From Collaborative RCE Tool Library

Jump to: navigation, search

New or Updated Items - RCE Tools (including sub-categories)


RSS feed If you want to keep track of all these updates automatically, simply use this RSS feed instead!


Tool Added: REDasm

At: 2018-02-06 09:44:52

Listed in categories: Disassemblers, Linux Disassemblers, Visual Basic Decompilers

Most recent version:
Nightly

Most recent release date:

Description:
REDasm is a crossplatform, interactive, multiarchitecture disassembler written in C++ with Qt5 framework.
its core is light and it can be extended in order to support new instructions and file formats.
In the future, Python scripting will be supported.



Tool Updated: Anathema .NET Instrumentation Tool

At: 2018-01-12 14:14:17

Listed in categories: .NET Code Injection Tools, .NET Tracers, Reverse Engineering Frameworks

Most recent version:

Most recent release date:
January 11, 2018

Description:
''



Tool Updated: Easy Code

At: 2018-01-07 11:32:17

Listed in categories: Assembler IDE Tools, Assemblers

Most recent version:
2.02.0.0001

Most recent release date:
January 4, 2018

Description:
Easy Code is the visual assembly programming environment made to build 32-bit/64-bit Windows applications. The Easy Code interface, looking like Visual Basic, allows you to program Windows assembler applications (executable files, dynamic and static libreries, COFF object files, console applications, NT drivers and services) done in an easy way as was never possible before. There are three versions of Easy Code:

- Version 2.x supporting Fasm, GoAsm, JWasm, Masm, PoAsm and UAsm(32-bit/64-bit), using different tools for the various assemblers.
- Version 1.x supporting Masm (32-bit) using the Microsoft Macro Assembler distributed with the Masm32 SDK
- Version 1.x supporting GoAsm (32-bit) using the Jeremy Gordon's Go tools, distributed with the ECGo package, and the GoAsm Headers

Easy Code works in all Windows platforms (from Win95 to Win10). For more information, please visit the website link shown above.



Tool Updated: ExeInfo PE

At: 2017-12-22 16:17:36

Listed in categories: .NET Tools, .NET Unpackers, Compiler Identifiers, Crypto Tools, Deobfuscation Tools, Linux Unpackers, PE EXE Signature Tools, Packer Identifiers

Most recent version:
0.0.4.8 ( 999 / 64 - x64 signatures )

Most recent release date:
October 16, 2017

Description:
Good detector for packers, compressors , compiler + unpack info + internal exe tools.
Internal Ripper for zip,rar,Flash swf,cab,msi,bzip,
GFX :bmp/jpg/png/gif,
Colored Disassembler,
Delphi Form viewer ,
.Zlib unpacker v1.2.8 ,
.NET exe info
Send sha256 to virustotal.com
Internal detector for non executable files.
Included EXTERNAL : userDB.txt - 4515 Signatures.



Tool Updated: RSATool

At: 2017-10-31 17:29:49

Listed in categories: Crypto Tools

Most recent version:
1.16.01

Most recent release date:
November 31, 2017

Description:
RSATool, RSA public key encryption algorithm tool.

This Windows program I Prof. Doc., Dr. Jiri Kocian CSc., Jr. created is very useful breaktrough cryptoanalytic utility for generating keypairs, calculating private exponent from P, Q primes and Factorisation of the N modulus to primes P, Q. Now the program also encrypts and decrypts data, all using famous RSA algorithm.

The user enters the keysize in bits, public exponent E and Number base and then from this information keypairs can be generated. The program is also useful for Calculating private exponent D from any P, Q primes entered in edit boxes. The program is also very interesting because of the feature to factorise modulus N to primes P and Q using Quadratic Sieve algorithm. Program also can encrypt and decrypt any text or binary data entered in the Encryption / Decryption dialog text box. Encrypted data can be saved to hard disk in the binary form. Program has a feature to save generated keys. Program also can load the saved keys from files. And neccessary note, please be patient using this program, generating keys with long keysizes like 4096 bits or even 8192 bits or more takes some time in minutes, factorisation is even more time consuming process so be patient.

Release notes:

Since the version 1.15 in the Encrypt/Decrypt dialog box, there's special feature to choose public exponent E or private exponent D for Encryption.

Since the version 1.10 encrypted data are also saved in encrypted.hex file.

Since the version 1.09 the keypair can be now loaded from saved files into program.

Since the version 1.08 the primes P and Q are also saved into the file called primes.p12 when the button Save generated keys clicked.

Since the version 1.06 the program has a feature to save the generated keypair into the files public.key and private.key.

Since the version 1.04.03 the load of binary encrypted data is supported.

Since the version 1.04 there's Encrypt / Decrypt dialogbox included in the program.

In future versions there will be then new dialog box for encryption and decryption of any binary or text data using generated keys.

Program is tested in Windows 7/8.1/10.



Tool Updated: DUP

At: 2017-10-25 23:14:17

Listed in categories: Loader Generators, Memory Patchers, Patch Packaging Tools, Patcher Generators

Most recent version:
2.26.1

Most recent release date:
December 21, 2012

Description:
diablo2oo2's Universal Patcher - [dUP]

Probably the most capable patcher/loader creator out there...

Some recent version history

[2.26.1]
-bugfix in [text patch] module
-bugfix: plugins did not work with "/silent" paramenter
-bugfix: patching used files did not work with "/silent" paramenter

[2.26]
-added large file support for search & replace module
-patchercode now is stored in a DLL
-updated BeaEngine.dll (4.1 rev 172)
-fixed: backup files for [attached file] module
-added new filetime plugin
-added new log message plugin
-added new backup switch plugin
-added new find next file plugin
-fixed: patcher with plugins now can be packed
-new option to run patcher after creation
-new query option in [file check] module: check for write access
-show jump destination of [event] module in patchdata list
-fixed crash when open dUP2 project with large filename
-auto backup unsaved projects
-improved save system
-minor fixes

[2.25]
-bugfix: open files in sharemode
-new disassembler engine: BeaEngine
-improved search & replace comparison
-plugin dlls are loaded now on patcher startup
-updated plugin development kit
-added option to turn off backup by default

[2.24]
-improved compatibility for windows 2000
-usage of reg.exe instead of regedit.exe for registry patching
-added regular expressions (PCRE) support to [Text Patch] module
-added regular expressions (PCRE) support to [Registry Check] module
-added new plugin "Check Windows Version"

[2.23]
-fixed music playback bug
-fixed bug: open *.dUP2 files with dup2.exe
-fixed bug: crash when option "do not check original bytes" is enabled
-fixed bug: commandline parameter "/startupworkdir" did not work
-any bytepattern format will be accepted when it is pasted
-added plugin support
-added ASLR support
-added DLL patching support for the loader

[2.22]
-added console output for patcher
-fixed bug in "silent" mode
-fixed bug when using "multi-wildcard-mode"
-new option to fix the CheckSum in PE Header after patching
-more detailed patchlog
-removed "xmstrip"
-added console command (/setvar) for setting %dup2_cmd_var%
-new logo (thank you kr8Vity!)
-new menu structure

[2.21]
-new option to keep original file time and date
-new option to disable the WOW64 File System Redirector (for 64 Bit Patching)
-new option to import multiple file attachments
-new: tooltip for bytepattern shows now also the ASCII text of the bytepattern
-bugfix: inline patching should now also work on windows 7
-bugfix: improved inline patching method
-text patch: single wildcards (?) will not be cut out any longer at end and begin of the 'Find Text'
-added new "Registry Check" module
-improved access to 64 Bit registry (small bugfix)
-improved menu structure of dup2 gui (adding patchdata is now easier)
-bugfix: crash when open project

[2.20]
-added wildcard support for textpatch module
-windowresize bugs fixed
-minimize patcherwindow with rightmouseclick
-added new "Event" module for patcher. Now you can programm your patcher!
-added new "File Check" module for patcher
-bugfixes in textpatch module
-bugfix: executing attached files
-bugfix: problem with nested environment variables
-bugfix: tooltips will be shown without flicker effect on windows 7
-bugfix: increased pattersize limit for search & replace compare module
-fix: remove quotation marks from paths when reading fom registry

[2.19]
-new "Text-Patch" module !
-bugfix in s&r compare module
-other bugfixes from v2.18
-added linkcursor in patcherwindow
-registry editor now can import v5 reg files
-faster scrolltext engine
-better scrolltext font management
-new function: import long hexpatterns in offset-patch-dialog
-fixed loader_installer bug
-added support for relative paths (subfolders) for the targetfiles
-search & replace comments bugfix
-loader: registrypatcher bugfix
-added new internal environment variable: %dup2_last_path%
-skincontrols now can have transparent backgroundcolor (FFFFFFFF)
-now you can execute multiple search&replace loaders from same directory

[2.18]
-replaced WinExec API by ShellExecute for Windows Vista
-bugfix in Dialog for editing S&R Pattern Occurrence
-added check for skin button IDs
-improved window resizing engine
-added option "trim to path" for Registry Paths
-loader can save now targetfilepath to inifile when its not in same folder
-added TitchySID player for .sid file playback
-added new option for attached files: overwrite existing file
-added support for disabled patch button skin
-added multilanguage support
-fixed bug with tooltip width. long hexpatterns are displayed now in multiple lines
-compiled with new MASM v10
-bugfix when executing attached files
-bugfix for resource (skin) updater
-strings for patcher.exe can be modifed now inside a skin

[2.17]
-improved dup2 plugin for ollydbg v1.10
-long comments for search&replace patchdata now possible
-new v2m player (vista compatible) from http://magic.shabgard.org
-use targetfile information from s&r dialog in CheckOccurrence Dialog
-added function "back to releaseinfo" in patcher logbox
-bug fixed on vista systems with music playback
-"patch" button will be disabled after patching
-some fixes in projectconverter (for old v1.x dup projects)
-changed handling with unresolved environment variables
-original bytes not saved to compiled patcher when
"dont't check original bytes" option is enabled
-fixed bug when saving columnswidth of listviews
-new for Attached File: delete file after execute
-new for Attached File: wait for process
-added support for PECompact (optional commandline settings)
-manifest in resource is now avaible by default
-patcher: last used filepath will be stored inside %dup2_last_file% environment variable
-removed the ugly "flicker"-effect on bitmap buttons
-improved dumping (open projects from patcher.exe)
-advanced registry patching (usage of placeholders)
-changes in bitmapbutton code (please only use new
button names: BTN_PATCH_OVER ...)
-added fade in/out effect for patcher
-problem with the patchers topmost windows fixed
-removed option from settings dialog: dup file association
-important bugfix in loadercode (patching of protected memory)
-added option for registry patches: resolve environment variables
-fixed bug for musicplayback with bassmod.dll
-added textscroller feature
-fill patchinfdialog with default info only when new project is created
-and many more...



Tool Updated: PPEE (puppy)

At: 2017-10-10 20:07:19

Listed in categories: .NET Executable Editors, Dependency Analyzer Tools, Entropy Analyzers, Exe Analyzers, Executable CRC Calculators, Executable File Editors & Patchers, Export Editors, Hex Editors, Import Editors, Malware Analysis Tools, PE Executable Editors, Relocation Tools, String Finders

Most recent version:
1.09

Most recent release date:
October 10, 2017

Description:
This is a professional PE file explorer that lets you dig into all data directories available in the PE/PE64 file and edit them.
Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.
Two companion plugins are also provided. FileInfo, to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on. YaraPlugin, to test Yara rules against opened file.

Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details.

Puppy is free and tries to be small, fast, nimble and friendly as your puppy!

Features:

Both PE32 and PE64 support
Examine YARA rules against opened file
Virustotal and OPSWAT's Metadefender query report
Statically analyze windows native and .Net executables
Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
Edit almost every data structure
Easily dump sections, resources and .Net assembly directories
Entropy and MD5 calculation of the sections and resource items
View strings including URL, Registry, Suspicious, ... embedded in files
Detect common resource types
Extract artifacts remained in PE file
Anomaly detection
Right-click for Copy, Search in web, Whois and dump
Built in hex editor
Explorer context menu integration
Descriptive information for data members
Refresh, Save and Save as menu commands
Drag and drop support
List view columns can sort data in an appropriate way
Open file from command line
Checksum validation
Plugin enabled

Feel free to use it ;)



Tool Updated: Radare

At: 2017-10-10 13:50:29

Listed in categories: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers

Most recent version:
2.0.0

Most recent release date:
October 10, 2017

Description:
The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.



Tool Updated: WinApiOverride

At: 2017-10-10 10:16:18

Listed in categories: .NET Tracers, API Monitoring Tools, COM Monitoring Tools

Most recent version:
6.5.5

Most recent release date:
April 19, 2017

Description:
WinAPIOverride is an advanced api monitoring software for 32 and 64 bits processes.
You can monitor and/or override any function of a process.
This can be done for API functions or executable internal functions.

It tries to fill the gap between classical API monitoring softwares and debuggers.
It can break targeted application before or after a function call, allowing memory or registers changes; and it can directly call functions of the targeted application.
Main differences between other API monitoring softwares :
- You can define filters on parameters or function result
- You can define filters on dll to discard calls from windows system dll
- You can hook functions inside the target process not only API
- You can hook asm functions with parameters passed through registers
- You can hook hardware and software exceptions
- Double and float results are logged
- You can easily override any API or any process internal function
- You can break process before or/and after function call to change memory or registers
- You can call functions which are inside the remote processes
- Can hook COM OLE and ActiveX interfaces
- User types (enum, struct and union) and user defines are supported
- All is is done like modules : you can log or override independently for any function
- A library is provided for developers who intend to build their one hooking software



Tool Updated: Rasta Ring 0 Debugger (RR0D)

At: 2017-10-09 18:55:30

Listed in categories: Ring 0 Debuggers

Most recent version:
0.3

Most recent release date:
, 2006

Description:
Open source ring 0 debugger for both Windows, Linux and BSD.



Tool Updated: Cheat Engine

At: 2017-10-09 18:32:31

Listed in categories: Memory Patchers, Memory Search Tools

Most recent version:
6.7

Most recent release date:
June 7, 2017

Description:
Cheat Engine, also known as CE, is an open source and free software, most commonly used for cheating in games using a hex memory searcher and editor to allow people to modify memory addresses. It is currently the most popular cheating software used today. CE has influenced a lot of online games (although it does not work on most any more), as it is open source and can be modified to their needs. This program resembles L. Spiro's MHS, Tsearch, and ArtMoney. It searches for values input by the user with a wide variety of options such as "Unknown Initial Value" and "Decreased Value" scans. Cheat Engine can also create standalone trainers which function on their own without Cheat Engine.

Cheat Engine can also view the disassembled memory of a process and make alterations to give the user advantages such as infinite health, time or ammunition. It also has some Direct3D manipulation tools, allowing you to see through walls, zoom in/out and with some advanced configuration allows Cheat Engine to move the mouse for you to get a certain texture into the center of the screen. This is commonly used to create Aimbots.



Tool Updated: MasmBasic

At: 2017-10-09 17:27:25

Listed in categories: Programming Libraries

Most recent version:
2017.10.04

Most recent release date:
October 4, 2017

Description:
MasmBasic is a library that allows to use BASIC syntax in assembler, i.e. it is not a "separate" language but rather a library of macros and routines, fully compatible with the latest Masm32 SDK (version 11), MASM (version 6.15 and higher, e.g. version 8.0) and JWasm . While MasmBasic is pretty stable, it is still Assembler, therefore the usual disclaimers apply - do not use for military purposes, in hospitals and anywhere else where buggy applications could cause damage. You have been warned :)

To install the library, double-click MbSetup.exe in the downloaded archive.

For an overview of the about 200 functions available, see \Masm32\MasmBasic\MbGuide.rtf (after extracting the archive of course) or see the (incomplete) MasmBasic Quick Reference online.

Latest additions: For_ each x$ in My$(), improved Switch_, GetFiles returns UTF8 now, WebCam, GetProcessArray(), new GSL lib, Choose, fast MemSet, Instr_() and Sinus() , Data, Read, GuiXX functions, Split$, Join$, Filter$, commandline to Files$(), GfCallback, true Unicode, also in file I/O; UnzipFile, ArraySet, SetReg64 for 64-bit registry settings, ArrayMerge, Age(), GetRegArrays, unsigned LONGLONG in Str$(), ShEx, xls interface, ArrayPlot, AddWin$, WritePipe, Plugins, IsFolder(), wOpen, FileOpen$/FileSave$, also as Unicode versions, Extract$, Dialogs, COM support (CoInvoke, GuidsEqual(), IUnknown, VARIANT, ...), improved ANSI and Unicode commandline macros CL$()/wCL$(), improved xHelp, Launch$(), Try/Catch/Finally, ...

From June 2015 onwards, MasmBasic is Windows 8 compatible. From March 2015 onwards, float counters are valid in For_ ... Next. From 10 Feb 2015 onwards, xmm regs are preserved for all
MasmBasic commands. Note that simple Windows API calls can trash them on 64-bit versions of Windows.

Note that you need either JWasm (highly recommended) or at least ML.EXE version 6.15 to use the MasmBasic library; ML 6.14 (the old version that is included with the Masm32 SDK, see \Masm32\bin) is not sufficient, because MasmBasic contains SSE2 code.



Tool Updated: Solar Assembler (SolAsm)

At: 2017-10-09 17:09:16

Listed in categories: Assemblers

Most recent version:
0.36.38

Most recent release date:
August 13, 2016

Description:
SOLAR Assembler is a modern multipass macro assembler that can compile 16/32/64 bits code and runs on Windows, Linux, MacOSX and Solar_OS.

A few Features:
•Fast on huge and complex projects: 350.000 lines per second
•Can directly generate PE32/64, Binary 16/32/64, DLL32/64
•Can output OMF32, COFF32/64, ELF32/64 and MachO32 OBJ
•    Can encode 16/32/64 ASM code 
•     Strong recursive and nested MACRO system
•     Includes a rich set of High Level primitives:
•         .IF .ELSEIF .ELSE .ENDIF with AND/OR/NOT multiple conditions
•         PROC, ARGS, LOCALS, USES
•         INVOKE with ADDR support
•        STRUCT, ENUM, UNION
•         .REPEAT .UNTIL
•        MACRO, MARGS, VARARG, EXITM
•         #if, #ifdef, #if_used, #else
•        does not need PROTO, checks PROC arguments 
•     Includes mini in memory resource compiler
•     Emits Listing in standard text format
•     Emits Debug Output in COFF format and an easy to read text format
•     Multiplatform, runs on:
•        WIn95, Win98, Windows XP, VISTA, Windows 7 32 and 64 bits
•         Mac OS X 
•         Unix / Linux and other unix like OSes that can link with an ELF libc
•         Solar OS 
•     It is fully written in ASM, Compiles itself
•     Compiles huge and complex ASM projects like:
•         Solar OS
•         Hostile Encounter RTS Game 
•     Has a rich manual and a set of samples to get you started



Tool Updated: Ultra hash cracking tool

At: 2017-09-26 05:45:37

Listed in categories: Crypto Tools

Most recent version:
1.54

Most recent release date:
March 12, 2017

Description:
This cryptoanalytic tool is created for cracking one way hash function algorithms.
The program also can be useful as hash calculator. The feature of the new version is file hashing.

Ultra supports following hash algorithms:

•CRC32
•MD5
•SHA1
•SHA256
•SHA512
•HAVAL-3-128
•HAVAL-4-128
•HAVAL-5-128
•HAVAL-3-160
•HAVAL-4-160
•HAVAL-5-160
•HAVAL-3-192
•HAVAL-4-192
•HAVAL-5-192
•HAVAL-3-224
•HAVAL-4-224
•HAVAL-5-224
•HAVAL-3-256
•HAVAL-4-256
•HAVAL-5-256
•NTLM
•RIPEMD128
•RIPEMD160
•TIGER
•SNEFRU-4-128
•SNEFRU-4-256
•SNEFRU-8-128
•SNEFRU-8-256
•LMHash
•Whirlpool
•CRC16-CCITT
•GOST
•MYSQL
•MYSQL5
•eD2k
•PANAMA
•SHA3-224
•SHA3-256
•SHA3-384
•SHA3-512
•KECCAK224
•KECCAK256
•KECCAK384
•KECCAK512
•MD4
•MD2
•SHA224
•SHA384
•BLAKE224
•BLAKE256
•BLAKE384
•BLAKE512
•BLAKE2B
•BLAKE2S




Program uses bruteforce with different charsets and also random attack.
Exclusive option of this software is also ultrafast dictionary attack.

Release notes:

Since the version 1.54 there's a feature to save the generated hash to the binary file "hash.bin" and text file "hash.hex" in the program.

Since version 1.51.4.rc1 there's support for file hashing in this version and next versions of the Hash knife. There are still missing support for file hash in some algorithms. This will be implemented in future versions.

Since November 23, 2015 version 1.39s is available and contains variable salt string edit box. This version is available on the Website.

Since version 1.38 the program accepts zero length messages also as a Max. value (Min. = 0; Max. =0) to generate only zero length message.

Since version 1.31 Ultra handles zero length messages in brute force options (All combinations).

Program is tested in Windows 7/8.1/10.



Tool Added: Wtrace

At: 2017-06-26 00:46:42

Listed in categories: Tracers

Most recent version:

Most recent release date:
March 14, 2017

Description:
This application will trace in real-time all File I/O, TCP IP, ALPC and RPC operations performed by a given process. It works on Windows 7+ and requires .NET 4.5.2+. Wtrace stops when the traced process exits, or if you issue Ctrl+C in its command line.

Use pipeline to filter the events, e.g.: wtrace notepad ''



Tool Added: JPEXS Free Flash Decompiler

At: 2017-06-12 06:37:03

Listed in categories: Flash Decompilers, Flash Disassemblers, Flash Tools, Flash Unpackers

Most recent version:
Version 10.0.0

Most recent release date:
December 24, 2016

Description:
Exporting scripts, images, shapes, movies, sounds, fonts...
SWF to FLA conversion
SWF to XML export and import again
Various output formats like SVG or HTML5 Canvas
Displaying ActionScript source code.
Experimental direct editing of ActionScript source
Editing via assembler source
Integrated ActionScript debugger - step, breakpoints, set variables
Both ActionScript 1/2 and AS3 support
Clicking decompiled source highlights P-code associated instruction and vice-versa
Replacing images, editing texts, fonts and other tags
Displaying SWF resources (shapes, sprites, fonts, buttons...)
Editation of instance metadata
Hexadecimal dump view with color hilighting also available
Built-in proxy server for editing SWF files which come through it
Java based code which supports multiple platforms
Multilanguage support (see language list)
Can decompile some kinds of obfuscated code too.
Open SWF files hidden in loaders (AS3,Windows)
GFX Scaleform and Iggy 64 () files support
Quality software receiving many awards Awards
see [List of all features]



Tool Added: Pin

At: 2017-03-23 01:34:10

Listed in categories: API Monitoring Tools, Code Injection Tools, Programming Libraries, Reverse Engineering Frameworks

Most recent version:
81205

Most recent release date:
February 13, 2017

Description:
Pin is a dynamic binary instrumentation framework for the IA-32, x86-64 and MIC instruction-set architectures that enables the creation of dynamic program analysis tools. Some tools built with Pin are VTune Amplifier XE, Inspector XE, Advisor XE and SDE. The tools created using Pin, called Pintools, can be used to perform program analysis on user space applications on Linux, Windows and OS X*. As a dynamic binary instrumentation tool, instrumentation is performed at run time on the compiled binary files. Thus, it requires no recompiling of source code and can support instrumenting programs that dynamically generate code.


Pin provides a rich API that abstracts away the underlying instruction-set idiosyncrasies and allows context information such as register contents to be passed to the injected code as parameters. Pin automatically saves and restores the registers that are overwritten by the injected code so the application continues to work. Limited access to symbol and debug information is available as well.

Pin was originally created as a tool for computer architecture analysis, but its flexible API and an active community (called "Pinheads") have created a diverse set of tools for security, emulation and parallel program analysis.



Tool Added: Frida

At: 2017-03-23 01:08:26

Listed in categories: API Monitoring Tools, Android Tools, Code Injection Tools, IPhone Tools, Memory Data Tracing Tools, Network Monitoring Tools, Non-Intrusive Debuggers, Programming Libraries, Reverse Engineering Frameworks, Ring 3 Debuggers, Tracers

Most recent version:
9.1.19

Most recent release date:
March 22, 2017

Description:
Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.

It’s Greasemonkey for native apps, or, put in more technical terms, it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, Linux, iOS, Android, and QNX. Frida also provides you with some simple tools built on top of the Frida API. These can be used as-is, tweaked to your needs, or serve as examples of how to use the API.

Scriptable

Your own scripts get injected into black box processes to execute custom debugging logic. Hook any function, spy on crypto APIs or trace private application code, no source code needed!


Stalking

Stealthy code tracing without relying on software or hardware breakpoints. Think DTrace in user-space, based on dynamic recompilation, like DynamoRIO and PIN.


Portable

Works on Windows, macOS, Linux, iOS, Android, and QNX. Install the Node.js bindings from npm, grab a Python package from PyPI, or use Frida through its Swift bindings, .NET bindings, Qt/Qml bindings, or C API.


Why do I need this?

Great question. We’ll try to clarify with some use-cases:

* There’s this new hot app everybody’s so excited about, but it’s only available for iOS and you’d love to interop with it. You realize it’s relying on encrypted network protocols and tools like Wireshark just won’t cut it. You pick up Frida and use it for API tracing.

* You’re building a desktop app which has been deployed at a customer’s site. There’s a problem but the built-in logging code just isn’t enough. You need to send your customer a custom build with lots of expensive logging code. Then you realize you could just use Frida and build an application- specific tool that will add all the diagnostics you need, and in just a few lines of Python. No need to send the customer a new custom build - you just send the tool which will work on many versions of your app.

* You’d like to build a Wireshark on steroids with support for sniffing encrypted protocols. It could even manipulate function calls to fake network conditions that would otherwise require you to set up a test lab.

* Your in-house app could use some black-box tests without polluting your production code with logic only required for exotic testing.



Tool Updated: Resource Hacker (Reshacker)

At: 2016-09-11 07:06:30

Listed in categories: Resource Editors

Most recent version:
4.3.20

Most recent release date:
September 11, 2016

Description:
Now with PE64 support!!


Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

Viewing Resources: Cursor, Icon, Bitmap, GIF, AVI, and JPG resource images can be viewed. WAV and MIDI audio resources can be played. Menus, Dialogs, MessageTables, StringTables, Accelerators, Delphi Forms, and VersionInfo resources can be viewed as decompiled resource scripts. Menus and Dialogs can also be viewed as they would appear in a running application.

Saving Resources: Resources can be saved as image files (*.ico, *.bmp etc), as script files (*.rc), as binary resource files (*.res), or as untyped binary files (*.bin).

Modifying Resources: Resources can be modified by replacing the resource with a resource located in another file (*.ico, *.bmp, *.res etc) or by using the internal resource script compiler (for menus, dialogs etc). Dialog controls can also be visually moved and/or resized by clicking and dragging the respective dialog controls prior to recompiling with the internal compiler.

Adding Resources: Resources can be added to an application by copying them from external resource files (*.res).

Deleting Resources: Most compilers add resources into applications which are never used by the application. Removing unused resources can reduce an application's size.

Known limitation:
Resource Hacker will not read 16bit (Windows 3.1) executables.



Tool Added: PELock

At: 2016-07-16 22:47:03

Listed in categories: Packers

Most recent version:
2.01

Most recent release date:
July 17, 2016

Description:
PELock is a software security solution designed for protection of any 32 bit Windows applications against cracking, tampering and reverse engineering analysis.

PELock comes with a built-in licensing system, you can use it to easily add license key system for your application. You can also set various time-trial limitations for the protected application, e.g. 30 days trial.

You can closely integrate the protection and licensing features using dedicated SDK with hundreds of examples for C/C++, Delphi, Lazarus, Freepascal, PureBasic, PowerBASIC, D, Assembler with full source codes.

You can protect any compiled application file for Windows as long as it's compatible with Portable Executable format, no matter what programming language or development environment was used to create it.

PELock has a built-in binder for additional application DLL libraries, it's possible to merge your main application EXE file with any number of extra DLL libraries into single output EXE file.

PELock has been tested for all available 32 and 64 bit versions of the Windows operating system. And it's compatible with ALL of them.

Version History

v2.01

Engine

* relocation handling bug removed for ASLR enabled executable images

v2.0

* Protections

* new metamorphic engine
* new multilayer polymorphic engine
* detection of running and attached debuggers
* CRC file protection against modifications
* virtual machines detection
* new multi-thread protection approach
* import table redirection improved with an extra options
* emulation of standard WinApi functions
* generate white noise WinApi function calls
* relocate executable image at a random image base
* hide direct import table function calls
* hiding of COM object classes
* COM tracers detection
* network sniffers detection
* entrypoint antitrace protection
* initialization table protection for Delphi applications
* active detection of user defined cracking applications
* saving file passwords to the Windows Registry
* option to disable encryption of application's data with a password
* option to enter password from the command line
* macro analyzer added to analyze the proper placement of SDK macros in compiled binaries
* new protection macros PELOCK_CHECKPOINT and PELOCK_CPUID
* initialization callback functions PELOCK_INIT_CALLBACK
* memory protection macro PELOCK_MEMORY_GAP
* protected constant values PELOCK_DWORD
* protection presence detection with IsPELockPresent functions
* data encryption functions EncryptData / DecryptData
* current process memory encryption EncryptMemory / DecryptMemory
* more control over SDK system
* watermarks added
* watermark macros PELOCK_WATERMARK added
* region and language lock options
* default command line parameters
* support for the Windows service applications (services)
* allow only one instance option
* option to disable DEP protection for protected application
* option to check administration privileges
* option to disable visual styles for protected application
* Kaspersky Anti-Virus hooks compatibility added
* Microsoft Detours hooks compatibility added
* full compatibility of protected applications with latest operating systems Windows XP SP2/SP3 (32 bit), Windows XP (64 bit), Windows Vista (32bit / 64bit), Windows 7 (32bit / 64bit), Windows 8 (32bit / 64bit), Windows 8.1 (32bit / 64bit) and Windows 10 (32bit / 64bit)

License system

* A WHOLE NEW LICENSE SYSTEM
* support for the UNICODE version of API functions
* user name size limit increased up to 8192 bytes (8 kB)
* option to create license keys as a registry dumps (additional key format)
* option to save keys to the ZIP archive
* extra function to check license key status
* new time trial options
* remove local trial information from the Windows Registry
* setting key from the memory buffer
* additional 16 custom integers that can be stored in the license key
* drag & drop enabled for the user name field
* option to remove whitespace from the user name string
* encrypt all key data with hardware identifier
* users list sorted alphabetically (by name)
* improved support for loading project files from the command line
* new options to display nagscreens, display messages and open web pages for an unregistered applications
* read user list from the other project or import user list from the CSV file
* new function for disabling registration key
* function for reloading registration key
* function for setting your own hardware identifier routine
* reading license key running time
* more control over SDK's macros and some of the functions

Key generator

* brand new key generator
* Linux cgi-bin key generator
* PHP examples of how to generate keys online

SDK

* new and improved examples for C, C++, Delphi, Lazarus, PureBasic, PowerBasic, D, MASM
* SDK support for the MinGW / GCC Windows compilers, Pelles C, PowerBASIC (updated header files)
* CPELock class for the C++
* TPELock component for Delphi
* PELock class for D language

Interface

* new options window
* global options window
* it's possible now to change the window size
* it's now possible to change interface language without restarting the application
* recent files list, to see it click on the button marked with ◀, or click with the right mouse button on the filename field
* automatic hardware id field completion, hardware id is automatically pasted from the clipboard if you select this option
* updated FAQ section, e.g. MS Visual Studio C++ / Borland C++ / Delphi optimizations and encryption macros
* problem with large system fonts (120 DPI and higher) fixed
* tooltips handling improved
* "Edit" buttons replaced with icons
* auto complete of file, URL and directory paths within edit controls
* additional command line parameters
* optional clickless navigation in tab and treeview controls

Compression

* solid compression is used now to achieve better compression ratios
* option to test all compression algorithms and select the best
* option to disable application data compression
* disable resource compression option
* it's possible to select which resource types can and cannot be compressed
* added several compression algorithms, including QuickLZ, UCL, zlib, miniLZO, HLZ, BriefLZ, JCALG1 and Mini-LZ
* it's possible now to use custom compression library
* compression algorithm random selection

Other features

* generating antivirus friendly output files
* creating batch files to restore original files from the backup copies
* new option to save backup files to the selected directory
* digitally signing of the protected applications (support for double signatures)
* support for CFGuard and SAFESEH mitigation technologies
* TLS Callbacks functions support, fully compatible with all Windows versions
* option to preserve original file date
* option to preserve original file attributes
* option to preserve original zone identifier
* sound events
* new remote license system used by PELock
* nagscreen window at the application startup and exit
* detection of files protected with a Windows File Protection (WFP)
* use only one CPU power for protected application option
* set priority class for protected application process and for the loader itself
* delay execution option
* shut down the system after application exit
* memory leaks removed
* backup restoration rewritten
* merge empty sections
* fill alignment gaps between sections with random bytes
* align loader's size to the file alignment value
* option to remove exported functions structure
* load application libraries statically
* remove overlays option changed to copy overlays, additionally there are more options available to control overlays (like emulation)
* option to append your own file at the end of the protected file
* option to set the custom output file size
* support for the applications with UNC paths (WebDAV mechanism) to DLL libraries in import table
* support for configuration and project files larger than 64 kB regardless of the operating system

v1.06

* additional protection code redirection
* added active protection
* new api GetKeyExpirationDate
* new options automatically start protection process after file loading and exit application after successful file protection
* save log and clear log buttons added
* password protection fixed

v1.05

* hardware key id added
* new markers CLEAR_START i CLEAR_END
* additional options in DOS header optimization
* new option strip overlays
* compression level option
* password protection
* external keygen library added

v1.04

* additional key data option
* key expiration date option
* protection against code dumping

v1.03

* added CRYPT_START and CRYPT_END markers
* added additional anti-debug check
* auto association of .plk files
* v1.02

* added anti-filemon and anti-regmon checks in loader code
* command line support added e.g. "pelock c:\project.plk", "pelock e:\myfile\file.exe"
* fixed Delphi examples bugs
* v1.01

* English help file
* few bugs removed
* v1.0

* first official version of PELock



Views