Difference between revisions of "Tools"

From SkullSecurity
Jump to navigation Jump to search
Line 45: Line 45:
Although I don't like it, I develop hack-type programs in Visual Studio. Using special Windows functions is required, and I haven't figured out how to do that in any other compiler.
Although I don't like it, I develop hack-type programs in Visual Studio. Using special Windows functions is required, and I haven't figured out how to do that in any other compiler.


 
* gcc
gcc is the free compiler that comes with Linux. I use this to compile most examples that I don't indicate as Visual Studio-specific. However, the code I write for gcc should also compile in Visual Studio, I just use gcc because it's quicker and more comfortable for me.


== Questions ==
== Questions ==
Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.
Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.

Revision as of 15:51, 14 March 2007

Assembly Language Tutorial
Please choose a tutorial page:

This page will discuss some important and recommended tools for reverse engineering and hack-writing. Some of these are free, and others are commercial. The only way to get commercial tools is by buying them, don't even think of finding a torrent.

If you know of any other tools that belong here, you're free to edit this page and add them.

Disassemblers

IDA is definitely the best disassembler around. Unfortunately it has a high price-tag, but it's well worth it. It's the program I'll be using throughout the guides here. It does a ton of analysis on the code, including naming variables used for library functions. It also keeps track of stack and local variables for you, with reasonable accuracy. Additionally, you can add your own comments and name variables yourself. It's really an amazing program, I highly recommend it.

W32Dasm is free to download, and works well for a basic disassembler. The more difficult part about using W32Dasm is keeping track of stack variables. But if you can't afford IDA, it might be helpful.

objdump is a very simple disassembler that generally comes with Linux. The command "objdump -d [filename]" outputs the assembly for the function:

ron@slayer:~$ objdump -d test | head

test:     file format elf32-i386

Disassembly of section .init:

08048278 <_init>:
 8048278:       55                      push   %ebp
 8048279:       89 e5                   mov    %esp,%ebp
 804827b:       83 ec 08                sub    $0x8,%esp
 804827e:       e8 61 00 00 00          call   80482e4 <call_gmon_start>

Debuggers

This is the debugger that I typically use, although I'm not a huge fan of it. The interface is non-intuitive and difficult to use, and it's often a hassle. However, that being said, it's the best free debugger, and it's very powerful.

In addition to being a first-class disassembler, IDA also has a built-in debugger. I haven't really used it, so I can't really say much.


Memory Editors

TSearch is a nice, free program to search and edit memory. It also has a very limited built-in debugger. Unfortunately, the official site is dead and it's no longer being maintained, which is unfortunate because it is such a nice program.


Compilers

  • Microsoft Visual Studio

Although I don't like it, I develop hack-type programs in Visual Studio. Using special Windows functions is required, and I haven't figured out how to do that in any other compiler.

  • gcc

gcc is the free compiler that comes with Linux. I use this to compile most examples that I don't indicate as Visual Studio-specific. However, the code I write for gcc should also compile in Visual Studio, I just use gcc because it's quicker and more comfortable for me.

Questions

Feel free to edit this section and post questions, I'll do my best to answer them. But you may need to contact me to let me know that a question exists.