From Collaborative RCE Tool Library

Jump to: navigation, search

Dream of every reverser

Tool name: Dream of every reverser
Rating: 0.0 (0 votes)
Author: deroko of ARTeam                        
Website: http://deroko.phearless.org
Current version: public
Last updated: May 6, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Engine used to perfrom stealth memory trace of a target.
Public version only supports tracing of the eip in certain
range. To compile source you will need DDK.

It supports MP and win2k/winxp. Systems running KAV are
not supported as KAV installs hook in SwapContext which
is essential for this tracer.

Technical aspects:
1. Hooks int 0e and int 01
2. Hooks SwapContext
3. Installs ProcessNotifyRoutine

Due to the nature of paged memory in r3, there are 2
ways of tracing: using U/S flag, and using P bit in
PTE. Both cases are handled and supports PAE and nonPAE
addressing modes. Role of SwapContext is to set breaks on
given range when traced process is about to execute.
Role of notify routine is to stop tracer if traced
program exits by any chance during tracing.

When good range is hit, tracer will automaticaly stop
and you will see in DebugView or DbgMon when EIP is in
good range.
Related URLs: No related URLs have been submitted for this tool yet


Screenshot:
Screenshot of Dream of every reverser


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Dream_of_every_reverser"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (238)
   Categorized by Tool Type  (1220)
   Anti Anti Test Tools  (16)
   Assemblers  (21)
   Code Coverage Tools  (13)
   Code Injection Tools  (35)
   Code Ripping Tools  (2)
   Crypto Tools  (14)
   Data Extraction Tools  (26)
   Debuggers  (48)
   Decompilers  (27)
   Deobfuscation Tools  (16)
   Dependency Analyzer Tools  (5)
   Diff Tools  (44)
   Disassemblers  (65)
   Dongle Analysis Tools  (26)
   Exe Analyzers  (38)
   Executable File Editors & Patchers  (92)
   Firefox Extensions  (3)
   GUI Manipulation Tools  (18)
   Hardware Reversing Tools  (26)
   Helper Tools  (3)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (13)
   Memory Data Tracing Tools  (8)
   Memory Patchers  (7)
   Memory Search Tools  (8)
   Monitoring Tools  (133)
   API Monitoring Tools  (19)
   Active Directory Monitoring Tools  (1)
   Bus Monitoring Tools  (5)
   Debug Output Monitoring Tools  (1)
   Disk Monitoring Tools  (2)
   Driver & IRP Monitoring Tools  (2)
   Exception Monitoring Tools  (4)
   File Monitoring Tools  (8)
   Hook Detection Tools  (13)
   Install Monitoring Tools  (5)
   Kernel Filter Monitoring Tools  (1)
   Memory Data Tracing Tools  (8)
   Named Pipe Monitoring Tools  (1)
   Network Monitoring Tools  (11)
   Parallel Comm Monitoring Tools  (2)
   Process Monitoring Tools  (5)
   Registry Monitoring Tools  (10)
   Serial Comm Monitoring Tools  (1)
   SysCall Monitoring Tools  (5)
   Thread Monitoring Tools  (2)
   Tracers  (19)
   USB Monitoring Tools  (3)
   Window Monitoring Tools  (3)
   Network Tools  (19)
   Packers  (18)
   Patch Packaging Tools  (13)
   Profiler Tools  (11)
   Programming Libraries  (46)
   Regular Expression Tools  (3)
   Resource Editors  (13)
   Reverse Engineering Frameworks  (8)
   Source Code Tools  (12)
   String Finders  (6)
   Symbol Tools  (12)
   System Information Extraction Tools  (9)
   Technical PoC Tools  (8)
   Test and Sandbox Environments  (22)
   Tool Extensions  (170)
   Tool Hiding Tools  (7)
   Tool Signatures  (17)
   Tracers  (19)
   Unpacking Tools  (83)
   Needs New Category  (2)