Section: .. / linux / reverse-engineering /
| /// File Name: |
anti-anti-dbg.c |
Description:
|
anti-anti-debug is a Linux kernel module that is used to stop the technique currently implemented into closed source Linux binaries that disallow or restrict debugging and tracing with tools like gdb and strace.
| | Author: | SLACKo | | File Size: | 1028 | | Last Modified: | Nov 2 22:50:00 2002 |
| MD5 Checksum: | 493e3fcae4f98e41bdf3da4e042f4bd4 |
|
| /// File Name: |
anti-ptrace.txt |
Description:
|
Linux LKM that disables ptrace abilities in the 2.4.x kernels.
| | Author: | sacrine | | Homepage: | http://www.netric.org/ | | File Size: | 2359 | | Last Modified: | Apr 16 08:24:37 2003 |
| MD5 Checksum: | 733b5e9e6be20f03180a6fce8f8f6c07 |
|
| /// File Name: |
bastard-0.08.tgz |
Description:
|
A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
| | Homepage: | http://bastard.sourceforge.net | | Changes: | The base functionality is there, but the code is not complete. The program depends upon: libreadline [not included], typhoon RDB [included], and seer interpreter [included]. Basic [non-FPU, non-MMX, etc] x86 instructions are supported. Work is currently being done on adding higher-level disassembly[/decompilation] features. As of .08, address naming, subroutine recognition, xrefs, and library imports are functional. Strings are 'in the works.' Documentation is sparse. | | File Size: | 1825231 | | Last Modified: | Apr 15 20:53:26 2001 |
| MD5 Checksum: | 12d9b2989602954eb53a2ed64f701623 |
|
| /// File Name: |
bastard-0.14.tgz |
Description:
|
A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
| | Homepage: | http://bastard.sourceforge.net | | Changes: | Bugs in the disassembler (disp32, 0x0F bugs) have been fixed. A GUI frontend has been added to the main Makefile, and autogen/configure has been replaced with more simple, more reliable Makefiles. | | File Size: | 1186234 | | Last Modified: | Dec 9 05:23:07 2001 |
| MD5 Checksum: | b3ccebb3fab7124cfd58ecf43782c7c2 |
|
| /// File Name: |
bastard_src-0.10.tgz |
Description:
|
A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
| | Homepage: | http://bastard.sourceforge.net | | Changes: | Added extensions (modules for CPU, assembler, source language, and also plugins). Wrote a basic Tk frontend, and added support for structures. | | File Size: | 1206277 | | Last Modified: | Sep 3 23:12:14 2001 |
| MD5 Checksum: | d9da18ea56712f37e641bda4019cea79 |
|
| /// File Name: |
biew-520.tar.bz2 |
Description:
|
Biew is Binary vIEWer with built-in editor for binary, hexadecimal and disassembler modes. It contains a PentiumIII/K7Athlon/Cyrix-M2 disassembler, full preview of MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff executable formats, a code guider, a text viewer with russian codepages support, and many other features.
| | Author: | Nick Kurshev | | Homepage: | http://biew.sourceforge.net | | Changes: | A Pentium IV disassembler, improved documentation, and lots of various enhancements and bugfixes. | | File Size: | 424983 | | Last Modified: | Oct 31 00:38:49 2000 |
| MD5 Checksum: | fa1a992ce9abd7538e7fc4ac23023c4d |
|
| /// File Name: |
biew500.tar.bz2 |
Description:
|
The best of the Linux hexeditors, with integrated assembler and disassembler.
| | Author: | Nick Kurshev | | Homepage: | http://biew.sourceforge.net | | File Size: | 259820 | | Last Modified: | Feb 17 21:55:18 2000 |
| MD5 Checksum: | e1b4b6b7f3a83ed1e28c3396d33b3a2e |
|
| /// File Name: |
biew501.tar.bz2 |
Description:
|
Biew is Binary vIEWer with built-in editor for binary, hexadecimal and disassembler modes. It contains a PentiumIII/K7Athlon/Cyrix-M2 disassembler, full preview of MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff executable formats, a code guider, a text viewer with russian codepages support, and many other features.
| | Author: | Nick Kurshev | | Homepage: | http://biew.sourceforge.net | | File Size: | 260701 | | Last Modified: | Mar 4 03:56:21 2000 |
| MD5 Checksum: | b2ce070901ee1e0b2949a595bf3c087f |
|
| /// File Name: |
biew503.tar.bz2 |
Description:
|
Biew is Binary vIEWer with built-in editor for binary, hexadecimal and disassembler modes. It contains a PentiumIII/K7Athlon/Cyrix-M2 disassembler, full preview of MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff executable formats, a code guider, a text viewer with russian codepages support, and many other features.
| | Author: | Nick Kurshev | | Homepage: | http://biew.sourceforge.net | | Changes: | Mouse reporting on xterms, eterm improvements, and bug fixes. | | File Size: | 278725 | | Last Modified: | Apr 1 05:05:00 2000 |
| MD5 Checksum: | b7897ccd5e64bb0c3b63c00ca2e8eb28 |
|
| /// File Name: |
biew511.tar.bz2 |
Description:
|
Biew is Binary vIEWer with built-in editor for binary, hexadecimal and disassembler modes. It contains a PentiumIII/K7Athlon/Cyrix-M2 disassembler, full preview of MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff executable formats, a code guider, a text viewer with russian codepages support, and many other features.
| | Author: | Nick Kurshev | | Homepage: | http://biew.sourceforge.net | | Changes: | Bugfixes, minor changes and optimizations, and a Watcom C and DOS/4GW port. | | File Size: | 364990 | | Last Modified: | Jun 24 02:19:40 2000 |
| MD5 Checksum: | 4bfc1ad694c81e85739608366d071acc |
|
| /// File Name: |
cscope-13.0-2.tar.gz |
Description:
|
cscope is an interactive, screen-oriented tool that allows the user to browse through C source files for specified elements of code. The current version allows searching code for all references to a symbol, global definitions, functions called by a function, functions calling a function, test string, regular expression pattern, a file, and files including a file.
| | Author: | Petr Sofra | | Homepage: | http://cscope.sourceforge.net/ | | Changes: | Supprts more architectures. | | File Size: | 74346 | | Last Modified: | May 17 02:46:33 2000 |
| MD5 Checksum: | c727eff70fddfee73754537b6be39597 |
|
| /// File Name: |
dasm |
Description:
|
A script to parse output from the objdump binutil and write in cross refrences (read: Linux disassembler!)
| | Author: | SiuL+Hacky | | Homepage: | http://huclinux.cjb.net/ | | File Size: | 4148 | | Last Modified: | Feb 17 21:55:18 2000 |
| MD5 Checksum: | 50b1b294bd266950a463e0364d72581b |
|
| /// File Name: |
debauch-0.5.tar.gz |
Description:
|
Debauch is a memory allocation debugger for C which has been modified from memleak from the XFree86 project. The debugger will detect memory leaks, corrupted memory, stores to freed memory and more. Best of all, it doesn't require recompiling or relinking existing programs to work, making it ideal for finding leaks even in shared libraries. Currently debauch works on Linux systems. Preliminary ports for BSD, MIPS and Sun architectures are available but may not work properly at present.
| | Homepage: | http://quorum.tamu.edu/jon/gnu/ | | File Size: | 41212 | | Last Modified: | Jun 21 18:47:01 2000 |
| MD5 Checksum: | 08f07f86b6a5875db718fffb76c83723 |
|
| /// File Name: |
elf-0.5.4p1.tar.gz |
Description:
|
elf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more.
| | Author: | Samy | | Homepage: | http://www.kerneled.org/projects/elf/ | | File Size: | 48076 | | Last Modified: | Sep 9 07:26:18 2004 |
| MD5 Checksum: | 764d94eaa8f4ef6bdd12994a507fd9fc |
|
| /// File Name: |
elfsh-0.39b.tgz |
Description:
|
Unavailable.
| | File Size: | 136419 | | Last Modified: | Mar 4 18:00:48 2002 |
| MD5 Checksum: | 5490f25e1c75932334959b5ce29c3634 |
|
| /// File Name: |
elfsh-0.43a.tgz |
Description:
|
Unavailable.
| | File Size: | 171524 | | Last Modified: | Jun 3 07:56:31 2002 |
| MD5 Checksum: | 49dee4f85a2bf8fd8599fdd7ae32bb6f |
|
| /// File Name: |
elfsh-0.43b-portable.tgz |
Description:
|
Elf Shell v0.43b-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable. Sample output here.
| | Author: | Mayhem | | Homepage: | http://devhell.org/~mayhem | | Changes: | Bigger testsuite, documentation improved, minor bugs and typo fixed, Improved portability - still working on Redhat, Debian, Slackware Linux, NetBSD and FreeBSD current. | | File Size: | 101978 | | Last Modified: | Jul 6 10:00:45 2002 |
| MD5 Checksum: | 328d567e1f0f6c0411ccf51c5ea57a4f |
|
| /// File Name: |
elfsh-0.51b3-portable.tgz |
Description:
|
Elf Shell v0.51b3-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable.
| | Author: | mayhem | | Homepage: | http://elfsh.devhell.org/ | | Changes: | It works on Linux, NetBSD, FreeBSD, and Solaris for the INTEL and SPARC architectures. It provides ET_REL injection into ET_EXEC for both arch, and INTEL control flow graphs, as well as a lot of new improvements, as featured lastly in The Cerberus ELF interface article in phrack #61. | | File Size: | 136679 | | Last Modified: | Sep 13 08:32:48 2003 |
| MD5 Checksum: | e8073d475e82dc911a7ebfa6f2567719 |
|
| /// File Name: |
elfsh-0.5b6-pre1-LINUX.tgz |
Description:
|
Unavailable.
| | File Size: | 266678 | | Last Modified: | Mar 27 09:49:20 2003 |
| MD5 Checksum: | fe9f3735511c7910cf35b7c2a9408ace |
|
| /// File Name: |
elfsh-0.5b8-linux.tgz |
Description:
|
Unavailable.
| | File Size: | 145327 | | Last Modified: | May 23 17:54:49 2003 |
| MD5 Checksum: | 40109b53481ca28c7f708834fe19e765 |
|
| /// File Name: |
examiner-0.4.tar.gz |
Description:
|
The Examiner is a tool to analyze foreign binary executables. The goal of is to be able to get output similar to strace without executing the binary in question. Uses the objdump command to disassemble and comment binaries. This tool was designed for forensic purposes but could be used for basic reverse-engineering goals as well.
| | Author: | Craig Smith | | Homepage: | http://AcademicUnderground.org/examiner | | File Size: | 23248 | | Last Modified: | Jul 4 10:24:30 2002 |
| MD5 Checksum: | b54af6041cacbbdea2ecb0ed95bce2b1 |
|
| /// File Name: |
exectrace-v0.1.tar.gz |
Description:
|
ExecTrace is a linux only debugging tool that logs to a file the execution path of a child process using ptrace. This is good when you have a program that continually segfaults and you want to know where and why.
| | File Size: | 10917 | | Last Modified: | Apr 2 22:23:00 2000 |
| MD5 Checksum: | f6a5338e4cad46857cdb3725686c98cf |
|
| /// File Name: |
fenris-0.2.tgz |
Description:
|
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
| | Author: | Michal Zalewski | | Homepage: | http://razor.bindview.com/tools/fenris/ | | Changes: | Many fixes, new fingerprints, op5ionw and several optimizations. | | File Size: | 627018 | | Last Modified: | May 15 07:06:56 2002 |
| MD5 Checksum: | 24ee1e381afc257d01778820be79d88d |
|
| /// File Name: |
gvd-1.0.1-linux.gz |
Description:
|
GVD is a general purpose graphical debugger frontend. It features advanced data display and visualization capabilities, and allows the debugging of multi-process/multi-threaded applications in the same debugging session. GVD works with native and cross-debuggers and can handle several languages in the same debugging session and the same application. C and Ada are supported. GVD can run on a host different from the machine where the debugger is running and provides friendly support for cross-debuggers (VxWorks, Lynx, etc.). For instance, you can use Linux or Windows to debug an application running on a Power PC board with a debugger running on a Sun workstation.
| | Homepage: | http://libre.act-europe.fr | | File Size: | 1080416 | | Last Modified: | Dec 2 21:47:55 2000 |
| MD5 Checksum: | d5a4f12782f729048d9b1af98f4725e9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
