~ Software reversing Tools ~
         Petit image Petit image    SrTools
Last update: June 2005

[Back to the Searching tools]

Softwareversing tools

[Basic tools] [Hexeditors] [Text editors and seek & replaces]
[Disassemblers] [Debuggers] [Monitors] [Program killers] [Resource editors]
[Software Customizers]

My tools pages are not only a "swiss blades" repository for newbies that begin to grasp the powerful reversers' and seekers' lore... the tools I have gathered should be quite useful for anyone that happens to be "lost on an alien computer", miles from home and without his trusted own-made CDs. This happens to me often enough, hence I find myself these pages quite useful :-) You'll find here (I hope) all the necessary tools to survive, secure your current box, AND reverse everything in sight. Some of these tools will even allow you to retaliate and strike back, should anyone dare to annoy you! This section will always be "in fieri", but I'll slowly add all sort of useful applications (uncracked and "abandoned", of course). Note that for correctness, the most recent versions og any given application are NOT to be found here (unless given explicit permission by the Authors). But, see, I would like as well to demonstrate that you DO NOT need (far from it :-) the most recent version of a given software... once you know what you have to do, you may use a dos program as well as the most recent frilly windozian version, with the advantage (if you use older versions) that you'll at least be sure that the program you use are not trojaning your data somewhere everytime you connect to the web!

Main advice of my "Tools" section:

DO NOT UPDATE YOUR SOFTWARE...
...unless you know pretty well how to reverse - and modify - it!
As a (simplistic) rule: the older your version, the less likely it is that it will [malbehave] and spy on you...
Softwareversing tools



Basic tools
Either you know what you use these tools for or you search & learn or just try and find out :-)
"Probieren geht über studieren"
Hexeditors
Either you know what you use these tools for or you search & learn or just try and find out :-)
"Probieren geht über studieren"

Text editors and seek & replaces
Either you know what you use these tools for or you search & learn or just try and find out :-)
"Probieren geht über studieren"


Disassemblers
Either you know what you use these tools for or you search & learn or just try and find out :-)
"Probieren geht über


[IDA!] idafree.zip, 12.522.567 bytes... lotta bytes, biggest appz on my tools page... but WHAT for bytes!: IDA, Ilfak's masterpiece, version 3.85B, is a truly MAGICAL ITEM, kindly offered by Ilfak Guilfanov & Pierre Vandevenne: BEST disassembler around when you really need to work... read what Pierre says about this release (end december 2000):
 I've just made a new FREEWARE version of our IDA Pro 
 disassembler available. It is basically last year's 3.85B 
 commercial release, which means that it even supports FLIRT 
 (Fasy Library Identification and Recognition Technology). 
 There is no catch : it is free, supports the DOS / WIN 80x86 
 file formats we supported at that time and a couple of other 
 things as well, no size limit, no time limit and is even 
 somewhat supported (we'll fix reported bugs if practical).
 We are releasing it for tree reasons:
- we are a bit tired of seeing poorly cracked versions going 
  around;
- we have made real progress with our new versions;
- we realize there is a need for a non pro to investigate 
  potentially hostile code on an amateur basis and that 
  the budget for the full version shouldn't be an obstacle.
 The file can be found on our ftp idafree.zip @ datarescue
 Our ftp is a bit overloaded is now, redistribution of the file 
 is ok, provided it is not altered.
So download it [here] (@ fravia's) and enjoy! This is a truly wondrous cadeau by Pierre and Ilfak for all present and future reversers entering the third Millennium! Note that there's a dedicated messageboard for IDA-matters, see [here].

NEW!: An average of ~300 copies downloaded daily... lotta future reversers, I hope! Maybe with their help we'll even be able to win our [GNU powered] battles for free knowledge against the evil forces of commercial darkness!
  sole1     
Magical
Item


Wdasm   (easy to find on the web)
(You will have to find it ojn the web by yourself: I'm still awaiting Peter Urbanik's permission to link to it, in the mean time you'll be able to find it all over the web with banal searches). If you start to use it for real, please do register it, I have seldom seen such an useful program around. In fact I paid for my copy of wdasm. This quick disassembler still beats ida when you want to defeat an easy protections or you need to perform some simple "on the fly" code-reversing investigations (i.e. 70% of times).
  sole1     
Precious
Item


Debuggers
If you don't know what these tools are for, nor what astounding deeds they can perform in our more and more "softwarocentric" world, be prepared to be amazed by the sheer cosmic power they will almost immediately grant you. Indeed the following tools are powerful weapons, as you'll learn as soon as you begin using them...

...a good software reverser that knows how to use his softice can easily nuke many a smart "billion-dollar" dot industry...
[Neue Zürcher Zeitung], January 2001


  • Microsoft's one (IWINDEBUG)
    Useful if you want to quickly disass a piece of simple software that has too many anti-softice tricks inside you would bother to deactivate...

  • Borland Turbo Debugger,
    Turbo Debugger is a powerful stand-alone debugging tool for use with the free Borland C++ Compiler. Turbo Debugger can be used to control 32-bit Windows application execution and to view the different aspects of the application (including program output, source code, data structures, and program values) at runtime.

    http://www.borland.com/products/downloads/


  • Ollydbg (Olly debug) by Oleh Yuschuk (thanks Oleh!)
    v.1.09d (2005) [odbg109d.zip] : 1076224 bytes
    Oleh Yuschuk keeps improving his wondrous debugger. Now with SSE support, powerful run trace, improved code analysis, new search options or customizable user interface.

    see http://home.t-online.de/home/Ollydbg/ for details
    OllyDbg is a 32-bit code level debugger for Windows. Emphasis on binary code analysis makes it particularly useful in all those cases where source code is unavailable... as Oleh points out ;-)

    A list of discussion for OllyDbg users, moderated by TBD is at http://www.ollydbg.f2s.com; another messageboard, in spanish, is at http://ollydbg.cjb.net/.

    Please note that OllyDbg is free!
    Oleh (Ollydbg{ALT+64}t-online{POINT}de) is a great soul and has no intention to make OllyDbg commercial. The program is rated as a shareware only for copyright reasons. Moreover Oleh plans to release the source of his disassembler under GPL!
      sole1     
    Precious
    Item


  • TRW2000 for Win95/98
    v.1.23 january 2001 [trw2000.zip] : 336060 bytes
    The chinese alternative to softice... by LiuTaoTao & ZhuNanHao
    Powerful Windows9x system debugger, traces DOS COM, DOS EXE,DPMI, 16bit NE,32bit PE programs, ring0 VxDs. It traces from Ring0 and supports complex breakpoints

  • GoVest
    v. 0.9b-1 November 2000 [govest.zip] : 1164370 bytes
    Win32 debugger and disassembler, by Ansgar Trimborn
    A debugger that _Mammon suggested. It is capabable of using source code information in COFF, PDB and VOM format

  • You may also wish to read this snippet by Dindon on how to debug a debugger...
    Finally, don't forget that wdasm -see "disassemblers", above- has also an useful and quite powerful (if somehow messy) debugger functionality inside itself...
    Monitors
    Either you know what you use these tools for or you search & learn or just try and find out :-)
    "Probieren geht über studieren"


    Filemon: [filesrc.zip] : 323906 bytes
    Mark Russinovich & Bryce Cogswell, @ [sysinternals] deserve the reversing Nobel, and more for their fabulous tools... (Process Explorer, Filemon, Regmon, and PsTools).      
      sole1     
    Precious
    Item



    API monitors: [apispy32.zip] : 209035 bytes
    Yariv's clever tool for API monitoring, here with source code (and yes, of course I asked his permission before posting it here). You'll have to edit your preferred APIs inside the text file C:\windows\APISpy32.api of course (see help-documentation). I don't believe YOU'll believe the many useful purposes this beautiful tool can be used for... version 3 will ever arrive?

    Program killers
    With a buggy operating system like windoze you'll need pview running all the time

    Pview: [pview.zip]: only 23404 bytes, but what for bytes!
    "Never again without pview" said fravia+ debugging a friend's continuously crashing computer

    Process viewer: [PrcView.zip], version 3.7.2.5: 94612 bytes, The new pview! By Igor Nys (packed with a command line versioin for your own scripts)
    (Click 'show module usage' and gasp at the messyness of windoze)

    Handleex [handleex40.zip] by Mark Russinovich
    On Windows NT/2K, you must have the DEBUG and LOAD DRIVER privileges to run HandleEx (administrator accounts have these privileges by default). HandleEx runs on Win9x/Me, Windows NT 4, and Win2K.
    Performs even better than pview, but has problems in killing itself (pview does it better)
    Resource editors
    Quite some tools in order to fiddle around and ameliorate buggy applications you do not happen to posses the source code of, you mighty reverser, you brave opensourcer... :-)

    Borland resourse workshop, version 4.5: [brw45.zip] : 2443613 bytes, but such a reversing wizard power!
    Ok, admittedly, old, obsolete, slow, whatever... but they don't do this kind of mighty tools anymore (actually they are trying to ban such tools... USE it and then let me know!
    You may want to read my old
    [ultrae2.htm] essay to understand what this (now abandonedware and public domain) tool can eventually do...


    Resource hacker: [reshack.zip] by Angus Johnson: 542549 bytes, mighty wizardish power for your software fiddling and reversing wishes!
    Thanks fake faulty: indeed it looks like Angus decided to develop good old borland trw! Vielen Dank Angus! :-)
    Ahem... let's see if you understand what the following words (could) mean... "Resources can be added to an executable as long as no resource of the same type, name and language id already exists. Select Action | Add a New Resource ... from the menu".
    Eh? :-)
    And do you grasp what the following words (could) mean?... "New controls can also be added. The Control Editor supports virtually all Microsoft’s currently defined standard and common control classes. User defined custom classes can also be added to the predefined list of classes by carefully editing the “dialog.def” text file which can be found in the same folder as Resource Hacker"
    Eheh :-)
      sole1     
    Precious
    Item



    Software customizers
    If you wish to kill ads, tweak whatever or re-enable some grayed options


    customiz.zip ~ 653537 bytes customiz.zip
    [The customizer per anthonomasia, version 1.10]
    You'll find this even more useful than poledit when your system administrator or your software programmer has chosen to 'disable' some options... :-)
    See for instance how you can modify on the fly the webferret bot in this essay. See also another interesting use of the customizer (tweaking EULAs) in this [conference of mine]

    customiz.exe ~ 692224 bytes: this is customiz.zip version 1.10 autoextracting as exe
    very useful when you need to perform some quick tweakings from -say- a web-café ;-)


    cust115.zip ~ 272528 bytes: cust115.zip
    [The customizer per anthonomasia, version 1.15]
    A ridicolous time check protection... any kid could set all FOUR occurrences of 000007D1 (if you have installed it in 2001) to -say- 00000BB9 with the result that the program will expire in 3001. (And if that's not enough... set all four to 00000FA1 :-) Maybe the good people at wanga should learn [some better tricks] to protect this most useful appz.
      sole1     
    Precious
    Items


    Petit image Petit image  Petit image

    (c) III Millennium: [fravia+], all rights reserved