WineDebugger interface ( winedbg://./program.exe )
* haret: Remotely read WindowsCE memory ( haret://host:port )
* ptrace: Debugs or attach to a process ( dbg://file or pid://PID )
* sysproxy: Connects to a remote syscallproxy server
* remote: TCP IO ( listen://:port or connect://host:port )
* gdb: Debugs or attach to a process using gdb (gdb://file, gdb://PID, gdb://host:port)
* w32: posix to native w32 api io
* posix: plain posix file access

The tools provided around the core are:

* radare: command line hexadecimal editor with IO plugin extensions
* rabin: get info from ELF/MZ/PE/CLASS files
* rasc: shellcode generator and tester (outputs in raw, hexpairs or C)
* bindiff: binary diffing utilities for raw files, binaries, data blocks, etc
* xrefs: find crossed references on raw images for ppc, arm and x86
* hasher: calculate different algorithms over data blocks of a file or stream
* rsc: command line helpers written in shellscript or perl
* javasm: minimalistic java assembler/disassembler/classdumper
* armasm: minimalistic arm assembler
* xc: converts between multiple radix numeric bases

FMI see the mailing list

Have fun!

Also listed in: