From Collaborative RCE Tool Library

Jump to: navigation, search

SysCall Monitoring Tools


Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 2.0.0
Last updated: October 10, 2017
Direct D/L link: http://bin.rada.re/radare2-w32-2.0.0.zip
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: KernelSpy
Rating: 0.0 (0 votes)
Author: Anton Bassov                        
Website: http://www.codeproject.com/system/kernelspying.asp
Current version: 1.0
Last updated: April 22, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: After having published my article about process-wide API spying, I received plenty of encouraging messages - readers have generally accepted my model of hooking function calls. In this article, we will extend our model to kernel- mode spying, and hook the API calls that are made by our target device driver. We will also introduce a brand-new way of communication between the kernel-mode driver and the user-mode application - instead of using system services, we will implement our own mini-version of Asynchronous Procedure Calls. This task is not as complicated as it may seem - in fact, it is just shockingly easy. Windows flat memory model offers us plenty of exciting opportunities - the only thing we need is a sense of adventure (plus a good knowledge of assembly language, of course). All tips and tricks, described in this article, are 100% of my own design - you would not find anything more or less similar to these tricks anywhere.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Strace for NT
Rating: 0.0 (0 votes)
Author: Bindview Security Research                        
Website: http://razor.bindview.com/tools
Current version: 0.3
Last updated: October 21, 2003
Direct D/L link: Locally archived copy
License type: Free
Description: Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Strace for NT (with anti anti debug patch)
Rating: 0.0 (0 votes)
Author: Shub-nigurrath / Bindview Security Research                        
Website: http://arteam.accessroot.com/releases
Current version: 1.1a
Last updated: July 25, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Modified version of Strace NT, with advanced antiantidebugging option to hide it to most packers.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Syscall Lister
Rating: 0.0 (0 votes)
Author: Omega Red                        
Website: http://omeg.pl/
Current version:
Last updated: July 18, 2007
Direct D/L link: bin_Syscall_Lister_2007-10-20_23.59__SysCall_32_and_64.zip
License type: Free
Description: This program enumerates all NT kernel system calls and matches them with native API functions using dbghelp and MS symbols (internet connection is required to download these symbols).

It uses kernel mode driver to access arbitrary memory locations, like System Service Descriptor Tables.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)