Category: Disassembling

Capstone, Edb-debugger, Reverse Engineering

Install latest edb-debugger on Kali

edb is a cross platform x86/x86-64 debugger. It was inspired by Ollydbg, but aims to function on x86 and x86-64 as well as multiple OS’s. Linux is the only officially supported platform at the moment, but FreeBSD, OpenBSD, OSX and Windows ports are underway with varying degrees of functionality. Uninstall installed edb-debugger(if any) apt-get purge …

Disassembling, Radare2, Reversing

Disassembling functions with Radare2

Analyze binary file and its symbols Method 1 radare2 -A c:\Windows\SysWOW64\ntdll.dllradare2 -A c:\Windows\SysWOW64\ntdll.dll Method 2 radare2 c:\Windows\SysWOW64\ntdll.dllradare2 c:\Windows\SysWOW64\ntdll.dll Inside radare2 terminal, type: aaaaaa and hit enter. Disassembling a function Inside radare2 terminal, type: pdf @ sym.ntdll.dll_RtlCreateRegistryKeypdf @ sym.ntdll.dll_RtlCreateRegistryKey You can use tab completion here. Try this instead: pdf @ sym.ntdll.dll_RtlCreateRpdf @ sym.ntdll.dll_RtlCreateR and hit Tab.

Debugging, Disassembler, Disassembling, Reverse Engineering

Radare – a portable reversing framework

Radare is a portable reversing framework that can… Disassemble (and assemble for) many different architectures Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku Perform forensics on filesystems and data carving Be scripted in Python, Javascript, Go and more Support …

Disassembling, Reverse Engineering

Windows Disassembler for 64-bit & 32-bit Programs

PEBrowse64 Professional (v6.3) is a 64-bit executable and requires the .NET framework. It will display both Win32 and Win64 executables, native, managed and mixed. PEBrowse Professional (v10.1.4) is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies. With the PEBrowse disassembler, one can open and examine any executable without the need to …

Debugging, Disassembling, Reverse Engineering

Reversing with DumpBin

The Microsoft COFF Binary File Dumper (DUMPBIN) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs). For more… DumpBin syntax DUMPBIN [options] files…DUMPBIN [options] files… Display Section Headers dumpbin.exe /HEADERS x:\path\to\object\filedumpbin.exe /HEADERS x:\path\to\object\file Disassembling …

Debugging, Disassembling, Reverse Engineering

Reversing with OBJDUMP

objdump – display plenty of information from object files. It is available in most Linux and Unix systems. It is also available in Windows through cygwin. Display Section Headers: objdump -h /path/to/my/object/fileobjdump -h /path/to/my/object/file Disassembling Executable Sections: objdump -dl /path/to/my/object/fileobjdump -dl /path/to/my/object/file Full Disassembling: objdump -Dslx /path/to/my/object/fileobjdump -Dslx /path/to/my/object/file Display Debugging Info: objdump -g /path/to/my/object/fileobjdump …