Source code editor - Notepad++

What is Notepad++ ?

Notepad++ is a free (free as in both "free speech" and "free beer") source code editor and Notepad replacement that supports several programming languages and natural languages. Running in the MS Windows environment, its use is governed by GPL License.

Features

ºSyntax Highlighting and Syntax Folding
ºPCRE (Perl Compatible Regular Expression) Search/Replace
ºGUI entirely customizable: minimalist, tab with close button, multi-line tab, vertical tab and vertical document list
ºDocument Map
ºAuto-completion: Word completion, Function completion and  Function parameters hint
ºMulti-Document (Tab interface)
ºMulti-View
ºWYSIWYG (Printing)
ºZoom in and zoom out
ºMulti-Language environment supported
ºBookmark
ºMacro recording and playback
ºLaunch with different arguments

Download Notepad++

Read More

Advanced Win32 executable file compressor - ASPack (Full)

Obs, Create a virtual machine laboratory to test the software, I am not responsible for damages


ASPack is an advanced Win32 executable file compressor, capable of reducing the file size of 32-bit Windows programs by as much as 70%. (ASPack's compression ratio improves upon the industry-standard zip file format by as much as 10-20%.) ASPack makes Windows 2000/XP/Vista/7/8/10 and Windows Server 2003/2008/2012 programs and libraries smaller, and decrease load times across networks, and download times from the internet; it also protects programs against reverse engineering by non-professional hackers. Programs compressed with ASPack are self-contained and run exactly as before, with no runtime performance penalties.

Download ASPack

Read More

Ultimate Packet for Executables - UPX

Overview

UPX achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks for most of the formats supported, because of in-place decompression. 

UPX strengths in a nutshell:

ºexcellent compression ratio: typically compresses better than WinZip/zip/gzip, use UPX to decrease the size of your distribution!
ºvery fast decompression: ~10 MB/sec on an ancient Pentium 133, ~200 MB/sec on an Athlon XP 2000+.
ºno memory overhead for your compressed executables because of in-place decompression.
ºsafe: you can list, test and unpack your executables. Also, a checksum of both the compressed and uncompressed file is maintained internally.
ºuniversal: UPX can pack a number of executable formats.
ºportable: UPX is written in portable endian-neutral C++.
ºextendable: because of the class layout it's very easy to add new executable formats or new compression algorithms.
ºfree: UPX is distributed with full source code under the GNU General Public License v2+, with special exceptions granting the free usage for commercial programs as stated in the UPX License Agreement.

You probably understand now why we call UPX the "Ultimate Packer for eXecutables". UPX aims to be commercial quality free software, based on experience with our previous packers (DJP, lzop, and the NRV library).

Download UPX

Read More

PE Tools - PEiD

PEiD

Description

ºPEiD detects most common packers, cryptors and compilers for PE files.
ºIt can currently detect more than 470 different signatures in PE files.
ºIt seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.



Signatures

Update your signatures (initial file is empty). Replace the initial userdb.txt file with one of these files:

ºhttp://handlers.sans.org/jclausing/userdb.txt
ºhttp://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT
ºhttp://research.pandasecurity.com/blogs/images/userdb.txt

Section Viewer

PE disassembler

PE details

Extra information

Menu

Generic OEP Finder


In some cases, PEiD can find the Original Entry Point (OEP) of a packed executable:

Krypto Analyzer

Download PEiD

Read More

Debugging Tools for Windows - WinDbg

WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft.[1] Debugging is the process of finding and resolving errors in a system; in computing it also includes exploring the internal operation of software as a help to development. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode. Like the better-known Visual Studio Debugger it has a graphical user interface (GUI), but is more powerful and has little else in common.

WinDbg can be used for debugging kernel-mode memory dumps, created after what is commonly called the Blue Screen of Death which occurs when a bug check is issued.[2] It can also be used to debug user-mode crash dumps. This is known as post-mortem debugging.[3]

WinDbg can automatically load debugging symbol files (e.g., PDB files) from a server by matching various criteria (e.g., timestamp, CRC, single or multiprocessor version) via SymSrv (SymSrv.dll),[4] instead of the more time-consuming task of creating a symbol tree for a debugging target environment. If a private symbol server is configured, the symbols can be correlated with the source code for the binary. This eases the burden of debugging problems that have various versions of binaries installed on the debugging target by eliminating the need for finding and installing specific symbols version on the debug host. Microsoft has a public symbol server that has most of the public symbols for Windows 2000 and later versions of Windows (including service packs).[5]

Recent versions of WinDbg have been and are being distributed as part of the free Debugging Tools for Windows suite, which shares a common debugging back-end between WinDbg and command line debugger front-ends like KD, CDB, and NTSD. Most commands can be used as is with all the included debugger front-ends.

Download WinDbg 

Read More

PE Tools v1.5

New in this version:

ºAdded Generic OEP Finder
ºDumpFixer added to Section Editor
ºNew signatures added (Tnx: .Cryorb/dyn!o/DeMoNiX/Aster!x/FEUERRADER)
ºPE Sniffer code is optimized
ºAbility to increment SizeOfHeaders added
ºNew plugin added - Recover UPX by Quantum
ºAdded ToolBar
ºAll options are saved in INI file now
ºControl elements are changed a little in Sections Editor and Directory Editor
ºExamples of plugins in MASM32/Delphi are added to SDK
ºSignature creation utility (SignMan) is now distributed along with the main package
ºPE Tools won't allow to edit IMAGE_DOS_HEADER if offset on ºIMAGE_OPTIONAL_HEADER is less than size of IMAGE_DOS_HEADER
ºNew version of update module (UUpdateSystem.dll)
ºMMF functions are re-written
ºBug in File Location Calculator removed (Tnx: cyberbob)
ºBug in Kill Section (from file) removed
ºSmall bug in process dumper is removed
ºBug in Task Viewer removed
ºBug in Break & Enter removed
ºBug with options saving is removed
ºPE Tools now works fine on Win95 (Tnx: Lepton)
ºSections processing algorithm is significantly changed


Description:

This is a fully-functional utility for working with PE/PE +(64bit) files. Including: Editor PE of files, Task Viewer, Win32 PE files optimizer, detector of compiler/packer and many other things.

The basic functions of the program:

ºTask Viewer
ºProcess dump
ºDump Full
ºDump Partial
ºDump Region
ºAbility to dump .NET CLR processes
ºAutomatic removal of protection " Anti Dump Protection "
ºChange of a priority of process
ºKill process
ºLoading of process into PE Editor and PE Sniffer
ºGeneric OEP Finder
ºPE Sniffer
ºSearch of the compiler/packer used
ºAbility to update signature base
ºAbility to scan directories
ºPE Rebuilder
ºOptimization of a PE file
ºChange of PE address base of a file
ºPE Editor
ºEditing of DOS heading
ºSupport of new PE+(64bit) format
ºCRC correction
ºViewing and editing tables of import/export

Download PE Tools

Read More

System monitoring and debugging suite - Windows Sysinternals

Windows Sysinternals is a comprehensive suite of tools that can be used to debug, analyze, and monitor applications running on windows and even Windows operating system itself. An example of one of the more powerful tools in the suite is the Process Explorer which reports all of the files, directories, and programs that an application accesses during its execution.

Download Windows Sysinternals 

Read More

The GNU Project Debugger - GDB

The GNU Debugger, usually called just GDB and named gdb as an executable file, is the standard debugger for the GNU operating system. However, its use is not strictly limited to the GNU operating system; it is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Java[1] and partially others

Download GDB 

Read More

Immunity debugger

A debugger or debugging tool is a computer program that is used to test and debug other programs (the "target" program). The code to be examined might alternatively be running on an instruction set simulator (ISS), a technique that allows great power in its ability to halt when specific conditions are encountered. but which will typically be somewhat slower than executing the code directly on the appropriate (or the same) processor. Some debuggers offer two modes of operation—full or partial simulation—to limit this impact.

A "trap" occurs when the program cannot normally continue because of a programming bug or invalid data. For example, the program might have tried to use an instruction not available on the current version of the CPU or attempted to access unavailable or protected memory. When the program "traps" or reaches a preset condition, the debugger typically shows the location in the original code if it is a source-level debugger or symbolic debugger, commonly now seen in integrated development environments. If it is a low-level debugger or a machine-language debugger it shows the line in the disassembly (unless it also has online access to the original source code and can display the appropriate section of code from the assembly or compilation).

Download Immunity debugger 

Read More

Debugger - Ollydbg

OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a friendly interface, and its functionality can be extended by third-party plugins. Version 1.10 is the final 1.x release. Version 2.0 was released in June 2010, and OllyDbg has been rewritten from the ground up in this release. The software is free of cost, but the shareware license requires users to register with the author.[1] Although the current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors, a 64-bit version of the debugger has been promised

Reverse engineering

OllyDbg is often used for reverse engineering of programs.[3] It is often used by crackers to crack software made by other developers. For cracking and reverse engineering, it is often the primary tool because of its ease of use and availability; any 32-bit executable can be used by the debugger and edited in bitcode/assembly in realtime.[4] It is also useful for programmers to ensure that their program is running as intended, and for malware analysis purposes.

Download Ollydbg

Read More