Wiki: Tools

WARNING: Wiki content is an archive, no promise about quality!

Please choose a tutorial page:

This page will discuss some important and recommended tools for reverse engineering and hack-writing. Some of these are free, and others are commercial. The only way to get commercial tools is by buying them, don't even think of finding a torrent.

If you know of any other tools that belong here, you're free to edit this page and add them.

Disassemblers

IDA is definitely the best disassembler around. Unfortunately it has a high price-tag, but it's well worth it. It's the program I'll be using throughout the guides here. It does a ton of analysis on the code, including naming variables used for library functions. It also keeps track of stack and local variables for you, with reasonable accuracy. Additionally, you can add your own comments and name variables yourself. It's really an amazing program, I highly recommend it.

W32Dasm is free to download, and works well for a basic disassembler. The more difficult part about using W32Dasm is keeping track of stack variables. But if you can't afford IDA, it might be helpful.

objdump is a very simple disassembler that generally comes with Linux. The command "objdump -d [filename]" outputs the assembly for the function:

ron@slayer:~$ objdump -d test | head

test:     file format elf32-i386

Disassembly of section .init:

08048278 <_init>:
 8048278:       55                      push   %ebp
 8048279:       89 e5                   mov    %esp,%ebp
 804827b:       83 ec 08                sub    $0x8,%esp
 804827e:       e8 61 00 00 00          call   80482e4 <call_gmon_start>

Debuggers

This is the debugger that I typically use, although I'm not a huge fan of it. The interface is non-intuitive and difficult to use, and it's often a hassle. However, that being said, it's the best free debugger, and it's very powerful.

In addition to being a first-class disassembler, IDA also has a built-in debugger. I haven't really used it, so I can't really say much.

gdb is the free GNU debugger that normally comes with Linux. It will be used for some examples here.

Probably one of the most used debugger in Windows, OllyDbg has a very intuitive user interface.

Probably the best and most known kernel mode debugger, SoftICE provides a machine level debugging, but unfortunately, it isn't user friendly and is now discontinued.

An OllyDbg look with python scripting, made by and for the security oriented people (Fuzzer's + Exploits). Simple to use and comes with a graphical engine, and is free.

Memory Editors

TSearch is a nice, free program to search and edit memory. It also has a very limited built-in debugger. Unfortunately, the official site is dead and it's no longer being maintained, which is unfortunate because it is such a nice program.

Same as above but just is a little bit different.

Compilers

  • Microsoft Visual Studio

Although I don't like it, I develop hack-type programs in Visual Studio. Using special Windows functions is required, and I haven't figured out how to do that in any other compiler.

gcc is the free compiler that generally comes with Linux. I use this to compile most examples that I don't indicate as Visual Studio-specific. However, the code I write for gcc should also compile in Visual Studio, I just use gcc because it's quicker and more comfortable for me.

Questions

Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.