Collaborative RCE Tool Library - Programming Libraries (including sub-categories)

Tool Updated: Open NT Native Template Library

2009-11-20T20:21:54Z

Listed in categories: Kernel Tools, Needs New Category, Programming Libraries

Most recent version:

Most recent release date:
November 20, 2009

Description:
A set of tiny C++ RAII wrappers for NT Native/Win32 APIs including its own C++0x Standard Library (formerly STL) implementation.

Tool Updated: BeaEngine

2009-11-04T15:51:29Z

Listed in categories: X86 Disassembler Libraries

Most recent version:
3.1.0

Most recent release date:
November 4, 2009

Description:
BeaEngine is a library coded in C. It contains actually one function called "Disasm" which allows to disassemble any instruction from the intel instructions set for processors 32 bits and 64 bits. You can use this lib with following languages : C, Python, Delphi, masm32, masm64, GoAsm32, GoAsm64, Nasm, Fasm. You can use it in ring3 or ring0 because it doesn't use the windows API. Th package you can download here contains the lib, the source code under LPGL3 license and examples including headers for C programmers, masm, nasm, fasm ,GoAsm Python, Delphi ones.

Tool Updated: Radare

2009-11-04T09:18:47Z

Listed in categories: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers

Most recent version:
1.4.1

Most recent release date:
November 3, 2009

Description:
<nowiki>The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc.

The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls.

The debugger and disassembler has a code analysis module for x86, mips, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary.

The toolchain provides assemblers and disasemblers for x86, arm, mips (Loongson2F), sparc, CSR, m68k, powerpc, msil and java.

The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so).

The debugger is mainly developed on linux and {Net

Tool Updated: MIRACL

2009-07-19T05:06:29Z

Listed in categories: BigNum Libraries, Crypto Libraries

Most recent version:
5.4

Most recent release date:
July 18, 2009

Description:
MIRACL is a Big Number Library which implements all of the primitives necessary to design Big Number Cryptography into your real-world application. It is primarily a tool for cryptographic system implementors. RSA public key cryptography, Diffie-Hellman Key exchange, DSA digital signature, they are all just a few procedure calls away. Support is also included for even more esoteric Elliptic Curves and Lucas function based schemes. The latest version offers full support for Elliptic Curve Cryptography over GF(p) and GF(2m) - see the links on this page for more details. Less well-known techniques can also be implemented as MIRACL allows you to work directly and efficiently with the big numbers that are the building blocks of number-theoretic cryptography. Although implemented as a C library, a well-thought out C++ wrapper is provided, which greatly simplifies program development. Most example programs (25+ of them) are provided in both C and C++ versions.

MIRACL now provides more support for conventional cryptography. The latest version implements the Advanced Encryption Standard (AES), Modes of Operation, and the new hashing standards SHA-160/256/384/512.

MIRACL is compact, fast and efficient and its now easier than ever to get the same near-optimal performance from any processor. Although essentially a portable library, inline assembly and special techniques can be invoked for blistering speed. MIRACL has also been successfully used in both embedded and DSP environments where space is at a premium. A new special purpose macro assembler feature facilitates the achievement of best possible performance from your embedded processor (see embedded.doc). MIRACL is, to an extent, self-configuring. Use your compiler to compile and run a simple configuration program, which proceeds with user interaction to generate optimal settings for your environment.

Tool Updated: WinPcap

2009-07-18T22:31:27Z

Listed in categories: Networking Libraries

Most recent version:
4.0.2

Most recent release date:
November 9, 2007

Description:
WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Tool Updated: PaiMei

2009-06-28T13:33:19Z

Listed in categories: Debugger Libraries, Reverse Engineering Frameworks

Most recent version:
1.1-REV122

Most recent release date:
May 22, 2007

Description:
PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. The framework breaks down into the following core components:

* PyDbg: A pure Python win32 debugging abstraction class.
* pGRAPH: A graph abstraction layer with seperate classes for nodes, edges and clusters.
* PIDA: Built on top of pGRAPH, PIDA aims to provide an abstract and persistent interface over binaries (DLLs and EXEs) with separate classes for representing functions, basic blocks and instructions. The end result is the creation of a portable file that when loaded allows you to arbitrarily navigate throughout the entire original binary.

A layer above the core components you will find the remainder of the PaiMei framework broken into the following over-arching components:

* Utilities: A set of utilities for accomplishing various repetitive tasks.
* Console: A pluggable WxPython GUI for quickly and efficiently rolling out your own sexy RE utilities.
* Scripts: Individual scripts for accomplishing various tasks. One very important example of which is the pida_dump.py IDA Python script which is run from IDA to generate .PIDA modules.

The documentation for the framework is available online at: http://pedram.openrce.org/PaiMei/docs

A very informative discussion thread about PaiMei, including a bunch of tutorials on how to use the different aspects of it, can be found at:
http://www.woodmann.com/forum/showthread.php?t=10851

Tool Added: Ragweed

2009-06-28T13:32:39Z

Listed in categories: Debugger Libraries

Most recent version:

Most recent release date:

Description:
Ragweed is available as a gem through github:

sudo gem install tduehr-ragweed

Why a scriptable debugger?

When reversing, the usual debugging tools for developers aren’t as useful. They’re built for stepping interactively through programs you have source code for. They don’t generally have methods to get data out.

Reversing also requires being able to do mean and nasty things to the running process. When tracing calls, you want to watch how they interact. The last thing you want to do is anything manual. Automation is a requirement.

Also helpful is the ability to automate information gathering tasks, or the ability to dynamically add, remove or change breakpoints. These features are why scriptable debuggers have been created: To play with black boxes in a more dynamic and seedier manner.

What’s available already?

There are already scriptable debuggers out there. The most notable are PaiMei/PyDbg, Immunity Debugger and IDA.

PaiMei is written in Python, bills itself as “a reverse engineer’s swiss army knife” and uses the Python ctypes library for low level win32 calls.

Immunity Debugger is a GUI debuggger for win32 that uses Python for its scripting functionality.

IDA Pro is largely a win32 disassembler, but it is scriptable, again in Python, and includes a debugging module.

Before I get run off by a screaming mob with pitchforks, flightless birds, members of the family bovidae, etc., I will also mention GDB which has a library in development (libgdb) and can be scripted through macros.

With the exception of GDB which runs on most platforms and has its own macro language, these all share two common problems: Win32 and Python. Matasano is a Ruby shop. We like Ruby. It is good to us. We also wanted a tool for non-Win32 applications. But mostly, we just wanted something in Ruby.

Enter Ragweed

I’m going to stick to the OSX side of Ragweed for this article since I’m most familiar with it and there is still work to be done to unify the (currently) three debugging APIs —- Win32, Linux, and OSX —- inside Ragweed.

Under the hood, Ragweed (on OSX) uses Ruby/DL to perform the various low level system calls necessary to create a debugger. (More about that in my post from last year). These calls are abstracted somewhat to provide a smoother, more Ruby-like interface.

There are two caveats for Ragweed in OSX:

* Due to the changes in Ruby 1.9 to DL, it is currently incompatible with 1.9.
* Also, under OSX, Ragweed wants to run as root due to restrictions on
Code:

task_for_pid

.

A quick example (this we can do in IRB):

# debugging ftp using default signal handlers, printing registers every stop and logging calls to _lpwd

require ‘ragweed’
class DebugFtp < Debuggerosx

# print the registers every time the process stops

def on_stop(signal)

puts "Stopped with signal #{signal}"

self.threads.each {''

Tool Updated: WinAppDbg (Python module)

2009-06-16T18:21:25Z

Listed in categories: Debugger Libraries

Most recent version:
1.2

Most recent release date:
Jun 16, 2009

Description:
The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment.

It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows.

The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes.

Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing.

Tool Updated: Hacker Disassembler Engine (HDE)

2009-03-21T19:59:17Z

Listed in categories: X86 Disassembler Libraries

Most recent version:
0.28

Most recent release date:
March 09, 2009

Description:
This is small disassembler engine intended to x86-32 code analyse. HDE get length of command, prefixes, ModR/M and SIB bytes, opcode, immediate value, displacement, etc. For example, you can use HDE when writing unpackers, decryptors, viruses of executable files. HDE package include compiled object files in difference formats, header files and assembler source.

* Supports FPU, MMX, SSE, SSE2, SSE3, 3DNow! instructions
* High speed and small size (~ 1.5 kb)
* Position and OS independent code
* Compatibility with a most coding languages

Tool Updated: Jclasslib

2009-03-04T16:33:55Z

Listed in categories: Java Disassembler Libraries

Most recent version:
3.0

Most recent release date:
January 14, 2005

Description:
jclasslib bytecode viewer is a tool that visualizes all aspects of compiled Java class files and the contained bytecode. In addition, it contains a library that enables developers to read, modify and write Java class files and bytecode.

Tool Added: EXtended Disassembler Engine (XDE)

2008-07-29T08:46:37Z

Listed in categories: X86 Disassembler Libraries

Most recent version:
1.02

Most recent release date:
October 2004

Description:
XDE is based on the LDE/ADE engines. It allows you to find length of any x86 instruction, source/destination register usage for most commonly used instructions, and to split/merge instruction to/from some binary structure.

From program's viewpoint, CPU operates with: different types of registers, memory and io-devices. As such, there are introduced "object set" concept, which means bitset of registers/memory/etc. being read/written by each instruction.

Tool Added: TurboPower LockBox

2008-07-17T08:18:48Z

Listed in categories: Crypto Libraries

Most recent version:
2.07

Most recent release date:
January 21, 2003

Description:
LockBox is a cross-platform toolkit for data encryption. It contains routines & components for use with Borland Delphi, C++Builder, & Kylix. It provides support for Blowfish, RSA, MD5, SHA-1, DES, triple- DES, Rijndael, & digital signing of messages.

Tool Added: VirtualBox Disassembler Library

2008-07-16T11:39:13Z

Listed in categories: X86 Disassembler Libraries

Most recent version:

Most recent release date:
July 15, 2008

Description:
Because I needed a good disassembler for my projects I check different distributions in the internet. Most of them are homebrew and the support, or let's better say MAINTAINANCE is in most cases not the best.

I really hate it if use a component and realize that there is a bug and the releaser of the component is not able to fix it or sometimes has no real interest in fixing it. That sucks.

That's why I focused on a disassembler which is well maintained and last but not least a good one.

During my search I stumbled over VirtualBox, which is an similar SUN implementation of VMWare's Workstation. The difference is that VirtualBox comes with source, or at least you can download the source (http://www.sun.com/software/products/virtualbox/get.jsp).

I thought that they'd pretty sure have to have an working disassembler inside there virtual machine and bingo... they have.
The problem was that the disassembler was not contained in form of a library, it was simply integrated in the source.

It took me about 2 hours to extract the needed source parts out of virtualbox and built a project for a library for it.

I now use it for my projects and it is very useful for me.

Tool Updated: Mlde32

2008-07-08T21:27:44Z

Listed in categories: X86 Disassembler Libraries

Most recent version:

Most recent release date:
January 2003

Description:
Micro Length-Disassembler Engine 32 (mlde32), is a length-disassembler engine, i.e. a piece of code that allows u to know the length of any x86 instruction. The mlde32 engine supports the ordinary 386 opcode set, plus the extensions: fpu, mmx, cmov, sse, sse2 etc...

It's usage is very simple here's the prototype:

int __cdecl mlde32(void *codeptr);
where:
codeptr -> is a pointer to the opcode that u want to know the size.

if you have any problem using the engine, just take look in some examples at the /examples (nothing more obvious). That's a very simple and powerful engine,and does not require too much system resources either,just 160 bytes of stack space is needed. This engine is only code, and no fixed offsets were used so it can be permutaded/perverted at your own will.

Engine was released in 29A#7 magazine. The size of the engine is 431 byte.

Tool Updated: DiStorm64 x86-64 Disasm Lib

2008-05-20T16:42:40Z

Listed in categories: X86 Disassembler Libraries

Most recent version:
1.7.29

Most recent release date:
March 7, 2008

Description:
Cross platform x86, x64, MMX, SSE, SSE2, SSE3, SSE4 and soon SSE5 support with open opcode database support (tools available, carefully examine the whole page, you're looking for disops.zip, at the moment available at http://www.ragestorm.net/distorm/dl.php?id=13)

'nough said.

Tool Added: DisasMSIL

2008-05-02T08:23:26Z

Listed in categories: .NET Disassembler Libraries

Most recent version:
1.0

Most recent release date:
April 30, 2008

Description:
DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

Note: Don't rely on the ECMA specification (Partition III: Common Language Infrastructure), since it's incomplete. Some new opcodes were introduced with the .NET Framework 2.0.

Tool Added: Fixed OllyDbg Disasm DLL

2008-04-09T10:41:47Z

Listed in categories: Disassembler Libraries

Most recent version:
1.10

Most recent release date:
April 9, 2008

Description:
An improved and fixed version of the already known disasm library (released by Oleh, Olly's author and part of the Olly's disasm engine). A little tool might help for your tools.

This package includes source code of 32-bit Disassembler and 32-bit single line Assembler for 80x86-compatible processors. The source is a slightly stripped/modified version of code used in OllyDbg v1.10 and is well proven by its numerous users.

The disasm.dll has been built using VS2005 VC 8.0 (special note: I had to make a couple modifications for errors during compilation in the source).

To include in your program, make sure the disasm.lib file is in your project folder and the resultant disasm.dll in your executable folder. Be sure to add this to your source code:
#pragma hdrstop
#include "disasm.h"

Tool Added: Disasm32

2008-02-05T20:15:49Z

Listed in categories: X86 Disassembler Libraries

Most recent version:

Most recent release date:
March 1, 2004

Description:
Delphi Disassembler Conversion of libdisasm 2.0. This is a Delphi conversion of the libdisasm project. The source code provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler class which can be called to disassemble instructions from memory. Disassembled information is in Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.

Tool Updated: Libdisasm

2008-02-05T20:10:36Z

Listed in categories: X86 Disassembler Libraries

Most recent version:
0.23

Most recent release date:
January 16, 2008

Description:
x86 Disassembler Library

The libdisasm library provides basic disassembly of Intel x86 instructions from a binary stream. The intent is to provide an easy to use disassembler which can be called from any application; the disassembly can be produced in AT&T syntax and Intel syntax, as well as in an intermediate format which includes detailed instruction and operand type information.

This disassembler is derived from libi386.so in the bastard project; as such it is x86 specific and will not be expanded to include other CPU architectures. Releases for libdisasm are generated automatically alongside releases of the bastard; it is not a standalone project, though it is a standalone library.

The recent spate of objdump output analyzers has proven that many of the people [not necessarily programmers] interested in writing disassemblers have little knowledge of, or interest in, C programming; as a result, these "disassemblers" have been written in Perl. In order to address this audience, a HOWTO has been provided which demonstrates how to use the libdisasm opcode tables to implement a true disassembler using Perl.

Tool Added: SharpZipLib

2008-01-19T23:26:18Z

Listed in categories: Decompression Libraries

Most recent version:
0.85.4

Most recent release date:
September 9, 2007

Description:
#ziplib (SharpZipLib, formerly NZipLib) is a Zip, GZip, Tar and BZip2 library written entirely in C# for the .NET platform. It is implemented as an assembly (installable in the GAC), and thus can easily be incorporated into other projects (in any .NET language). The creator of #ziplib put it this way: "I've ported the zip library over to C# because I needed gzip/zip compression and I didn't want to use libzip.dll or something like this. I want all in pure C#."