Section: .. / linux / reverse-engineering /
| /// File Name: |
Linux_Memory_Tools-0.2.tar.gz |
Description:
|
Linux Memory tools are a set of Linux tools (Python, C and ASM) which aim is to facilitate exploit development. These tools can be used to dump process memory, search for patterns and quickly find OPCODEs location addresses (instructions and mnemonics are functional but still in development). OPCODE search is possible on an instant memory snapshot or using a file dump. These tools are been quickly coded and should be considered as helpful scripts. Return addresses or shellcode locations can be found instantly.
| | Author: | Pierre BETOUIN | | Homepage: | http://securitech.homeunix.org/lmt/ | | File Size: | 14165 | | Last Modified: | Oct 4 00:36:59 2006 |
| MD5 Checksum: | ee818078aefb095992a0780c0ca86651 |
|
| /// File Name: |
PaiMei-1.0-REV88.zip |
Description:
|
PaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more.
| | Author: | Pedram Amini | | Homepage: | http://www.openrce.org/ | | Related File: | RECON2006-Amini.zip | | File Size: | 1793904 | | Last Modified: | Jul 26 09:44:58 2006 |
| MD5 Checksum: | c6c346b11574ff33f6fd33bb5b843f60 |
|
| /// Directory: |
/ old-req / |
Description:
|
Old Reverse Engineer's Query Tool versions
| | Total Files: | 1 | | Last Modified: | Sep 14 09:17:20 2004 |
|
| /// Directory: |
/ old-reap / |
Description:
|
Old Reverse Engineer's Assembly Producer versions
| | Total Files: | 3 | | Last Modified: | Sep 14 09:17:18 2004 |
|
| /// File Name: |
elf-0.5.4p1.tar.gz |
Description:
|
elf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more.
| | Author: | Samy | | Homepage: | http://www.kerneled.org/projects/elf/ | | File Size: | 48076 | | Last Modified: | Sep 9 07:26:18 2004 |
| MD5 Checksum: | 764d94eaa8f4ef6bdd12994a507fd9fc |
|
| /// File Name: |
reverse_backdoored_binaries.txt |
Description:
|
Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
| | Author: | borg | | Homepage: | http://www.cr-secure.net/ | | File Size: | 28027 | | Last Modified: | Apr 19 15:49:00 2004 |
| MD5 Checksum: | 44254a0ab92d356cf69959d3c8060f44 |
|
| /// File Name: |
rec16lx.zip |
Description:
|
REC is a portable reverse engineering decompiler which reads an executable file and attempts to produce a C-like representation of the code and data used to build it. It can decompile 386, 68k, PowerPC, and MIPS R3000 programs and recognizes the following file formats: ELF (System V Rel. 4, e.g. Linux, Solaris, etc.), COFF (System V Rel. 3.x, e.g. SCO), PE (Win32 .EXE and .DLL for Microsoft Windows 95 and NT), AOUT (BSD derivatives, e.g. SunOS 4.x), Playstation PS-X (MIPS target only), and raw binary data (via .cmd files).
| | Homepage: | http://www.backerstreet.com/rec/rec.htm | | File Size: | 311993 | | Last Modified: | Dec 14 23:46:32 2003 |
| MD5 Checksum: | a347303252e10cba03e8f0d29d91d33d |
|
| /// File Name: |
valgrind-2.0.0.tar.bz2 |
Description:
|
Valgrind is a GPL'd tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. You can use it to debug most dynamically linked ELF x86 executable, without modification, recompilation, or anything. If you want, Valgrind can start GDB and attach it to your program at the point(s) where errors are detected, so that you can poke around and figure out what was going on at the time.
| | Author: | Nick Nethercote | | Homepage: | http://valgrind.kde.org | | File Size: | 710902 | | Last Modified: | Nov 21 20:04:02 2003 |
| MD5 Checksum: | 1f6a90d0ca494fb75eaeef498e8252b5 |
|
| /// File Name: |
procshow-1.0.tar.gz |
Description:
|
Procshow is a tool to analyze live processes. It shows ELF information as objdump, nm, readelf, etc but using a file in a runtime state. It helps an end user learn about a process, detect anomalies, backdoors, and holds various other uses.
| | Author: | zb0, cuco | | Homepage: | http://procshow.whatever.org.ar | | File Size: | 1094726 | | Last Modified: | Oct 9 08:01:49 2003 |
| MD5 Checksum: | a289e7404f6725f20f3d49406b4b0660 |
|
| /// File Name: |
elfsh-0.51b3-portable.tgz |
Description:
|
Elf Shell v0.51b3-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable.
| | Author: | mayhem | | Homepage: | http://elfsh.devhell.org/ | | Changes: | It works on Linux, NetBSD, FreeBSD, and Solaris for the INTEL and SPARC architectures. It provides ET_REL injection into ET_EXEC for both arch, and INTEL control flow graphs, as well as a lot of new improvements, as featured lastly in The Cerberus ELF interface article in phrack #61. | | File Size: | 136679 | | Last Modified: | Sep 13 08:32:48 2003 |
| MD5 Checksum: | e8073d475e82dc911a7ebfa6f2567719 |
|
| /// File Name: |
elfsh-0.5b8-linux.tgz |
Description:
|
Unavailable.
| | File Size: | 145327 | | Last Modified: | May 23 17:54:49 2003 |
| MD5 Checksum: | 40109b53481ca28c7f708834fe19e765 |
|
| /// File Name: |
anti-ptrace.txt |
Description:
|
Linux LKM that disables ptrace abilities in the 2.4.x kernels.
| | Author: | sacrine | | Homepage: | http://www.netric.org/ | | File Size: | 2359 | | Last Modified: | Apr 16 08:24:37 2003 |
| MD5 Checksum: | 733b5e9e6be20f03180a6fce8f8f6c07 |
|
| /// File Name: |
elfsh-0.5b6-pre1-LINUX.tgz |
Description:
|
Unavailable.
| | File Size: | 266678 | | Last Modified: | Mar 27 09:49:20 2003 |
| MD5 Checksum: | fe9f3735511c7910cf35b7c2a9408ace |
|
| /// File Name: |
oOps.c |
Description:
|
oOps.c grabs hardcoded strings from binary files. Shows rootkit passwords and other information that is encoded character at a time to avoid binary examination like the strings command. Tested on Linux.
| | Author: | Gunzip. | | File Size: | 1551 | | Last Modified: | Jan 5 16:49:56 2003 |
| MD5 Checksum: | c16cd712e1571f6a4b3095de4011a13e |
|
| /// File Name: |
LDasm-0.04.53.tar.gz |
Description:
|
LDasm (Linux Disassembler) is a Perl/Tk-based GUI for objdump/binutils that tries to imitate the look and feel of W32Dasm. It searches for cross-references (e.g. strings), converts the code from GAS to a MASM-like style, and much more.
| | Author: | Ravemax | | Homepage: | http://rover.wiesbaden.netsurf.de/~ravemax/ldasm.htm | | Changes: | Fileoffset is calculated and is displayed. Screen shot here. | | File Size: | 60655 | | Last Modified: | Dec 18 22:58:03 2002 |
| MD5 Checksum: | db571e90f47d43062072b6131c639ee6 |
|
| /// File Name: |
anti-anti-dbg.c |
Description:
|
anti-anti-debug is a Linux kernel module that is used to stop the technique currently implemented into closed source Linux binaries that disallow or restrict debugging and tracing with tools like gdb and strace.
| | Author: | SLACKo | | File Size: | 1028 | | Last Modified: | Nov 2 22:50:00 2002 |
| MD5 Checksum: | 493e3fcae4f98e41bdf3da4e042f4bd4 |
|
| /// File Name: |
spkproxy1.0.tar.gz |
Description:
|
SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included.
| | Author: | Dave Aitel | | Homepage: | http://www.immunitysec.com/spike.html | | File Size: | 16436 | | Last Modified: | Jul 15 03:18:41 2002 |
| MD5 Checksum: | 8bf40cc6cecfff2da3663229ce715a79 |
|
| /// File Name: |
elfsh-0.43b-portable.tgz |
Description:
|
Elf Shell v0.43b-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable. Sample output here.
| | Author: | Mayhem | | Homepage: | http://devhell.org/~mayhem | | Changes: | Bigger testsuite, documentation improved, minor bugs and typo fixed, Improved portability - still working on Redhat, Debian, Slackware Linux, NetBSD and FreeBSD current. | | File Size: | 101978 | | Last Modified: | Jul 6 10:00:45 2002 |
| MD5 Checksum: | 328d567e1f0f6c0411ccf51c5ea57a4f |
|
| /// File Name: |
examiner-0.4.tar.gz |
Description:
|
The Examiner is a tool to analyze foreign binary executables. The goal of is to be able to get output similar to strace without executing the binary in question. Uses the objdump command to disassemble and comment binaries. This tool was designed for forensic purposes but could be used for basic reverse-engineering goals as well.
| | Author: | Craig Smith | | Homepage: | http://AcademicUnderground.org/examiner | | File Size: | 23248 | | Last Modified: | Jul 4 10:24:30 2002 |
| MD5 Checksum: | b54af6041cacbbdea2ecb0ed95bce2b1 |
|
| /// File Name: |
elfsh-0.43a.tgz |
Description:
|
Unavailable.
| | File Size: | 171524 | | Last Modified: | Jun 3 07:56:31 2002 |
| MD5 Checksum: | 49dee4f85a2bf8fd8599fdd7ae32bb6f |
|
| /// File Name: |
fenris-0.2.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Many fixes, new fingerprints, op5ionw and several optimizations. | | File Size: | 627018 | | Last Modified: | May 15 07:06:56 2002 |
| MD5 Checksum: | 24ee1e381afc257d01778820be79d88d |
|
| /// File Name: |
elfsh-0.39b.tgz |
Description:
|
Unavailable.
| | File Size: | 136419 | | Last Modified: | Mar 4 18:00:48 2002 |
| MD5 Checksum: | 5490f25e1c75932334959b5ce29c3634 |
|
| /// File Name: |
bastard-0.14.tgz |
Description:
|
A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
| | Homepage: | http://bastard.sourceforge.net | | Changes: | Bugs in the disassembler (disp32, 0x0F bugs) have been fixed. A GUI frontend has been added to the main Makefile, and autogen/configure has been replaced with more simple, more reliable Makefiles. | | File Size: | 1186234 | | Last Modified: | Dec 9 05:23:07 2001 |
| MD5 Checksum: | b3ccebb3fab7124cfd58ecf43782c7c2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
