From Collaborative RCE Tool Library
X86 Disassembler Libraries
| Tool name: | PVDasm Disassembly Core Engine |
| ||
|---|---|---|---|---|
| Author: | Bengaly | |||
| Website: | http://www.woodmann.com/forum/showthread.php?14287-PVDasm-v1.7b-%2832Bit-64Bit%29 | |||
| Current version: | 1.05 | |||
| Last updated: | March 27, 2011 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | The disassembler library that PVDasm is based on. Nice and clean. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | BeaEngine |
| ||
|---|---|---|---|---|
| Author: | Beatrix2004 | |||
| Website: | http://www.beaengine.org | |||
| Current version: | 4.1 | |||
| Last updated: | December 31, 2010 | |||
| Direct D/L link: | http://www.beaengine.org/index.php?option=com_content&view=article&id=10&Itemid=11 | |||
| License type: | LGPL 3 | |||
| Description: | BeaEngine is a multi-plateform library coded in C (ISO99). It contains actually one function called "Disasm" which allows to disassemble any instruction from the intel instructions set for processors 32 bits and 64 bits. You can use this lib with following languages : C#, C, Python, Delphi, PureBasic, masm32, masm64, GoAsm32, GoAsm64, Nasm, Fasm, WinDev. You can use it in ring3 or ring0 because it doesn't use the windows API. The package you can download here contains the lib, the source code under LPGL3 license and examples including headers for C programmers, C#, masm, nasm, fasm ,GoAsm Python, Delphi, PureBasic, WinDev ones. | |||
| Also listed in: | X64 Disassembler Libraries | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | diStorm64 x86-64 Disasm Lib |
| ||
|---|---|---|---|---|
| Author: | Gil Dabah & Co. | |||
| Website: | http://www.ragestorm.net/distorm | |||
| Current version: | 1.7.29 | |||
| Last updated: | March 7, 2008 | |||
| Direct D/L link: | http://www.ragestorm.net/distorm/dl.php?id=11 | |||
| License type: | BSD license | |||
| Description: | Cross platform x86, x64, MMX, SSE, SSE2, SSE3, SSE4 and soon SSE5 support with open opcode database support (tools available, carefully examine the whole page, you're looking for disops.zip, at the moment available at http://www.ragestorm.net/distorm/dl.php?id=13) 'nough said. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Disasm32 |
| ||
|---|---|---|---|---|
| Author: | Russell Libby | |||
| Website: | http://users.adelphia.net/~rllibby/source.html | |||
| Current version: | ||||
| Last updated: | March 1, 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Delphi Disassembler Conversion of libdisasm 2.0. This is a Delphi conversion of the libdisasm project. The source code provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler class which can be called to disassemble instructions from memory. Disassembled information is in Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | eXtended Disassembler Engine (XDE) |
| ||
|---|---|---|---|---|
| Author: | Z0mbie | |||
| Website: | http://vx.netlux.org/vx.php?id=ex01 | |||
| Current version: | 1.02 | |||
| Last updated: | October 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | XDE is based on the LDE/ADE engines. It allows you to find length of any x86 instruction, source/destination register usage for most commonly used instructions, and to split/merge instruction to/from some binary structure. From program's viewpoint, CPU operates with: different types of registers, memory and io-devices. As such, there are introduced "object set" concept, which means bitset of registers/memory/etc. being read/written by each instruction. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Hacker Disassembler Engine (HDE) |
| ||
|---|---|---|---|---|
| Author: | Veacheslav Patkov | |||
| Website: | http://patkov-site.narod.ru | |||
| Current version: | 0.28 | |||
| Last updated: | March 09, 2009 | |||
| Direct D/L link: | http://patkov-site.narod.ru/download/hde32-0.28.tar.gz | |||
| License type: | Free | |||
| Description: | This is small disassembler engine intended to x86-32 code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode, immediate value, displacement, etc. For example, you can use HDE when writing unpackers, decryptors, viruses of executable files. HDE package include compiled object files in difference formats, header files and assembler source. * Supports FPU, MMX, SSE, SSE2, SSE3, 3DNow! instructions * High speed and small size (~ 1.5 kb) * Position and OS independent code * Compatibility with a most coding languages | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | libdisasm |
| ||
|---|---|---|---|---|
| Author: | mammon_, ReZiDeNt, The Grugq, MO_K, a_p, fbj | |||
| Website: | http://bastard.sourceforge.net/libdisasm.html | |||
| Current version: | 0.23 | |||
| Last updated: | January 16, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | x86 Disassembler Library The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler which can be called from any application; the disassembly can be produced in AT&T syntax and Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information. This disassembler is derived from libi386.so in the bastard project; as such it is x86 specific and will not be expanded to include other CPU architectures. Releases for libdisasm are generated automatically alongside releases of the bastard; it is not a standalone project, though it is a standalone library. The recent spate of objdump output analyzers has proven that many of the people [not necessarily programmers] interested in writing disassemblers have little knowledge of, or interest in, C programming; as a result, these "disassemblers" have been written in Perl. In order to address this audience, a HOWTO has been provided which demonstrates how to use the libdisasm opcode tables to implement a true disassembler using Perl. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | mlde32 |
| ||
|---|---|---|---|---|
| Author: | uNdErX | |||
| Website: | http://vx.netlux.org/vx.php?id=em24 | |||
| Current version: | ||||
| Last updated: | January 2003 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Micro Length-Disassembler Engine 32 (mlde32), is a length-disassembler engine, i.e. a piece of code that allows u to know the length of any x86 instruction. The mlde32 engine supports the ordinary 386 opcode set, plus the extensions: fpu, mmx, cmov, sse, sse2 etc... It's usage is very simple here's the prototype: int __cdecl mlde32(void *codeptr); where: codeptr -> is a pointer to the opcode that u want to know the size. if you have any problem using the engine, just take look in some examples at the /examples (nothing more obvious). That's a very simple and powerful engine,and does not require too much system resources either,just 160 bytes of stack space is needed. This engine is only code, and no fixed offsets were used so it can be permutaded/perverted at your own will. Engine was released in 29A#7 magazine. The size of the engine is 431 byte. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | opdis |
| ||
|---|---|---|---|---|
| Author: | mkfs | |||
| Website: | http://community.thoughtgang.org/content/opdis | |||
| Current version: | 1.0.1 | |||
| Last updated: | April 19, 2010 | |||
| Direct D/L link: | http://github.com/downloads/mkfs/mkfs.github.com/opdis-1.0.1.tar.gz | |||
| License type: | GPL | |||
| Description: | Opdis is a wrapper for the libopcodes disassembler library distributed as part of GNU binutils. It extends the libopcodes library by offering linear and control-flow disassembly algorithms, instruction and operand objects that are suitable for analysis, and a command-line utility to perform disassembly on arbitrary locations in a file. The Opdis project consists of the libopdis library and the opdis command-line utility. | |||
| Also listed in: | Disassembler Libraries, Disassemblers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Pokas x86 Emulator for Generic Unpacking |
| ||
|---|---|---|---|---|
| Author: | Amr Thabet | |||
| Website: | http://sourceforge.net/projects/x86emu/ | |||
| Current version: | 1.0.0.0 | |||
| Last updated: | July 18, 2010 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | GPL | |||
| Description: | Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms. This Emulator has many features some of them are: 1. Has an assembler and a disassembler from and to mnemonics. 2. Support adding new APIs and adding the emulation function to them. 3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition. 4. Support seh and support tib, teb, peb and peb_ldr_data. 5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory. 6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect. 7. With all of these it's FREE and open source. It successfully emulates: 1. UPX 2. FSG 3. MEW 4. Aspack 5. PECompact 6. Morphine But it does contain bugs and it still in the beta version. It surely will be fixed soon ith the help of your feedback. It still doesn't support multithreading and doesn't support Linux ELF executables. It's still working only on windows but the Linux version will be available soon. you can download it from https://sourceforge.net/projects/x86emu/ AmrThabet amr.thabet_*at*_student.alx.edu.eg | |||
| Also listed in: | Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, Disassemblers, OEP Finders, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Emulators, X86 Sandboxes | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | SysDasm |
| ||
|---|---|---|---|---|
| Author: | Kayaker | |||
| Website: | http://rootkit.com/newsread.php?newsid=208 | |||
| Current version: | ||||
| Last updated: | October 26, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Full-Text Disassembler DLL Export Module for Kernel Mode I use the source code of NDISASM, the Netwide Disassembler portion of NASM, compiled into a user mode DLL, for use in various reversing projects that incorporate a disassembler component. Recently I decided to recompile the code into a *kernel mode* DLL, to see what use might be made of it in a driver context. The result may be of interest to some, perhaps as a self contained full-text disassembly module for testing or development (i.e. "playing"), or simply as an example of creating and using kernel mode export drivers. The full-text disassembly module, SysDasm.sys, is created with a single export, which acts as a wrapper around the NDISASM internal disasm routine. This export-only driver is loaded from another driver, either by linking to it explicitly, or by loading it with ZwSetSystemInformation using the SystemLoadImage class. In this type of export module, the DriverEntry routine is never called but exists so the file is compiled correctly as a .sys driver. If you want to design such a Kernel Mode DLL with functional entry/exit routines, you can add PRIVATE exports declared as DllInitialize/DllUnload. For more on this see for example DLLs in Kernel Mode by Tim Roberts http://www.wd-3.com/archive/KernelDlls.htm The easiest way to use such a kernel mode DLL is to include its .LIB file when compiling the driver which will communicate with it, and to declare the functions you want to import with EXTERN_C DECLSPEC_IMPORT. When the driver is loaded by the system, this second module is loaded as a required kernel DLL and the functions can then be called directly by name. The DLL is unloaded by the system when the driver closes. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Udis86 |
| ||
|---|---|---|---|---|
| Author: | Vivek Mohan | |||
| Website: | http://udis86.sourceforge.net | |||
| Current version: | 1.7 | |||
| Last updated: | June 6, 2008 | |||
| Direct D/L link: | N/A | |||
| License type: | Free / Open Source | |||
| Description: | Udis86 is an easy-to-use minimalistic disassembler library (libudis86) for the x86 and AMD64 (x86-64) range of instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis. 1. Full support for the x86 and x86-64 (AMD64) range of instruction set architectures. 2. Full support for all AMD-V, INTEL-VMX, MMX, SSE, SSE2, SSE3, FPU(x87), and AMD 3Dnow! instructions. 3. Supports 16bit, 32bit, and 64bit disassembly modes. 4. Generates output in AT&T or INTEL assembler language syntaxes. 5. Supports flexbile input methods: File, Buffer, and Hooks. 6. Thread-safe and Reentrant. 7. Clean and very easy-to-use API. 8. Builds on *nix systems, Win32, DJGPP (new), Standalone, etc. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | VirtualBox Disassembler Library |
| ||
|---|---|---|---|---|
| Author: | OHPen | |||
| Website: | http://www.woodmann.com/forum/showthread.php?t=11904 | |||
| Current version: | ||||
| Last updated: | July 15, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Because I needed a good disassembler for my projects I check different distributions in the internet. Most of them are homebrew and the support, or let's better say MAINTAINANCE is in most cases not the best. I really hate it if use a component and realize that there is a bug and the releaser of the component is not able to fix it or sometimes has no real interest in fixing it. That sucks. That's why I focused on a disassembler which is well maintained and last but not least a good one. During my search I stumbled over VirtualBox, which is an similar SUN implementation of VMWare's Workstation. The difference is that VirtualBox comes with source, or at least you can download the source (http://www.sun.com/software/products/virtualbox/get.jsp). I thought that they'd pretty sure have to have an working disassembler inside there virtual machine and bingo... they have. The problem was that the disassembler was not contained in form of a library, it was simply integrated in the source. It took me about 2 hours to extract the needed source parts out of virtualbox and built a project for a library for it. I now use it for my projects and it is very useful for me. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
