List of Reverse Engineering and Debugging Tools

I may have created a small list of tools before, however, I would like to expand this list and provide some better descriptions for each of the tools listed. These tools are either completely free or have a limited free version which provides enough functionality for those like myself, who aren’t professional security researchers, escalation engineers or get paid for doing reverse engineering/debugging. These tools can and are used by professionals and enthusiasts alike. If you have any recommendations then please add a link to the comments section.

WinDbg – Reverse Engineering/Debugging

This tool is my most favorite, it provides complete functionality for enthusiasts and is for free. There is a wide range of extension and commands for viewing data structures, memory addresses and call stacks. It can be used for both reverse engineering and debugging BSODs (Blue Screens of Death).

There is good documentation for WinDbg for finding hidden rootkits, examining data structures and looking at raw memory. Most of this information has been used in my blog for writing tutorials and adding my own information to. It can be used for static analysis and real-time analysis.

Link – Windows Driver Kit (WDK) and Debugging Tools for Windows (WinDbg)

OllyDbg – Reverse Engineering (User-Mode)

OllyDbg is a great tool for reverse engineering user-mode programs. This is a another standard tool if you wish to examine malware or would like to learn the PE structure. This tool is for free, and again is there is great documentation for learning how to use it. Please check the Blogroll section for such blogs.

The data structure being viewed is the _PEB data structure, which is stored at offset 0x30 in the FS register for x86 systems. It is primarily used for static analysis.

 Link – OllyDbg v.1.10


IDA Pro – Free Version

 This tool is used for reverse engineering, and widely used by professionals to my knowledge. This is a very powerful tool, and be used to examine libraries in the IAT and EAT, look at strings stored in memory and assembly instructions. There are tutorials available on their website.

Link – IDA: About



Analyze It!

This tool is great for displaying information about a specific binary file (static analysis).

I could only find the program hosted on Softpedia, but I’m sure that there wasn’t any other programs bundled with the installation package.

Link – Analyze It! Free Download (Softpedia)


PeStudio

This is tool provides the same features as the other program, but with a simpler and cleaner UI and is easier to use in my opinion. It also has VirusTotal integration.

Link – PeStudio

Twitter – @ochsenmeier (Developer + Updates)


Hook Analyzer
The program enables you to hook to a certain active process, and then pull information from that process. It only works with Ring 3 (User-Mode) processes to my knowledge.
 

PE Bear
PE Bear is another static analysis tool for examining PE files, you can view file signatures and view packers which have been used.
 Link –PE Bear Blog
WinHex 
WinHex can be used for examining the hexadecimal format of files.
Process Explorer
Process Explorer is a Microsoft produced tool, which can be used for finding general information about active processes. It has Virus Total integration.
Advertisements

About 0x14c

I'm a Computer Science student and writer. My primary interests are Graph Theory, Number Theory, Programming Language Theory, Logic and Windows Debugging.
This entry was posted in Debugging, System Security, WinDbg, Windows Internals. Bookmark the permalink.

5 Responses to List of Reverse Engineering and Debugging Tools

  1. Florine says:

    Thanks, it’s quite informative

    Like

  2. Kristi says:

    It works quite well for me

    Like

  3. Lucio says:

    Thanks, it’s quite informative

    Like

  4. Jackson says:

    I enjoy the report

    Like

  5. Alvaro says:

    Thanks, it’s very informative

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s