Best Tools for Reverse Engineering Part 2
Reverse engineering is the process of analyzing a subject system to identify the system's components and their dealings, and to make representations of the system in choice form or at a to the front-thinking level of confiscation. The process of reverse engineering, which is portion of malware analysis, is clever using specific tools that are categorized as hex editors, disassemblers/debuggers, decompiles and monitoring tools. Remaning tools for Reverse Engineering are as follow:
Features
Hiew's features insert:
Built-in x86, x86-64 and ARMv6 assembler and disassembler.
Pattern searching in disassembler mode.
Support for NE, LE, LX, PE and tiny-endian ELF executable formats.
Built-in 64-bit calculator.
Supports files of arbitrary length.
The Netwide Assembler (NASM) is an assembler and disassembler for the Intel x86 architecture. It can be used to write 16-bit, 32-bit (IA-32) and 64-bit (x86-64) programs. NASM is considered to be one of the most popular assemblers for Linux.
NASM was originally written by Simon Tatham when reference from Julian Hall and is currently maintained by a small team led by H. Peter Anvin.[2] It is straightforward as pardon software out cold the terms of the simplified (2-clause) BSD license.
Wireshark is the world's foremost network protocol analyzer. It lets you see what's up as regards your network at a microscopic level. It is the de facto (and often de jure) taking place to okay across many industries and moot institutions.
Features
Wireshark has a rich feature set which includes the considering:
Hiew's features insert:
Built-in x86, x86-64 and ARMv6 assembler and disassembler.
Pattern searching in disassembler mode.
Support for NE, LE, LX, PE and tiny-endian ELF executable formats.
Built-in 64-bit calculator.
Supports files of arbitrary length.
The Netwide Assembler (NASM) is an assembler and disassembler for the Intel x86 architecture. It can be used to write 16-bit, 32-bit (IA-32) and 64-bit (x86-64) programs. NASM is considered to be one of the most popular assemblers for Linux.
NASM was originally written by Simon Tatham when reference from Julian Hall and is currently maintained by a small team led by H. Peter Anvin.[2] It is straightforward as pardon software out cold the terms of the simplified (2-clause) BSD license.
Wireshark is the world's foremost network protocol analyzer. It lets you see what's up as regards your network at a microscopic level. It is the de facto (and often de jure) taking place to okay across many industries and moot institutions.
Features
Wireshark has a rich feature set which includes the considering:
- Deep inspection of hundreds of protocols, yet again sentient thing supplementary every one single one the epoch
- Live take possession of and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs not far-off away off from Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark promote
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many every substitute capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed as soon as gzip can be decompressed vis--vis speaking the fly
- Live data can be admission from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending regarding your platform)
PE Tools
A stockpile of tools for your daily PE interactions: editors, analyzers, rebuild and resource extractors.
PE Editors
Cerbero PE Insider
Explorer Suite III Multi-Platform Version
Explorer Suite III Stand-alone Version
PE Editor in the past retain for: PE32, PE64, .NET, and process monitor/dumper
Lord PE 1.41 Deluxe b
PE Editing suite
ProcDump v1.6.2
Unpacker, Decryptor, PE Editor
PeStudio 8.42
PeStudio is a unique tool that performs the static psychotherapy of 32-bit and 64-bit executable
PE Analyzers
Crypto Searcher
Crypto has hundreds of signatures used to detect crypto algos used in a program
Detect it Easy 0.64
Another one PE identifier.
PEiD 0.95
PE Identifier, in the air of many enthralling plugins [ Include a functioning in progress userdb.txt; last update 25/06/2009 ]
PROTECTiON iD 0.6.6.6 October
The ultimate Game Protection Scanner
RDG Packer Detector 0.7.3
PE identifier, often bigger than PeId
Stud PE v. 2.6.1.0
Another PE identifier
PE Rebuilders
Import Recostructor 1.7 FINAL
Useful for rebuilding the IT of PE executable (PE+ not supported)
CHimpREC 1.0.0.1
Rebuilder for PE/PE+ executable
PE Tools 1.5.800.2006 RC7
Editor PE of files, Task Viewer, Win32 PE files optimizer, detector of compiler/packer and many auxiliary things
Relox 1.0a
Useful for rebuilding the Reloc table of an unpacked dll
A stockpile of tools for your daily PE interactions: editors, analyzers, rebuild and resource extractors.
PE Editors
Cerbero PE Insider
Explorer Suite III Multi-Platform Version
Explorer Suite III Stand-alone Version
PE Editor in the past retain for: PE32, PE64, .NET, and process monitor/dumper
Lord PE 1.41 Deluxe b
PE Editing suite
ProcDump v1.6.2
Unpacker, Decryptor, PE Editor
PeStudio 8.42
PeStudio is a unique tool that performs the static psychotherapy of 32-bit and 64-bit executable
PE Analyzers
Crypto Searcher
Crypto has hundreds of signatures used to detect crypto algos used in a program
Detect it Easy 0.64
Another one PE identifier.
PEiD 0.95
PE Identifier, in the air of many enthralling plugins [ Include a functioning in progress userdb.txt; last update 25/06/2009 ]
PROTECTiON iD 0.6.6.6 October
The ultimate Game Protection Scanner
RDG Packer Detector 0.7.3
PE identifier, often bigger than PeId
Stud PE v. 2.6.1.0
Another PE identifier
PE Rebuilders
Import Recostructor 1.7 FINAL
Useful for rebuilding the IT of PE executable (PE+ not supported)
CHimpREC 1.0.0.1
Rebuilder for PE/PE+ executable
PE Tools 1.5.800.2006 RC7
Editor PE of files, Task Viewer, Win32 PE files optimizer, detector of compiler/packer and many auxiliary things
Relox 1.0a
Useful for rebuilding the Reloc table of an unpacked dll
%2Bdork%2Blist%2Binfosec%2Baffairs.png)
Hello,
ReplyDeletethere is the newest version of DIE(Detect It Easy) _http://ntinfo.biz