Source: readme T.Việt: Đây là công cụ phác thảo để xây dựng lại các hàm đầu vào cho 1 chương trình đã được bảo vệ hoặc nén trên Win32.. Nó cũng có thể xen vào trong đầu ra của chương tr
Trang 1ngắt được sử dụng để dừng quá trình thực thi của một chương trình
2 OllDBG : là 1 chương trình dịch hợp ngữ 32-bit với mức là phân tích gỡ rối trên
Windows Nó phân tích mọi chương trình dưới dạng mã Assembler, với việc phân tích này khiến OllyDbg đặc biệt hữu ích trong các trường hợp chương trình ko có tệp tin nguồn Nó còn cho ta thấy được giá trị của các thanh ghi, các thủ tục, lệnh gọi hàm API, các bảng, hằng số, chuỗi ký tự v.v… Ngoài ra ta còn có thể ghi chú thích tại các dòng lệnh Nói chung đây là một công cụ phổ biến được các Crackers
ưa dùng nhất OllyDBG là 1 chương trình hoàn toàn miễn phí, bạn có thể
download và sử dụng nó tại địa chỉ http://home.t-online.de/home/Ollydbg
5 PEiD: : Đây là loại công cụ có thể nhận biết được hầu hết các loại chương trình
nén, mã hóa phổ biến Hiện nay nó có thể nhận biết được hơn 600 dấu hiệu
(signatures) khác nhau trong PE files
Bài viết #1 của hacnho
2.Import REConstructor: This tool is designed to rebuild imports for
protected/packed Win32 executables It
reconstructs a new Image Import Descriptor (IID), Import Array Table (IAT) and all ASCII
module and function names It can also inject into your output executable, a loader which
is able to fill the IAT with real pointers to API or a ripped code from the
protector/packer
(very useful against emulated API in a thunk)
( Source: readme)
T.Việt: Đây là công cụ phác thảo để xây dựng lại các hàm đầu vào cho 1 chương trình đã được bảo vệ hoặc nén trên Win32 Nó xây dựng lại một sự miêu tả ảnh nhập (IID) , mảng bảng nhập (IAT), tất cả các module và tên hàm Nó cũng có thể xen vào trong đầu ra của chương trình của bạn, một chương trình nạp (loader) cũng
có thể phủ đầy IAT với con trỏ thực tới hàm API hoặc 1 đoạn mã đã được cắt ra từ chương trình đã được bảo vệ hoặc nén
Bài viết #1 của Merc:
3 HIEW: Basically HIEW is a hex viewer for those who need to change some
Trang 2bytes in the
code (usually 7xh to 0EBh) Hiew can view files of unlimited length in text,
hex, and Pentium(R) 4 disassembler mode
T.Việt: Đây là 1 công cụ dùng để chỉnh sửa chương trình dưới dạng hex (tức hệ
thập lục phân) trong môi trường DOS, rất hữu ích cho những người muốn thay đổi
1 vài bytes trong đoạn mã của chương trình
Features:
þ Text/hex mode editor
þ Built-in Pentium(R) 4 assembler
þ Physical & logical drive view & edit
þ Creating new files
þ Search and replace in blocks
þ Context help (however help file is not necessary for starting HIEW)
þ Search for assembler command wildcards
þ Keyboard macros
þ Built-in 64-bit calculator
Source (readme)
1.CFF Explorer
Quote:
This is PE Editor with full support for PE32/64 Special fields description and modification, utilities, rebuilder, hex editor First PE Editor with support for NET internal structures Resource viewer (bitmaps, icons, cursors etc are all dumpable
on disk) with support for NET manifest resources (who are dumpable as well)
Copyright (C) Ntoskrnl (Daniel Pistelli)
(source from homepage:http://www.ntcore.com)
2.Hex Workshop
Quote:
This is a set of hexadecimal development tools for Windows 9x,
NT, 2000, and XP It combines advanced binary editing with the ease and
flexibility of a word processor With Hex Workshop you can edit, insert,
delete, cut, copy, and paste hex, print high quality customizable hex
Trang 3dumps, and export to RTF or HTML for publishing Additionally, you can
goto, find, replace, compare, and calculate checksums within a file
Copyright (C) BreakPoint Software
(source from readme)
3.LordPE
Quote:
It is a tool e.g for system programmers which is able to edit/view many parts of
PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,
Copyright (C) yoda
(source from homepage:http://y0da.cjb.net/)
4.PEiD
Quote:
PEiD detects most common packers, cryptors and compilers for PE files It can currently detect more than 600 different signatures in PE files
Copyright (C) snaker - Qwerton - Jibz
(source from readme)
5.PE Explorer
Quote:
This is a multi-purpose PE (portable executable) file editor and binary header analysis tool for Windows developers It tells you just about every little detail you could possibly want to know about a PE file (exe, dll, ActiveX, and several other executable formats) PE Explorer comes with a Visual Resource Editor, PE Header Viewer, Exported/Imported API Function Viewer, API Function Syntax Lookup, Dependency Scanner and Easy Disassembler
Copyright (C) Heaventools Software
(source from readme)
6.PEQuake
Quote:
PEQuake is a win32 executable protector from China It seems that it's modified from Hying's PE-Armor, has some excellent feature, can encrypt Import, special code and resources
Trang 4The soft is designed to protect your program, and the protected file will start up with a cool logo
Copyright (C) fORGAT
(source from readme)
7.PE Tools
Quote:
Professional utility for the work with PE/PE+(.64bit) by files, that includes: editor
PE is file, Task Viewer, optimizer Win32 PE is file, the detector of the compiler / packer and much other
Copyright (C) NEOx
(source from homepage:http://neox.iatp.by/petools.html)
8.Quick Unpack
Quote:
The program is intended for fast (in 2 seconds) unpacking simple packers (UPX, ASPack, PE Diminisher, PECompact, PE-PACK, PackMan, WinUPack and many others) Quick Unpack tries to bypass all possible scramblers/obfuscators From the version 1.0 the opportunity of unpacking dll is added This opportunity makes Quick Unpack unique software product which has no similar analogues in the world!
Copyright (C) FEUERRADER [AHTeam]
(source from readme)
9.Resource Binder
Quote:
Program for restoring the section of resources after the removal of packer
/protector Program automatically creates at the end of the file the new section of resources and it completely reconstructs all resources into this section Optionally
it will be possible to after this reset to zero the old section of resources and
optimize the file
Copyright (C) SetiSoft Team
(source from readme)
10.Trial-Reset
Quote:
Trang 5This is an registry cleaning tool The main function of Trial-Reset is remove the keys generated by commercial and freeware protector
Trial-Reset not crack the program but only extend the Trial Period
Copyright (C) The Boss and All RSR Team
(source from help file)
11- IDA
Quote:
IDA is an interactive disassembler It means that the user takes active participation
in the disassembly process IDA is not an automatic analyser of programs IDA will hint you of suspicious instructions, unsolved problems etc It is your job to inform IDA how to proceed
(readme)
Quote:
The IDA Pro Disassembler and Debugger is an interactive, programmable,
extendible, muti-processor disassembler hosted on the Windows
platform.Universally acclaimed as the best disassembler money can buy, IDA Pro has become the de-facto standard for the analysis of hostile code and is quickly establishing itself as a major tool in the field of vulnerability research
{hacnho tut :D)
12- ABEL
Quote:
ABEL is loader generator tool, that allows you to generate loaders And ABEL means:
A ny
B uild
E nabled
L oader
(readme)
13- Dede
Quote:
DeDe is a very fast program that can analyze executables compiled with Delphi 2,3,4,5 and Builder and give you the following:
- All dfm files of the target You will be able to open and edit them with Delphi
- All published methods in well commented ASM code with references to strings,
Trang 6imported function calls, classes methods calls, components in the unit,Try-Except and Try-Finally blocks
(By default DeDe retrieves only the published methods sources,
but you may also process another procedure in a executable
if you know the RVA offset using the Tools|Disassemble Proc menu.)
- A lot of additional information
- You can create a Delphi project folder with all dfm,
pas, dpr files Note: pas files contains the mentioned
above well commented ASM code
They can not be recompiled !
You can also:
- View the PE Header of all PE Files and change/edit the sections flags
- Use the opcode-to-asm tool for translating intel opcode to assembler
- Use RVA-to-PhysOffset tool for fast converting physical and RVA addresses
- Use the DCU Dumper (view dcu2int.txt for more details) to retrieve near to pascal code of your DCU files
- Use BPL(DPL) Dumper to see BPL exports and create symbol files to use with DeDe disassembler
- Disassemble a target EXE directly from memory in case of a packed exe
(readme)
14- Resource Hacker
Quote:
Resource Hacker is a program has been designed to:
1 View resources in Win32 executable files (*.exe, *.dll, *.cpl, *.ocx) and in
Win32 resource files (*.res) in both their compiled and decompiled formats
2 Extract (save) resources to file in (*.res) format, as a binary, or as decompiled resource scripts or images
Icons, bitmaps, cursors, menus, dialogs, string tables, message tables, accelerators, Borland forms and version info resources can be fully decompiled into their
respective formats, whether as image files or *.rc text files
3 Modify (rename or replace) resources in executables or resource files
Image resources (icons, cursors and bitmaps) can be replaced with an image from a corresponding image file (*.ico, *.cur, *.bmp), a *.res file or even another *.exe file
Dialogs, menus, stringtables, accelerators and messagetable resource scripts (and
Trang 7also Borland forms) can be edited and recompiled using the internal resource script editor
Resources can also be replaced with resources from a *.res file as long as the
replacement resource is of the same type and has the same name
4 Add new resources to executables or resource files
Enable a program to support multiple languages, or add a custom icon or bitmap (company logo etc) to a program’s dialog
5 Delete resources Most compilers add resources into applications which are never used by the application Removing these unused resources can reduce an application’s size
(readme)
15- NET Reflector
Quote:
Reflector is a class browser for NET components It allows browsing and
searching the meta data, IL instructions, resources and XML documentation stored
in a NET assembly
(readme)
16- dUP
Quote:
dUP(diablo2oo2's Universal Patcher) is a powerfull multiple file patchengine
(readme)
17- aPE