Utilities
Resource editors
|
Borland Resource Workshop by Borland.
31.I.1999.
Let you edit application's resources. |
|
eXeScope by Toshi.
30.XI.2000. Do you want to customize an application ? For example, to change font, to change menu, to change an arrangement of dialog, etc., but do you think that it is impossible because you have not source files? eXeScope can analyze, display various information, and rewrite resources of executable files, that is, EXE, DLL, OCX, etc. without source files. |
|
Resource Hacker by Angus
Johnson. 11.XI.2000.
News: FREEWARE utility to view, decompile, modify and compile resources in Win32 executables. Dialogs, menus, and stringtable resource scripts (and also Borland forms) can be edited using the internal editor and immediately recompiled. |
|
Resource Builder by SiComponents.
10.XII.1999. That was long waited since Borland Resource WorkShop 4.5 is happened. Now you have complete powerful tool for visual building RC scripts and resource files for your applications. |
|
Resource Grabber by Richey
Fellner. 10.XII.2000. The Resource-Grabber will scan the directories and drives on your computer and extract all Bitmaps, Glyphs (button images), Icons, Cursors, Wave sound files, AVI Clips and Cursors it finds inside the programs and DLL files in any directory of your choice. Forget painting all that stuff by yourself; forget hours of searching for Windows-compatible button layouts ... simply use the images that are already on your computer ! The Resource-Grabber will extract them from their "hidden" locations inside DLL and EXE files and give you full access by saving them as regular bitmaps. |
Memory dumpers
|
IczDump by Iczelion.
22.VIII.2000. IczDump (Iczelion's PE Dumper) is yet another in-memory Portable Executable File dumper. However, it's different in subtle ways from other dumpers: it runs in the same process as the target because it's a DLL. Once the DLL is in a process, it has the same privilege as the the target. |
|
QuickDump by defiler. 18.XII.1999. QuickDump is an easy to use memory dumper. |
|
DumpFX by F2F.
23.VII.2000.
- allocate memory through a mapping file. |
File scanners/analyzers
|
GetTyp by PHaX.
12.V.2000.
- detect 91 archive formats |
|
File Info by M.Hering.
07.XII.2000.
News:
- Full header information for dos and win eXecutable. |
|
File Scanner by SMT.
08.XII.2000.
News: File Scanner is a freeware program for identifying differrent file formats. Now it can do something more, such as unpacking or decrypting DOS executable files, calculating sizes of directories, handle headers of executables, playing sounds, edit binary files in hex, ascii or asm mode and displaying ANSI, PCB, BMP and SCR pictures. The list of features is still growing... |
|
File Analyzer by Vadim
Tarasov. 04.VII.2000.
News: File Analyzer written for files recognition. FA recognize many file packers, compilers, encryptors etc. Also FA can recognize many non-exectable files, for example: archives, graphic files, music modules and much more. FA can also list contents of archives. |
|
TYP by Veit
Kannegieser. 17.IV.2000.
- Determine archiver, crypter, viruses, compiler, music, images data
files, BIOS-chipsets, ... |
|
EXESCAN by ST!LLS0N.
12.I.1999. EXESCAN is an executable file analyzer which detects the most famous EXE/COM protectors, packers, converters and compilers. |
|
PEWizard by ST!LLS0N.
05.VIII.1999. PEWizard is an Win32 executables' manipulating tool. Includes join, split option (like PEUtils), a disassembler, dumper, header viewer, and PE loader recognizer. Recognizes 21 PE-packers, 4 compilers. |
|
dF File Info by AiRWOLF.
29.VII.2000.
News: This is only an alpha version...hope you like it. It analyzes a few file formats yet... Gonna be updated every week. |
|
File Information by Amon
Soft. 07.IX.2000.
- Detect more then 60 different packers, encryptors... |
|
UN-PACK by Snow Panther. 25.X.2000.
- Identifies most COM/EXE compilers/cryptors/packers/protectors |
|
file insPEctor by ViPER.
20.XI.2000.
- all infos about PE headers |
|
Language 2000 by Babak
Farrokhi. 14.XI.2000. Language 2000 is the ultimate compiler detection utility. Using this program you can determine which compiler used to make your binary file or with which compressor the file is compressed. You should just open your binary (EXE, DLL, ....) in this program (or simply drag and drop the file on it) and the program will determine the compiler and maybe modifier. The database of compilers and modifiers will update frequently. |
|
PE Labs by Latigo. 29.III.2000. Displays the most important information about a PE file. Includes full Win32Asm source code. |
|
ShowDLL by VoidDweller.
06.VII.1999. Show DLL dependencies of NE, PE, LE and LX files. |
|
MuLTi RiPPeR by THE WONDERFUL TEAM.
01.VIII.2000.
- Multi-purpose File Ripper. In few seconds cleans & clips @ the
Right size! Rips from any Demo/Game |
|
MultiEx by Mr.
Mouse. 17.VI.2000.
- DOS/WIN98-based multi format file extractor/importer. |
|
Ultra Search by vReal.
29.VIII.2000. Ultra Search locates strings and hex numbers in files. The search is performed using one of 8 different methods or combinations of methods. |
Exe modifiers
|
General. |
|
Topo by Mr
Crimson. 20.III.2000.
News:
This is a little application which breaks classical limitation in
file patching and avoids the use of loaders/uncompressors. |
|
Code Snippet Creator by Iczelion.
30.III.2000.
- Can generate code snippets and save them as binary files. |
|
PEditor by M.o.D.
& yoda. 14.X.2000.
News:
- all important infos of the PE Header are shown and can be changed. |
|
IID King by SantMat. 01.X.2000.
- IID King allows you to add imports to ANY PE file's import table. |
|
PE Header Editor by bart. 15.IV.2000. The name says it all :), this is a PE header editor. Includes full TASM source code. |
|
Da Dumper by FuzzyCat. 22.XI.2000. This program is used to dump objects or sections, it dumps the code or data that they have, this dumping can have problems if you messed with the pe header and changed the objects size, offset... You can also check the pe header and sections, and change them. |
|
PEUtils by Andrew
de Quincey. 12.I.1999. This is a suite of utilities for manipulating PE-format executables. Full source included. |
|
Rebuilders. |
|
MakePE by G-RoM. 23.VI.1999.
News: MakePE is a PE structure rebuilder. From a dump, made with ProcDump(TM) or with GTR95(TM) or one you did under SoftICE (TM), it will try to rebuild the PE header, import section (when possible) and can reoptimize your dump to reduce it. It can load too a standard PE file and will try to reduce it if you used the '-s' switch. |
|
PE Rebuilder by TiTi &
Virogen. 19.X.1999.
News:
This tool is totally free for use and MUST be freely distributed. It
has been made for 2 different aims: |
|
PE Fixer by Bonker.
26.I.2000. This utility is for when you are unpacking an app and you need to fix the section data so that the PSize = VSize and Offset = RVA. Instead of having to go through each and every section in Procdump, just fire up this util, click on the button, select the file, and you're done. |
|
BP7PAT by PHaX.
05.XII.1999. Patches any EXE file compiled by Borland Pascal 7 which has an runtime error 200. |
|
CrtFix by Eugene Toder. 13.X.2000. CRTFix is a patcher that fixes bug in Borland Pascal (aka Turbo Pascal) CRT unit. This bug causes run-time error 200 in the very beginning of ANY programm (compiled with BP of course) that uses it when this program is run on fast machines (I think Pentium 200 and better). |
|
Checksum/Stub/Realigner/Header. |
|
PE Validator by LaZaRuS. 02.V.2000. PE Validator is a small tool that adjusts PE headers of EXE files that don't run under Win2K (this file is not a valid Win32 Executable) so that they run under Win2K. |
|
PESum by eGIS!/CORE.
12.I.1999. PESum will check if a PE file has a correct checksum in its header. If it does not have, PESum will compute the checksum and update the PE file. |
|
Virogen's PE Realigner by Virogen.
06.VI.1999.
News:
- makes PE exe/dlls smaller. |
|
yoda's PE Realigner by yoda.
11.X.2000. This is just another PE Realigner. C source code included. |
|
Wipe.Reloc by crayzee.
02.XII.1999.
News: This utility makes PE files smaller by aligning them (like virogen's vgalign) and (if processing a non-DLL PE) by removing the .reloc section. That section is added by TLINK32 to the EXE PE files but is not needed there, because all EXEs are loaded to their original image base. It also removes empty waste above and below PE headers and at the end of the file, sets the correct PE checksum and finally recovers the previous times of the file. |
|
TinyStub by crayzee.
22.VIII.1999. This tiny utility is for replacing the PE file's dos stub. It doesn't really make the file smaller, but after aligning it with my wipe.reloc its size can be slightly decreased. |
|
CheckSum Corrector by Mr
Crimson. 10.I.2000. This program calculate the checksum of PE files and optionally updates its value in the header. |
|
SetCSUM by Collake
Software. 11.VIII.2000. This simple, console mode utility will verify, and optionally set, the correct checksum of Portable Executables (win32 EXE,DLL,OCX,SCR,etc..). This checksum is required to be accurate for NT device drivers and some system DLLs. C++ source included. |
|
STUBEXE by VoidDweller.
04.VII.1999.
- support MZ, PE, LE (beta NE) |
|
Others. |
|
Function Replacer by DEATH
of Execution. 16.VII.2000. This programme will replace any export from a DLL with another DLL's export, it performs an automatic loading of the DLL + getting the function's address, then calling it. Could be useful sometimes. |
|
Imhotep by ArthaXerxes.
04.XII.2000.
News: The purpose of this program is to remove "interleaved" jumps that make disassembling and reversing harder. This utility is definitely not for unexperimented reversers. |
|
Sadd by NeuRaL_NoiSE.
05.I.2000. A little tool that creates, appends and zero pads a new section in the specified PE file (dll or exe). Written for educational purposes only! (Including ASM source.) |
|
PESam by MrCrimson.
27.IX.2000. PESam is a little utility which allows easily changing section attributes in PE files. This changes can fool some reverser's tools. Includes a detailed help. |
Virtual offset to file offset converters
|
VA2FO by Iczelion.
Updated 18.III.1999. This is a utility from PC Coding Division. Written entirely in win32asm. It's a handy little utility that you can use to convert virtual addresses seen under SoftICE into file offset that you can use in hex editors. You can specify two modes: Virtual Address or RVA. |
|
OFFset CALculator by Mr
Crimson. 10.I.2000. Another virtual address to file offset converter. |
|
Offset Converter by Apus.
20.XII.1999. Offset Converter is a little tool. The task of it is to convert the virtual offset to the matching file offset. |
|
RVA Converter by LaZaRuS. 29.IV.2000. RVA converter is a nice tool which converts memory addresses to file offsets and the other way. It allows you to find bytes you saw in a debugger in few seconds. |
Binary file editors
|
Hiew by Eugene
Suslikov. 27.VI.2000.
News:
Basically HIEW (Hacker's view) is a hex viewer for those who need
change some bytes in the code (usually 7xh to 0EBh). Hiew is able to
view unlimited length files in text/hex modes and in Pentium(R) Pro
disassembler mode. |
|
Biew by Nick
Kurshev. 31.X.2000.
News: BIEW is binary file viewer with build-in editors for binary, hexadecimal & disassembler modes.
Features: |
|
QView by AGC.
15.XII.1999.
News:
- Editing of files, logical and physical disks, and also 1 Mb of
memory in Text/Hex/Asm modes. |
|
HexIt by Mikael
Klasson. 12.XII.1999.
- Built-in assembler (AzmIt) & disassembler. |
|
eco by ultraschall.
29.XII.1999. A very handy tool for manipulating binary files. You can copy a part from a file to another, fill in/insert extra bytes, write data, etc... Supports saving/running commands from a macro file. |
|
Related links: |
Spy tools
|
File Monitor by http://www.sysinternals.com.
30.XI.2000. A very cool low level file access monitor. |
|
Registry Monitor by http://www.sysinternals.com.
30.XI.2000. A very cool low level registry access monitor. |
|
ATM by Enrico
Del Fante. 03.XII.1999.
News: ATM is a Windows9x-only application ideated for power-users who actually like to handle their systems. It allows you to completely manage the system priority of all processes (and some of their own thread) running. It provides a real-time capability to monitor all processes and threads, to manage them (maybe kill'em all...), and even to spy and control their owned windows. |
|
Spy & Capture by Kobi
Krichmar. 06.VIII.1999.
News:
Spying tool for Windows 9x/NT. It uses direct mouse positioning to
get window properties and all it's objects, styles, classes and
process information. If the window is a control you get it's control
styles. Also included: |
|
API Spy by Vitaly
Evseenko. 01.XII.2000. It allows to examine any known API functions call that is resolved during the program load time and is given by APIS32. APIS32 will only work with Windows95/98/NT and Win32s applications which will be executed under Windows 95 or Windows 98 platform. It won't spy upon API functions called by 16 bit programs. |
|
ApiHooks by EliCZ.
01.XII.2000.
News: ApiHooks allows developers to watch intermodule communications. Suitable for file monitors, registry monitors, dumpers, antiviruses and unpackers. |
|
ForceLibrary by yoda. 13.XI.2000. ForceLibrary.dll is able to load a dll into an other process memory. This is very useful for many hook actions. E.g. You can use it instead of the "SetWindowsHookExA" API. Source code included. |
|
ProcessENG by M.o.D. 27.XI.2000. The programm lists all running processes and allows you to kill/dump them. Furthermore you can get all OEPs (OriginalEntryPoints) of the running processes an you can view the modules of a process. In addition it can list all WindowClassNames! You will also find a MessageMonitor, which lists all windowsmessages a process sends and gets! Source code included. |
|
Process Memory Manipulator by TrainSpotter.
19.I.2000. Process memory manipulator is a win32 application which allows to map the memory of a specified currently running process. |
|
Locpinfo for NT by EliCZ. 09.VII.2000. Locpinfo is for NT only and displays info about current processes on local machine. |
|
SMU Inspector by ???. 13.IX.1999. A simple windows spy. VB-coded. |
Misc.
|
PE Characteristic Converter by EdCamper.
25.II.2000. At the moment it is just a beta tool to allow you to calculate a sections characteristic visually. |
|
LibDump by George
Poulose. 23.V.2000. LibDump is a Win32 utility tool similar to Microsoft's DumpBin utility except that it can be used to display the contents of library files instead of portable executables and COFF (Common Object File Format) .OBJ files. Source code is available. |