RR0D is a ring 0 debugger. It offers the possibility to debug any kind of code (kernel/user/rasta land). Its philosophy is to be OS independent. That's why RR0D can today be installed on Linux, *BSD, Wind0ws.

Read more

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

Read more

This document specifies the structure of executable (image) files and object files under the Microsoft Windows family of operating systems. These files are referred to as Portable Executable (PE) and Common Object File Format (COFF) files respectively.

Read more

Assembler implementations of cryptographic algorithms, crypto tools and also crypto crackmes.

Read more

Alex is a kernel developer, reverse engineer, and Microsoft Student Ambassador. This blog shares Alex’s views and news on Technology, OS Development and Reverse Engineering.

Read more

A Tour of the Win32 Portable Executable File Format by Matt Pietrek.

Read more

A Reverse Engineer's Blog.

Read more

Syser Debugger is designed for Windows NT Family based on X86 platform. It is a core-level debugger with full-graphical interfaces and supports assembly debugging and source code debugging.

Read more

Diary of a programmer, journal of a hacker.

Read more

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free.

Read more

This site primary mirrors my interests on low level stuff like reverse engineering, malware and rootkit research, debugging and troubleshooting applications, as well as software protections and its concepts.

Read more

ReFox is a multi-purpose and easy-to-use utility for viewing and restoring source code from Visual FoxPro 9.0, VFP 8.0, VFP 7.0, VFP 6.0, VFP 5.0, VFP 3.0, FoxPro 2.x, FoxPro 1 and FoxBASE+ compiled modules and executables. The ReFox decompiler is able to decompile standard and encrypted Fox compiled modules for the purpose of source code recovery.

Read more

REC is a portable reverse engineering compiler, or decompiler. It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.

Read more

Uninformed is a technical outlet for research in areas pertaining to security technologies, reverse engineering, and lowlevel programming. The goal, as the name implies, is to act as a medium for informing the uninformed. The research presented here is simply an example of the evolutionary thought that affects all academic and professional disciplines.

Read more

OpenRCE aims to serve as a centralized resource for reverse engineers (currently heavily win32/security/malcode biased) by hosting files, blogs, forums articles and more.

Read more

Adventures in Windows debugging and reverse engineering.

Read more

You can use Debugging Tools for Windows to debug drivers, applications, and services on systems running Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 as well as for debugging the operating system itself. Versions of the Debugging Tools for Windows package are available for 32-bit x86, native Intel Itanium, and native x64 platforms.

Read more

The Executable and Linking Format was originally developed and published by UNIX System Laboratories (USL) as part of the Application Binary Interface (ABI). The Tool Interface Standards committee (TIS) has selected the evolving ELF standard as a portable object file format that works on 32-bit Intel Architecture environments for a variety of operating systems.

Read more

At this moment the debugger supports a several number of debugging formats used by compilers of two most known companies - Borland and Microsoft.

Read more

The official blog of Joanna Rutkowska, new rootkit technologies.

Read more

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude.

Read more

Linice is an Intel x86-based, Linux source-level kernel debugger with the look and feel of SoftIce for MS Windows. Linice is designed to be used by the people who have SoftIce experience. Linice provides a major subset of SoftIce commands, and adds a few new ones.

Read more

This blog provides information about what's happening in the anti-malware technology team at Microsoft. We're the team that builds the core antivirus, antispyware, anti-rootkit, and related technology, which is then used across a number of Microsoft products and technologies.

Read more

Mike Melanson's blog on multimedia technology and reverse engineering.

Read more

ESET's blog about new threats in malware world.

Read more

http://blog.trendmicro.com/

Read more

About IDA Pro, decompilation, programming, binary program anylasis, information security.

Read more

DVLabs blog.

Read more

The Analyst's Diary is a weblog maintained by virus analysts from Kaspersky Lab headed by Eugene Kaspersky. Find out more about the authors of this weblog.

Read more

Offensive Computing, LLC was formed by Valsmith and Danny Quist as a resource for the computer security community. The primary emphasis here is on malware collections and analysis for the purpose of improving people's abilities to defend their networks.

Read more

Most Recent News from the F-Secure Lab.

Read more

This project is an attempt to develop a real decompiler for machine code programs through the open source community. A decompiler takes as input an executable file, and attempts to create a high level, compilable, possibly even maintainable source file that does the same thing.

Read more

diStorm is a binary stream disassembler. It's capable of disassembling 80x86 instructions in 64 bits (AMD64, x86-64) and both in 16 and 32 bits. In addition, it disassembles FPU, MMX, SSE, SSE2, SSE3 and 3DNow! (w/ extensions) and new x86-64 instruction sets.

Read more

Antirootkit Software, News, Articles and Forums.

Read more

Various information about malware analysis and reverse engineering.

Read more

Virtual machines detection, articles with malware analysis for Virus Bulletin.

Read more

TatraDAS is disassembler of x86 executables which supports PE, NE, MZ, COM, ELF and binary file formats. It includes disassembler, text viewer with syntax highlighting.

Read more

VB Decompiler is decompiler for programs (EXE, DLL or OCX) written in Visual Basic 5.0/6.0. As you know, programs in Visual Basic can be compiled into interpreted p-code or into native code.

Read more

McAfee's antivirus labs blog.

Read more

Blog from the threat research team at ThreatFire.

Read more

The Symantec Security Response Weblog has been created to provide a forum for the team to share ideas and commentary on emerging issues and trends.

Read more

A blog about activities, products and ideas at Sunbelt Software, one of the leading developers of security software to protect against spyware, spam and other threats.

Read more

Reverse engineering articles, anti-debugging tricks, many unpublished tips&tricks.

Read more

IDA Pro is a Windows or Linux hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all.

Read more

VB RezQ can recover source from all types of 32-bit Visual Basic executables i.e .exe, .ocx and .dll files created by VB4(32), VB5 and VB6.

Read more

MASM32 version 9 is a working development for programmers who are interested in either learning or writing 32 bit Microsoft assembler (MASM).

Read more

All AntiRootkit,Rootkit,Virus And AntiVirus.

Read more

Resource Builder is the complete solution for Windows resource editing.

Read more

Packers and protectors, antidebugging tricks, assembler.

Read more

ReversingLabs has been founded with the goal to provide the best file analysis tools and the best software protection tools. Our expertise in building superior software reversing tools, gives ReversingLabs a unique background for creating superior software protection tools. Reverse Engineering is an Art where the most complex protection schemas are the least publicly available. Our tools enable the security industry, governments and research institutions to rapidly and effectively reduce the spread of malware.

Read more

I am a professional security researcher who enjoys working with vulnerabilities. I am fascinated by what causes vulnerable code and the methods used to exploit these flaws.

Read more

Hex-Rays is a decompiler that transforms binary applications into a high level C-like pseudo code. Unlike disassemblers, which perform the same task at a lower level, the decompiler output is concise and closer to the way most programmers write applications. This alone can save hours of work because analysts easily map the disassembly output to high-level concepts.

Read more

eXeScope can analyze, display various information, and rewrite resources of executable files, that is, EXE, DLL, OCX, etc. without source files.

Read more

ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

Read more

DFM Editor allows edit and create Borland Delphi VCL Forms in text and binary format. It is compatible with all Borland Delphi versions (including BDS). DFM Editor can extracts forms from compiled executables and DLLs (or others Portable Executable files) by its extraction tool. Syntax highlihting editor, object inspector and object tree view are tools that make work easier.

Read more

PEBrowse Professional Interactive builds upon the framework presented by PEBrowse Professional to create a very powerful, versatile, and customizable Win32 user mode debugger/disassembler. PEBrowse Interactive is not a source code debugger, but operates at the Intel x86 instruction level and therefore at the lowest level where your program executes. The debugger fully supports Microsoft .NET managed processes and seamlessly allows interop or mixed-mode debugging.

Read more

Restorator is an utility to edit windows resources in applications and their components, e.g. files with .exe, .dll, .res, .rc, .dcr, extension (see PE files and RES files).

Read more

File scanner/analyzer.

Read more

Daniel Reynaud is currently a PhD student in France, in the computer security team of the Loria lab in the mostly harmless city of Nancy. His research focuses on computer viruses and more generally the reverse engineering of malware.

Read more

FASM is an open source assembly language compiler for x86 and x86-64 processors (this includes the AMD64 and Intel EM64T architectures).

Read more

Ruben Santamarta is an european security researcher.

Read more

Read more

Designed for inspection and editing of Windows executable files, PE Explorer offers powerful static analysis and editing tools for working with EXE, DLL, ActiveX controls, and other executable file formats that run on MS Windows 32-bit platforms.

Read more

API Monitor is a software that monitors and displays API calls made by applications. Its a powerful tool for seeing how Windows and other applications work or tracking down problems that you have in your own applications. The current version include Filters to monitor the following API Categories.

Read more

KaKeeware Application Monitor is a very small API monitor that allows the user to monitor the APIs called by the given application. KAM supports 5577 different APIs as for now. KAM works as an API spy that may help the developers and localization engineers to find the bugs in the release versions of the software. It can be also used by malware analysts to check which APIs are used by the sample they analyse.

Read more

A wide range of tools to monitor system and network activity.

Read more

Resourcer is an editor for .resources binaries and .resX XML file formats used with the .NET platform. Resourcer allows editing of name/string pairs, import of bitmaps/icons and and merging of resources from different sources.

Read more

Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

Read more

VBReFormer is a solution for recovering the design of each form and control, with all properties, values, all reference to external controls (ActiveX™ libraries), and all pictures. Then with VBReFormer you can obtain the necessary information to re-write the graphical design of your application without executable Visual Basic code...

Read more

Sandboxie runs your applications in an isolated abstraction area called a sandbox. Under the supervision of Sandboxie, an application operates normally and at full speed, but can't effect permanent changes to your computer. Instead, the changes are effected only in the sandbox.

Read more

As far as I recall, subjects related to programming (C, C++, x86 assembler, Python and so on), reverse engineering, malware analysis (just like the one before), Bughunting (again!), NT OS internals research etc. are the things I spend most of my life on. When it comes to real life things, I prefer reading horror books (Kings rulz), taking

Read more

Threat Research & Response Blog

Read more

Reverse engineering, exploits, programming, game development and many more.

Read more

Computer security, reverse engineering, antivirus development, game programming, gsm telephony, martial arts, life and everything.

Read more

The Netwide Assembler, NASM, is an 80x86 and x86-64 assembler designed for portability and modularity. It supports a range of object file formats, including Linux and *BSD a.out, ELF, COFF, Mach-O, Microsoft 16-bit OBJ, Win32 and Win64. It will also output plain binary files. It supports from the upto and including Pentium, P6, MMX, 3DNow!, SSE, SSE2, SSE3 and x64 opcodes.

Read more

Application which can detect most protection systems. Mainly detects CD/DVD protection systems like SecuRom, StarForce, SafeDisc, Tages. Also it can detect many different protectors, packers for PE file format

Read more

WinAsm Studio is a free Integrated Development Environment IDE for developing 32-bit Windows and 16-bit DOS programs using the Assembler. The Microsoft Macro Assembler (MASM) is supported inherently, while the FASM Add-In adds support for FASM and other assemblers.

Read more

Resourcer is a powerful and flexible resource editor for Microsoft Windows that features full x64 and Vista/Win7 support, in addition to PNG icons and is also free and open-source (GPL).

Read more

A Decompiler for Clipper S87 & CA-Clipper 5. Supports CA-Clipper 5.0 through 5.2

Read more

HT is a file editor / viewer / analyzer for executables. The goal is to combine the low-level functionality of a debugger and the usability of IDEs.

Read more

Detours is a library for instrumenting arbitrary Win32 functions on x86, x64, and IA64 machines. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.

Read more

Code, hacks, security, RE, misc...

Read more

Greg Hoglund's blog about rootkit technologies, information security and reverse engineering.

Read more

This is my humble attempt at sharing questions, ideas, interesting topics and filthy pictures I stumble upon while doing what I do best (and most) – all sorts of geek stuff. I like programming, reverse engineering and playing games (no particular order).

Read more

Visual DuxDebugger is a debugger disassembler for Windows 64 bits, it is the first version so it is still very simple, but it has some features that others debuggers doesn’t have, it debugs multiple processes and debugs multiple child processes, but may be the most interesting feature is the “Detour System”. The current disadvantage is that only debugs 64 bits software, but it is a long term project and surely in a close future 64 bits software will be more common.

Read more

RDG Packer Detector is a file detector for exe packers, cryptors, scrabmlers, linkers, file joiners and installers.

Read more

PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.

Read more

HxD is a carefully designed and fast hex editor including raw disk editing, modifying foreign RAM and handling files of any size.

Read more

JWasm is a MASM v6 compatible assembler. It's a fork of Open Watcom's WASM and released under the Sybase Open Watcom Public License, which allows free commercial and non-commercial use. JWasm is written in C, source code is open.

Read more

The Customiser allows you to set the position and size of any window, button or other control and set the text of these controls. These changes can be permanently saved for any application and readily undone when desired. You can also set The Customiser to automatically press those annoying extra buttons you have to press when you go through a certain procedure, like OK buttons that you always press and wish you could automate.

Read more

Resource Tuner is a PE Explorer spin-off product that is used solely to edit resources in Windows programs. It has a broader audience than just software developers: translators, tweakers and those wanting a different look and feel. Resource Tuner is an important productivity tool for those who are engaged in editing of resources in Windows executables.

Read more

Hackman Suite is a multi-module all purpose debugging tool. It includes a hex editor, a disassembler, a template editor, a hex calculator and other everyday useful tools to assist programmers and code testers with the most common tasks.

Read more

Yasm currently supports the x86 and AMD64 instruction sets, accepts NASM and GAS assembler syntaxes, outputs binary, ELF32, ELF64, 32 and 64-bit Mach-O, RDOFF2, COFF, Win32, and Win64 object formats, and generates source debugging information in STABS, DWARF 2, and CodeView 8 formats.

Read more

The TMT Pascal compiler is a fast compiler for the Pascal language. The compiler emits 32-bit code and supports many language extensions from Borland Pascal (BP), as well as more powerful new extensions.

Read more

C++ Reference, Tutorials, Examples.

Read more

Generally we prefer to focus on Binary Analysis and Reverse Engineering, however I'm sure there's something everyone can enjoy!

Read more

Reverse engineering blog by HexRay's employee - Daniel Pistelli, .net reversing, CFF Explorer notes and more.

Read more

Utility to control all objects that you see in Windows screen (text, combo boxes, buttons, pictures...). You will be able to enable disabled objects, to hide buttons, to modify menus... Useful utility for programmers who need object's handle.

Read more

Reflector is the class browser, explorer, analyzer and documentation viewer for .NET. Reflector allows to easily view, navigate, search, decompile and analyze .NET assemblies in C#, Visual Basic and IL.

Read more

This is a small application designed to scan a process looking for IAT or detours style hooks.

Read more