Decompiling, Reverse Engineering, Disassembly, and Debugging [Tools]

What is Reverse Engineering?
Reverse-engineering is used for many purposes: as a learning tool; as a way to make new, compatible products that are cheaper than what’s currently on the market; for making software interoperate more effectively or to bridge data between different operating systems or databases; and to uncover the undocumented features of commercial products.
What is Software Cracking?
Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware. The distribution and use of cracked copies is illegal in almost every developed country.

 

Assembly Inspectors

ILSpy – a new .NET assembly inspector

Features

  • Assembly browsing
  • IL Disassembly
  • Decompilation to C#* Supports lambdas and ‘yield return’
    * Shows XML documentation
  • Saving of resources
  • Search for types/methods/properties (substring)
  • Hyperlink-based type/method/property navigation
  • Base/Derived types navigation
  • Navigation history
  • BAML to XAML decompiler
  • Save Assembly as C
  • Project
  • Find usage of field/method
  • Extensible via plugins (MEF)

.NET Reflector – Browse, analyze, decompile and debug .NET code
Features

  • Debug assemblies without source code using the Visual Studio debugger
  • Decompile and explore .NET assemblies inside Visual Studio
  • Serve as a powerful object browser
  • Decompile .NET code to understand how it works
  • Learn or teach the complexities of a .NET language
  • Provide a better alternative to library documentation
  • Recover lost or unavailable source code
  • Locate performance issues
  • Analyze dependencies
  • Check obfuscation

Debuggers
OllyDBG v1.10 – an assembly level analysing debugger
Features

  • Directly loads and debugs DLLs
  • Object file scanning – locates routines from object files and libraries
  • Allows for user-defined labels, comments and function descriptions
  • Understands debugging information in Borland® format
  • Saves patches between sessions, writes them back to executable file and updates fixups
  • Open architecture – many third-party plugins are available
  • No installation – no trash in registry or system directories

Immunity Debuger – Knowing You’re Secure
Features

  • A debugger with functionality designed specifically for the security industry
  • Cuts exploit development time by 50%
  • Simple, understandable interfaces
  • Robust and powerful scripting language for automating intelligent debugging
  • Lightweight and fast debugging to prevent corruption during complex analysis
  • Connectivity to fuzzers and exploit development tools

IDA – the world’s smartest and most feature-rich disassembler
Features

  • Multi-hosted application
  • Multi-processor disassembler
  • Fully programmable environment
  • Complete plugin programming
  • Local and remote debugger
  • Hostile code analyzer
  • COTS validation

Memory Editors
MHS – an average memory editor
Features

  • Data type search
  • String search
  • Pointer search
  • Group search
  • Sub search
  • Script search
  • RAM watcher
  • Hex viewer
  • Executable breakpoints
  • Conditional breakpoints

CheatEngine – an open source memory scanner
Features

  • Open-source
  • Memory scanner
  • Variable scanner
  • Variable changer
  • Debugger
  • Disassembler
  • Assembler
  • “Speedhack”
  • System inspection tools
  • Direct manipulation tools

Packet Editors
WPE Pro – a professional level packet editor
Features

  • Analyze network problems.
  • Detect network intrusion attempts.
  • Gain information for effecting a network intrusion.
  • Monitor network usage.
  • Gather and report network statistics.
  • Filter suspect content from network traffic.
  • Reverse engineer protocols used over the network.
  • Debug client/server communications.

Packing Detector
PEiD – a packing detector that detects the most common packers, cryptors and compilers for PE files
Features

  • Superb GUI and the interface is really intuitive and simple.
  • Detection rates are amongst the best given by any other identifier.
  • Special scanning modes for *advanced* detections of modified and unknown files.
  • Shell integration, Command line support, Always on top and Drag’n’Drop capabilities.
  • Multiple file and directory scanning with recursion.
  • Task viewer and controller.
  • Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
  • Extra scanning techniques used for even better detections.
  • Heuristic Scanning options.
  • New PE details, Imports, Exports and TLS viewers
  • New built in quick disassembler.
  • New built in hex viewer.
  • External signature interface which can be updated by the user.

PROTECTiON iD – an automatic protection scanner
Features

  • detection of every major PC ISO Game / Application protection
  • currently covers 499 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers
  • sector scanning CDs / DVDs for Copy Protections
  • files / folders can simply be drag & droped into pid
  • strong scanning routines allowing it to detect multiple protections
  • easy scanning via shell context menu
  • usefully misc tools included
  • coded 100% in Win32 assembly language
  • fully 32bit & 64bit compliant
  • working from Win9x to Windows 7

Unpackers and Rebuilders
QUnpack – an easy way to unpack executables
Features

  • Delta for RDTSC now affects the GetTickCount
  • Updated Lua to 5.1.3
  • Updated generic OEP finder of UsAr
  • Modified generic OEP finder from Human to find OEP in a DLL
  • Modified generic OEP finder of deroko to find OEP in a DLL
  • Added ability to keep a log from the main menu
  • Added support for multiple languages, it is enough to create a lng-file and mount it in the window preferences
  • Added to restore the table initialization for Delphi. Should be included only when convinced that a program written in Delphi
  • Added several new functions and variables to script
  • Changed little hook RDTSC, when installed in high bit delta, the delta is calculated independently

ImpREC – the world’s most famous IAT rebuilder tool.
Features

  • Imports
  • An original tree view
  • 2 different methods to find original imports (by IAT and/or API calls)
  • A *FULL* complete rebuilder (including a new fresh IAT)
  • An analyzer and ripper of redirected API code
  • An injected loader code to support mix of imports + ripped code in a thunk
  • A heuristic relocator
  • Tracers
  • 3 default tracers (disasm, hook & ring3) to find APIs in redirected code
  • A plugin interface to develop your own tracers
  • Support ALL 32/64bits Windows (9x, ME, NT, 2k, XP and Vista32/64)
  • An export renormalizer for Win9x/ME (ala Icedump)
  • A built-in coloured disasm/hex-viewer to analyze the redirected code
  • A built-in dumper
  • Support almost all known antidump tricks

Hex Editors
HexDecCharEdit – more than a common hex-editor
Features

  • Allows viewing, modification, searching, comparisons, and analysis of binary files
  • Supports colored marks
  • Hexadecimal/decimal output and input
  • Bytes are displayed as ASCII characters
  • Data can be loaded directly from the clipboard

Leave a Reply