Random tools I made or otherwise just use for reversing quickly.
- Search for PE files in a raw dump and display arch + pe file size to allow manual carving quickly
- Live memory C, C++, and other structure rebuilding tool. Shows a structured view over live memory so you can see values as they change.
- Extract GoLang function names, file paths, reconstruct user defined structures and interfaces, and print binary metadata. Amongst other things.
- Syscall hooking framework. Modify args, return values, etc in a patchguard compatible way.
- Within this repo is a tool PDBReSym, which can download PDBs and Binaries from the MS symbol server, or symbolicate logs.
- C++ library with python wrapper to demangle Itanium and MSVC symbols on all platforms (Linux, Mac, Windows)
- Modified from: https://github.com/nico/demumble
- Command line application to JIT (via asmjit) compile a calling stub around N number of dll exports with arguments provided the calling convention. Additionally can load shellcode or manual mapping of dlls to easily debug dllmain and can read binary files to pass arbitrary data as argument. Wait for execution by key press or int3.
- Allocate and run shellcode, print shellcode base and wait for execution by key press. Simpler alternative than JITCall, doesn't support arguments.
- Com plugin for IDA pro to automatically identify and label many com interfaces and some vtable structures
- A utility for extracting .NET single file bundles to disk while maintaining the internal bundle folder structure. Also supported by ILSpy fwiw.