Questions tagged [tools]

Use this tag for questions regarding recommendations of frameworks, libraries, programs or hardware tools used during the process of reverse engineering. Please avoid using this tag for tool-specific questions that do not have their own tag.

Tools are categorized by their main use, anything else goes to the bottom.

Reverse Code Engineering (RCE)

Debuggers

Cross-platform/Linux

dbx
GDB (GNU debugger, open source)
VDG

Windows

BugChecker (open source)
ImmunityDebugger
OllyDbg
pydbg (open source)
Syser Kernel Debugger (practically dead)
Visual DuxDebugger
WinAppDbg debugger (open source)
WinDbg

Disassemblers/Decompilers

biew aka beye (open source)
boomerang decompiler (open source)
HIEW
Hopper - also see hopper
IDA Pro, also the Hex-Rays Decompiler plugin (which requires IDA Pro) - also see idapro
- Limited freeware version with restrictions available here
- Plugins:
  - collabREate (open source)
  - CrowdRE
  - detpdb (open source)
  - Hex-Rays plugin contest winners (follow the links in the navigation pane, open source)
  - idados (open source), requires DOSBox
  - IDAPalace (open source)
  - IDA Toolbag (open source)
  - newgre.net plugins
PE.Explorer

Libraries, frameworks and perhaps actual disassembler all in one

BeaEngine (open source, LGPL license)
distorm64 (open source, BSD license) and distorm3 (open source, GPLv3 and commercial)
libdisasm (open source)
libudis86 and udcli (open source, alternative site)
miasm (open source)
radare2 (open source)

Hex editors

010 Editor
beye (open source)
frhed (open source)
Hex Editor Neo (freeware and commercial versions available)
Hexplorer (open source)
Hex Workshop
HT Editor (open source)
wxHexEditor (open source)

... anything not fitting the other categories

CFF Explorer (freeware)
DynamoRIO (open source)
file(1) (open source), comes with most unixoid operating systems or can be built on them, based on libmagic(3), Windows version here
firmware-mod-kit and binwalk (also included in the former, both open source)
hachoir
ldd(1) (open source)
N-CodeHook (open source)
N-InjectLib (open source)
nm(1) (open source)
PaiMei (open source)
PE Explorer
PEiD (and some signatures)
PIN framework
ssdeep (fuzzy hashes, open source)
strings(1) (open source), comes with most unixoid operating systems or can be built on them, alternative Windows version here (not open source!)
TrID file identifier (free for personal / non commercial use)
YARA (open source)

185 questions

votes

7 answers

Are there ready-to-go reverse engineering VMs?

In computer forensics & pentesting, there are live CDs that have a bunch of tools installed. This makes it easy to boot a machine and have a variety of tools for examining the HDD (for example). Are there VMs or live CDs with a bunch of RE tools…

tools

asked Mar 26 '13 at 14:58

EfForEffort

votes

3 answers

Where can I get reliable tools for RE?

I am looking for a reliable source to download RE tools such as: Lordpe Imprec Peid but it seems all the links in google are not safe, where can I buy or download it from a reliable not malwared source. Can I trust http://www.woodmann.com/ ?

tools

asked Jul 07 '13 at 20:39

0x90

votes

1 answer

How is Hopper on Windows or Linux?

Hopper seems to be focused on Mac, but how does its capabilities on Windows or Linux compares with the free version of IDA for reversing x86/x64 executables? Hopper seems to have all the major features IDA has; a graph view, ability to rename…

tools

asked Jun 28 '13 at 23:19

zer

votes

1 answer

Difference between Proxmark3 rdv4 & Proxmark3 evo

I am an advanced beginner in RFID/NFC reversing / hacking. For now, I have a mifare reader and I want to buy a better reader to able to perform advanced stuffs on both HF and LF (especially emulation and cloning). I've read on multiple websites…

tools

asked Dec 01 '18 at 20:23

niosega

votes

1 answer

What is a FAT header?

Today I saw a command line option in the output of otool (this is a MacOS X program, offering similar functionality as objdump) that is named: -f -- print the fat headers So, what are the fat headers ? I tried to Google 'fat headers' and 'fat…

tools

asked Oct 01 '14 at 15:20

PaulD

votes

1 answer

Is anyone building a python/ruby module to reuse 010 Editor templates?

I started using 010 Editor few days ago. Its template is amazingly powerful. But it's a shame these templates not able to be used directly with scripting languages like Ruby and Python. it's maybe a good personal project to build a python/ruby…

tools

asked Nov 24 '13 at 00:24

wangii

votes

0 answers

I need a tool to assist decompiling C++

I am trying to reverse engineer some C++ code that was made by "architecture astronaut", having multiple layers, lots of virtual functions, lots of polymorphism, metaprogramming, inlined stuff, and so on. I know that generating C++ from machine code…

tools

asked Jan 26 '16 at 03:06

speeder

vote

0 answers

How to speed up panda?

When looking for a reversing tool I discovered PANDA. Unfortunately, its performance is too slow. When I run some large programs in a virtual machine, the whole system becomes very slow and I can't debug the programs at all. Are there other faster…

tools

asked Jun 29 '19 at 06:53

xuetr178

vote

1 answer

Tools to find base64 strings in binary dumps

When looking at raw binary dumps are there any tools to help identify and decode base64 strings contained within? Essentially "strings", but taking into account base64.

tools

asked Oct 01 '15 at 13:21

Cybergibbons

1,762
2
17
26

votes

1 answer

Tomb Raider I Add Subtitle

I want to translate Tomb Raider 1 into my language. I am able to change texts in the menu but I also want to add subtitles to cutscenes. Is it possible to add subtitles to cutscene.phd files? Someone actually managed to add texts to cutscenes in…

tools

asked Jan 04 '18 at 22:12

someonewhowantstolearnenglish

votes

1 answer

How to log every memory read/write action and the registers of the action?

During runtime. With minimal performance impact on the target. Platform is Windows 7. Objective is to gather a lot of data for clustering and ML. To ultimately assist with protocol reversing. All input will also be logged including packets…

tools

asked Sep 23 '15 at 18:11

Mike Trebulay

-3

votes

1 answer

Please edit this .exe file. I beg you. At least tell me what can be done(No general answers) Specific please

There is this game called Mafia 2 and since its release modders hve been trying to access encrypted files in the game. It was not until the years 2013 and 2014 that a Russian modder that goes by the name of Y.u.s.i.k created programs with the sole…

tools

asked Jun 18 '18 at 20:15

osaru badiaru