BugChecker is a single-host kernel debugger for the Microsoft Windows 2000 and XP operating systems. "Single-host" means that the debugger and the debuggee (in this case the whole system, comprehensive of the kernel, hal, device drivers and user applications) can be debugged on a single machine, without the need of a second computer running the debugger application. "Kernel debugger", as the name suggests, is a program that allows to "trace" inside the system kernel, setting breakpoints and the like as you would do when debugging a normal user application.

Read more

A Decompiler for Clipper S87 & CA-Clipper 5. Supports CA-Clipper 5.0 through 5.2

Read more

Flasm disassembles your entire SWF including all the timelines and events. Looking at disassembly, you learn how the Flash compiler works, which improves your ActionScript skills. You can also do some optimizations on the disassembled code by hand or adjust the code as you wish. Flasm then applies your changes to the original SWF, replacing original actions.

Read more

Flare processes an SWF and extracts all scripts from it. The output is written to a single text file. Only ActionScript is extracted, no text or images. Flare is freeware. Windows, Mac OS X and Linux versions are available. The main purpose of decompiler is to help you recover your own lost source code. However, there are other uses, like finding out how a component works, or trying to understand poorly documented interface. Depending on where you live, some of them may be forbidden by law. It's your responsibility to make sure you don't break the law using Flare.

Read more

Read more

Visual DuxDebugger is a debugger disassembler for Windows 64 bits, it is the first version so it is still very simple, but it has some features that others debuggers doesn’t have, it debugs multiple processes and debugs multiple child processes, but may be the most interesting feature is the “Detour System”. The current disadvantage is that only debugs 64 bits software, but it is a long term project and surely in a close future 64 bits software will be more common.

Read more

RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind: Easy to use - a user with little to no computer experience should be able to use it. Powerful - it should be able to detect all publicly available rootkits. Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer. Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself. Currently, RootRepeal includes the following features: Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk. Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files. Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked. SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked. Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms. Hidden Services Scan - scans for hidden system services. Shadow SSDT Scan - counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions. * - falsified files are files which have their size mis-reported to the Windows API. Some rootkits use this to hide data.

Read more

RDG Packer Detector is a file detector for exe packers, cryptors, scrabmlers, linkers, file joiners and installers.

Read more

FastScanner is a Detector for most packers, cryptors and compilers for PE Files Programmed in ASM and designed for ýfast access to most needed plugins.

Read more

SysAnalyzer is an application that was designed to give malcode analysts an automated tool to quickly collect, compare, and report on the actions a binary took while running on the system. The main components of SysAnalyzer work off of comparing snapshots of the system over a user specified time interval. The reason a snapshot mechanism was used compared to a live logging implementation is to reduce the amount of data that analysts must wade through when conducting their analysis. By using a snapshot system, we can effectively present viewers with only the persistent changes found on the system since the application was first run. While this mechanism does help to eliminate allot of the possible noise caused by other applications, or inconsequential runtime nuances, it also opens up the possibility for missing key data. Because of this SysAnalyzer also gives the analyst the option to include several forms of live logging into the analysis procedure.

Read more

The free, open-source, Unix administrative tool lsof (for LiSt Open Files) displays information about files open to Unix processes. It runs on many Unix dialects, including FreeBSD, and its home site ftp server is at lsof.itap.purdue.edu.

Read more

Opening Files FileInsight allows to open files for analysis both directly from the local harddisk, using the Open toolbar button, or by typing a URL into the Web toolbar and clicking the Get button (see screenshot below to the left). Files are displayed in either textual or hexadecimal format, which can be toggled easily via the View as Hex and View as Text toolbar buttons.

Read more

Groovy Hex Editor is an editor for editing binary files. It's compatible with any type of file, including text documents, save game files, program executables, data files, etc. I've tried to make Groovy Hex Editor very easy to use, and give it a user friendly and cool looking color scheme. You can download it for free, and try it out for an unlimited period of time.

Read more

Free Hex Editor Neo is award-winning large files optimized freeware editor for everyone who works with ASCII, hex, decimal, float, double and binary data. Freeware Hex Editor Neo allows you to view, modify, analyze your hexadecimal data and binary files, edit, exchange data with other applications through the clipboard, insert new data and delete existing data, as well as perform other editing actions. Make patches with just two mouse clicks; manipulate your EXE, DLL, DAT, AVI, MP3, JPG files with unlimited undo/redo. Taste the visual operation history with branching. This hex and binary code data editing software utility for Windows includes the following basic functionality: Unlimited Undo/Redo; Find; Replace; Visual History Save and Load; Patch Creation; Clipboard Operations; Bytes, Words, Double Words, Quad Words, Floats and Doubles Edit Mode.

Read more

ASHE is a tool to help analyze the structure of any type of disk file. It allows locating and modifying any type of data in a file quickly and easily. Once the structure of a file has been identified, routine changes to the file can be scripted using the integrated scripting engine. Scripts can then be shared with any other ASHE user with a similar need.

Read more

The Customiser allows you to set the position and size of any window, button or other control and set the text of these controls. These changes can be permanently saved for any application and readily undone when desired. You can also set The Customiser to automatically press those annoying extra buttons you have to press when you go through a certain procedure, like OK buttons that you always press and wish you could automate.

Read more

Utility to control all objects that you see in Windows screen (text, combo boxes, buttons, pictures...). You will be able to enable disabled objects, to hide buttons, to modify menus... Useful utility for programmers who need object's handle.

Read more

Process Hacker is a feature-packed tool for manipulating processes and services on your computer.

Read more

PHRACK MAGAZINE is one of the longest running electronic magazines in existence. Since 1985, PHRACK MAGAZINE has been providing the hacker community with information on operating systems, network technologies and telephony, as well as relaying features of interest for the international computer underground. PHRACK MAGAZINE is made available to the public, as often as possible, free of charge.

Read more

Read more

Java Overall Editor is a complex editor and viewer for compiled java binaries (.class files). Main features includes: Viewer for: constant pool, methods, fields and various attributes Editor for: constant pool items and bytecode

Read more

I currently work for Sabre Security in Bochum, Germany. Up to November 2005 I worked for F-Secure Corporation as an Anti-Virus Researcher in the research Lab in San Jose, CA. The company's headquarters are located in Helsinki, Finland where I spent my first years in the company. My work and main interests consist of developing reverse engineering tools and research on reverse engineering automation among some other things. I'm a member of the AntiVirus Emergency Discussion Network (AVED)

Read more

This blog will feature posts on a number of recurring themes , including: Online Crime Investigations: A major focus of my work over the past half decade has been to highlight individuals, networks and entities that — according to multiple sources — appear to facilitate or directly participate in illicit activity online. This blog will continue that tradition. Latest Threats: Every now and then, the bad guys work out a clever new wrinkle in an old scam, or an ingenious way of attacking Internet users. Count on these type of entries to pop up quite a bit, including tips on how to protect yourself. Security Updates: Like it or not, security is a process, not some set-it-and-forget it task. Malicious hackers by and large are an opportunistic lot: They prey on the lazy, casual and uninformed users, such as those who neglect to update their PDF reader software, or routinely play audio and movie files with media software that hasn’t been updated in a while. In the spirit of the Security Fix blog, krebsonsecurity.com will periodically point to the availability of new critical security updates for widely-used software. Data Breaches: I’ll be writing about the big ones, and hopefully continuing to break news about breaches that haven’t yet been reported publicly. Cyber Justice: Because it’s gratifying to read about people responsible for this crap getting busted or locked up.

Read more

Computer security, reverse engineering, antivirus development, game programming, gsm telephony, martial arts, life and everything.

Read more

Generally we prefer to focus on Binary Analysis and Reverse Engineering, however I'm sure there's something everyone can enjoy!

Read more

As far as I recall, subjects related to programming (C, C++, x86 assembler, Python and so on), reverse engineering, malware analysis (just like the one before), Bughunting (again!), NT OS internals research etc. are the things I spend most of my life on. When it comes to real life things, I prefer reading horror books (Kings rulz), taking

Read more

Reverse engineering, exploits, programming, game development and many more.

Read more

Packers and protectors, antidebugging tricks, assembler.

Read more

I am a professional security researcher who enjoys working with vulnerabilities. I am fascinated by what causes vulnerable code and the methods used to exploit these flaws.

Read more

Reverse engineering, antidebugging, anti-hack tricks for the games.

Read more

This is my humble attempt at sharing questions, ideas, interesting topics and filthy pictures I stumble upon while doing what I do best (and most) – all sorts of geek stuff. I like programming, reverse engineering and playing games (no particular order).

Read more

ReversingLabs has been founded with the goal to provide the best file analysis tools and the best software protection tools. Our expertise in building superior software reversing tools, gives ReversingLabs a unique background for creating superior software protection tools. Reverse Engineering is an Art where the most complex protection schemas are the least publicly available. Our tools enable the security industry, governments and research institutions to rapidly and effectively reduce the spread of malware.

Read more

Reverse engineering blog by HexRay's employee - Daniel Pistelli, .net reversing, CFF Explorer notes and more.

Read more

Blog about malware, packers and reverse engineering.

Read more

Code, hacks, security, RE, misc...

Read more

These tutorials are made to pass on the knowledge to those just starting out.

Read more

Resourcer is a powerful and flexible resource editor for Microsoft Windows that features full x64 and Vista/Win7 support, in addition to PNG icons and is also free and open-source (GPL).

Read more

Daniel Reynaud is currently a PhD student in France, in the computer security team of the Loria lab in the mostly harmless city of Nancy. His research focuses on computer viruses and more generally the reverse engineering of malware.

Read more

Read more

Emulation engines, antidebugging tricks, virtualization.

Read more

The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions. JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.

Read more

Reverse engineering articles, anti-debugging tricks, many unpublished tips&tricks.

Read more

FlexHex is a hex editor program specially designed to help you securely edit binary files, OLE compound files, logical devices, and physical drives. Specifically, FlexHEX supports sparse files and Alternate Data Streams of files on any NTFS volume.

Read more

Resource Tuner Console is a CLI tool that enables developers to automate editing of resources in Windows 32- and 64-bit executables. This command-line resource editor allows creating a repeatable process for updating and customizing resources during the post build process.

Read more

Extensive article about Live Messenger applied research in the field of plugin development, entitled “Windows Live Messenger Plugin Development Bible” at the CodeProject website.The article carefully explains several reversing and hooking techniques to extend the application functionality:- Proxy DLL implementation- API hooking through our Trappola library- Applied window subclassing to add ’skinned’ window classes- Runtime resource addition and modification (i.e. toolbar bu

Read more

Mike Melanson's blog on multimedia technology and reverse engineering.

Read more

JWasm is a MASM v6 compatible assembler. It's a fork of Open Watcom's WASM and released under the Sybase Open Watcom Public License, which allows free commercial and non-commercial use. JWasm is written in C, source code is open.

Read more

Homepage of Yates. Cryptography, Reverse Engineering, System Programming , Tutorials, Hooking, API , CD protections, System Hooking, RSA, PE File Format.

Read more

Greg Hoglund's blog about rootkit technologies, information security and reverse engineering.

Read more

ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

Read more

Threat Research & Response Blog

Read more

Launched in 2007, the Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks.

Read more

Ruben Santamarta is an european security researcher.

Read more

VMachine is a PC emulator, a recreation of a PC in software. Running on your PC, it creates a completely separate virtual machine. This allows you to run multiple operating systems concurrently on a single machine, giving you the ability to test software on multiple configurations, perform potentially risky operations in an isolated environment or simply indulge in some retro gaming. Source codes included.

Read more

All AntiRootkit,Rootkit,Virus And AntiVirus.

Read more

Hexprobe is a professional hex editor for manipulating binary files, disk drives, and system processes.

Read more

C++ Reference, Tutorials, Examples.

Read more

A great manual for C/C++ standard libraries

Read more

Pelles C is a lcc-based C compiler and IDE for Windows

Read more

GNU Compiler Collection native port for Windows (C, C++, Java, and other)

Read more

Digital Mars C and C++ Compilers for Win32, Win16, DOS32 and DOS.

Read more

The D language is statically typed and compiles directly to machine code. It's multiparadigm, supporting many programming styles: imperative, object oriented, and metaprogramming. It's a member of the C syntax family, and its appearance is very similar to that of C++.

Read more

VectorC is a C/C++ compiler platform designed to be retargeted to suit particular processor architectures. It is a unique piece of compiler technology allowing easy and quick development of high-performance applications.

Read more

Free for non-commercial purposes C compiler for Windows.

Read more

The TMT Pascal compiler is a fast compiler for the Pascal language. The compiler emits 32-bit code and supports many language extensions from Borland Pascal (BP), as well as more powerful new extensions.

Read more

Free Pascal (aka FPK Pascal) is a 32 and 64 bit professional Pascal compiler. It is available for different processors: Intel x86, Amd64/x86_64, PowerPC, PowerPC64, Sparc, ARM.

Read more

Borland Delphi is a software development package created by Borland, and now owned by Borland's subsidiary, CodeGear

Read more

Fresh is a visual assembly language IDE with built-in FASM assembler. The main goal of Fresh is to make programming in assembly as fast and efficient as in other visual languages, without sacrificing the small application size and the raw power of assembly language.

Read more

Easy Code is the visual assembly programming environment made to build 32-bit Windows applications. The Easy Code interface, looking like Visual Basic, allows you to program a Windows assembler application done in an easy way as was never possible before.

Read more

WinAsm Studio is a free Integrated Development Environment IDE for developing 32-bit Windows and 16-bit DOS programs using the Assembler. The Microsoft Macro Assembler (MASM) is supported inherently, while the FASM Add-In adds support for FASM and other assemblers.

Read more

Application which can detect most protection systems. Mainly detects CD/DVD protection systems like SecuRom, StarForce, SafeDisc, Tages. Also it can detect many different protectors, packers for PE file format

Read more

Bus Hound is the premier software bus analyzer for capturing I/O, protocol, and performance measurements. You can also send your own custom commands from a graphical interface. Because Bus Hound is a 100% software product, it is especially suited to inspecting host side protocol. The tables below illustrate Bus Hound's capabilities.

Read more

Portmon is a utility that monitors and displays all serial and parallel port activity on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way Windows works, seeing how applications use ports, or tracking down problems in system or application configurations.

Read more

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude.

Read more

Blog from the threat research team at ThreatFire.

Read more

DarkBASIC is a commercial game creation programming language released by the United Kingdom based company The Game Creators. The language is a structured form of BASIC and is similar to AMOS on the Amiga. The purpose of the language is game creation using Microsoft's DirectX from a BASIC programming language.

Read more

PowerBASIC is the brand of several commercial compilers by Venice, Florida-based PowerBASIC Inc. that compile a dialect of the BASIC programming language with a syntax similar to that of QBasic and QuickBASIC.

Read more

PureBasic is a programming language based on established BASIC rules. The key features of PureBasic are portability (Windows, AmigaOS and Linux are currently fully supported), the production of very fast and highly optimized executables and, of course, the very simple BASIC syntax.

Read more

Blitz3D, BlitzMax and BlitzPlus - a basic language based developement solutions.

Read more

FreeBASIC is a completely free, open-source, 32-bit BASIC compiler, with the syntax the most compatible possible with MS-QuickBASIC, that adds new features such as pointers, unsigned data types, inline-assembly and many others.

Read more

Visual Basic is a tool for productively building type-safe and object-oriented applications. It allows developers to create a wide range of Windows, Web, mobile, and Office applications built on the .NET Framework.

Read more

The Netwide Assembler, NASM, is an 80x86 and x86-64 assembler designed for portability and modularity. It supports a range of object file formats, including Linux and *BSD a.out, ELF, COFF, Mach-O, Microsoft 16-bit OBJ, Win32 and Win64. It will also output plain binary files. It supports from the upto and including Pentium, P6, MMX, 3DNow!, SSE, SSE2, SSE3 and x64 opcodes.

Read more

Yasm currently supports the x86 and AMD64 instruction sets, accepts NASM and GAS assembler syntaxes, outputs binary, ELF32, ELF64, 32 and 64-bit Mach-O, RDOFF2, COFF, Win32, and Win64 object formats, and generates source debugging information in STABS, DWARF 2, and CodeView 8 formats.

Read more

FASM is an open source assembly language compiler for x86 and x86-64 processors (this includes the AMD64 and Intel EM64T architectures).

Read more

MASM32 version 9 is a working development for programmers who are interested in either learning or writing 32 bit Microsoft assembler (MASM).

Read more

Diary of a programmer, journal of a hacker.

Read more

HHD Software Free Hex Editor Neo - Free Binary File Editing Utility. Freeware for Windows with Text Viewer, Advanced Search and Replace, Debug Features.

Read more

HxD is a carefully designed and fast hex editor including raw disk editing, modifying foreign RAM and handling files of any size.

Read more

Cygnus Hex Editor is a powerful file editor for Microsoft Windows.

Read more

A new generation of hex editor capable of parsing a binary file into a data structure for easy editing.

Read more

Antirootkit Software, News, Articles and Forums.

Read more

TatraDAS is disassembler of x86 executables which supports PE, NE, MZ, COM, ELF and binary file formats. It includes disassembler, text viewer with syntax highlighting.

Read more

diStorm is a binary stream disassembler. It's capable of disassembling 80x86 instructions in 64 bits (AMD64, x86-64) and both in 16 and 32 bits. In addition, it disassembles FPU, MMX, SSE, SSE2, SSE3 and 3DNow! (w/ extensions) and new x86-64 instruction sets.

Read more

File scanner/analyzer.

Read more

The company offers a wide range of virtualization and automation solutions to help individuals and organizations of all sizes realize the benefits of optimized computing.

Read more

Bochs is a highly portable open source IA-32 (x86) PC emulator written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS. Currently, Bochs can be compiled to emulate a 386, 486, Pentium/PentiumII/PentiumIII/Pentium4 or x86-64 CPU including optional MMX, SSEx and 3DNow! instructions.

Read more

Read more

Virtual PC lets you create separate virtual machines on your Windows desktop, each of which virtualizes the hardware of a complete physical computer. Use virtual machines to run operating systems such as MS-DOS, Windows, and OS/2. You can run multiple operating systems at once on a single physical computer and switch between them as easily as switching applications—instantly, with a mouse click.

Read more

VMware develops virtualization software products for x86-compatible computers, including both commercially-available and freeware versions.

Read more

Virtual machines detection, articles with malware analysis for Virus Bulletin.

Read more