PDA

View Full Version : [ Tool Box ]



Inprise
شنبه 05 آذر 1384, 11:01 صبح
سلام؛

ابزارهائی که به مفهوم امنیت نرم افزار ، مهندسی معکوس ، تجزیه و تحلیل کد و عملکرد نرم افزارها و حفاظت از اونها مربوط هستند اینجا معرفی میشن . اگر مایل بودید نرم افزار خاصی رو معرفی کنید از الگوی موجود تبعیت کنین یا مطلبتون حذف خواهد شد .

موفق باشید

Inprise
شنبه 05 آذر 1384, 11:10 صبح
Stud_PE The Portable Executables Viewer/Editor

view/edit PE basic Header information (DOS also):

-header structures to hexeditor;

view/edit Section Table:

- add new section;

view/edit Directory Table:

-Import/Export Table viewer;

-Import adder;

-Resource viewer/editor (save/replace ico/cur/bmp);

Pe Scanner (PEiD sig database):

-400 packers/protectors/compilers;

Task viewer/dumper/killer;

PEHeader/Binary file compare;

RVA to RAW to RVA;

Drag'nDrop shell menu integration;

Basic HexEditor;



http://itimer.home.ro/studpe.html

BOB
یک شنبه 06 آذر 1384, 20:37 عصر
LordPE By y0da
Task viewer/dumper
hugh PE editor (with big ImportTable viewer, ...)
Break'n'Enter (break at the EntryPoint of dll or exe files)
PE Rebuilder
dumpfix
realigning
wipe relocation
ImportTable rebuilder
validate PE (make a PE work on win2k)
Bind Imports
Change ImageBase
Section Table viewer
edit Section Headers
edit Section Header characteristics
hex edit Section
...
...


http://mitglied.lycos.de/yoda2k/LordPE/info.htm

Inprise
دوشنبه 07 آذر 1384, 18:16 عصر
Sinister is a reverse engineering utility that allow you to manipulate executables memory images in Linux. Features include:



* Memory Dump, allow you to dump process memory image w/ hex viewer built-in!

* Memory Map, allow you to map process memory image

* Memory Patch, allow you to patch (code-injection) the process memory image

* Binary I/O, support writing|reading binary images

* PID|Stand alone, allow you to attach to an exists process or start a new one

http://www.tty64.org (http://www.tty64.org/)

Inprise
سه شنبه 15 آذر 1384, 00:49 صبح
http://backerstreet.com/rec/types.jpg







REC is a portable reverse engineering compiler, or decompiler.



It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.

It is portable because it has been designed to read files produced for many different targets, and it has been compiled on several host systems.



RecStudio offers a modern user interface to REC's interactive mode.

A command line version is still available for Linux and Solaris hosts.



http://backerstreet.com/rec

Inprise
پنج شنبه 22 دی 1384, 23:43 عصر
USBTrace بهترین USB Monitor ای است که تا بحال باهاش کار کردم . محیط منعطف و قابل قبولی داره و هر چیزی که یک پورت مانیتور لازم داره رو میشه توش پیدا کرد .

http://www.sysnucleus.com/images/usbtrace_full1.jpg

http://www.sysnucleus.com/usbtrace_features.html

Developer Programmer
جمعه 12 خرداد 1385, 20:05 عصر
The aPE
What it is?
The aPE is a patcher program that can be used to patch packed/protected executable files. This is done by code insertion in packer/protector code so that the program can be patched normaly without the unpacking of the packed file. This means that you can now make smaller patches for packed executables [but you will still need to unpack the target and find bytes you want to patch]. There is no more need for distribution of larger unpacked files... The aPE can patch them while they are still packed!
http://ap0x.headcoders.net/



چیزی شبیه upx خودمون



UPolyx

www.delikon.de


واسه برنامه هایی که به زبان تلخ ویژوال بیسیک و به طریقه PCode کامپایل شده باشند


P32Dasm is a VB PCode Decompiler. It can generate String, Numbers, Objects
Import and Export function listing. There is also Jump calculator. You can
set shortcut to your favorite hex editor for fast patching. I personally
prefer Hiew.