Linux Memory tools are a set of Linux tools (Python, C and ASM) which aim is to facilitate exploit development. These tools can be used to dump process memory, search for patterns and quickly find OPCODEs location addresses (instructions and mnemonics are functional but still in development). OPCODE search is possible on an instant memory snapshot or using a file dump. These tools are been quickly coded and should be considered as helpful scripts. Return addresses or shellcode locations can be found instantly.
b563de74e1cda35f782a23fd14e98e36f0b0c04030335f5778d239a1c883e3e3PaiMei is a reverse engineering framework consisting of multiple extensible components. The goal of the framework is to reduce the time from "idea" to prototype to a matter of minutes, instead of days. PaiMei is written entirely in Python and exposes at the highest level a debugger, a graph based binary abstraction and a set of utilities for accomplishing various repetitive tasks. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as: fuzzer assistance, code coverage tracking, data flow tracking and more.
f027a3b0b418697874b0a94638fd5384a09eea2e16778ac1bf21c0ea708b4c9aDisit is a new open source disassembler engine.
7aceb71d9143184a945084ed93d86e101db05cbb842250649377f0303dc4d23delf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more.
ba504141b5e785fc1d7f12e8239b05346b36be25671c0ad626f1baa248ad8791Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
b31fe0048b71bab934815417a3d57f26b2f50823b7d9600434d47c9c533ed212REC is a portable reverse engineering decompiler which reads an executable file and attempts to produce a C-like representation of the code and data used to build it. It can decompile 386, 68k, PowerPC, and MIPS R3000 programs and recognizes the following file formats: ELF (System V Rel. 4, e.g. Linux, Solaris, etc.), COFF (System V Rel. 3.x, e.g. SCO), PE (Win32 .EXE and .DLL for Microsoft Windows 95 and NT), AOUT (BSD derivatives, e.g. SunOS 4.x), Playstation PS-X (MIPS target only), and raw binary data (via .cmd files).
3f8f4c802b33352fe0114bbf7758d4f5510b3e435824539cf8b5a73eb0162a87Valgrind is a GPL'd tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. You can use it to debug most dynamically linked ELF x86 executable, without modification, recompilation, or anything. If you want, Valgrind can start GDB and attach it to your program at the point(s) where errors are detected, so that you can poke around and figure out what was going on at the time.
36f95c24257c440eadcff12f88b18d8572aa7e47c014494d8804f3d194719cd9Procshow is a tool to analyze live processes. It shows ELF information as objdump, nm, readelf, etc but using a file in a runtime state. It helps an end user learn about a process, detect anomalies, backdoors, and holds various other uses.
aea8414360a66bbebafe5d48db71857829d9ecdf679ad3ee204de0802423425cElf Shell v0.51b3-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable.
ecffe100d0da12235cfe464726313491409739493030f3fbdb3a28696b23447fLinux LKM that disables ptrace abilities in the 2.4.x kernels.
1d8cb9eedc847c0da5391b758eba2303658fc96887860ddadb104e0b904b66dfoOps.c grabs hardcoded strings from binary files. Shows rootkit passwords and other information that is encoded character at a time to avoid binary examination like the strings command. Tested on Linux.
6ec922e0fecc9ff438d329269c632e0bdae94a19c0a176bb42b7160fa0bb0f73LDasm (Linux Disassembler) is a Perl/Tk-based GUI for objdump/binutils that tries to imitate the look and feel of W32Dasm. It searches for cross-references (e.g. strings), converts the code from GAS to a MASM-like style, and much more.
f6adaed7d64c1cb2b5338b0f8a9ca16f597170edb56fca926f6a82e2d426c189anti-anti-debug is a Linux kernel module that is used to stop the technique currently implemented into closed source Linux binaries that disallow or restrict debugging and tracing with tools like gdb and strace.
aeca12c39a86982dc39a6c75f1547017d9e4b6274450bd8692153ad954b3dabdElf Shell v0.43b-portable is an automated reverse engineering tool with read/write capability for the ELF format. Sophisticated output with cross references using .got, .ctors, .dtors, .symtab, .dynsym, .dynamic, .rel.* and many other with an integrated hexdump. Designed for Linux. All calls encapsulated in libelfsh.a, so the elfsh API is really reusable. Sample output here.
9068395673dc10ca19ad2f71181d0ce313ff9da89bde2727c0db51c616b87c20The Examiner is a tool to analyze foreign binary executables. The goal of is to be able to get output similar to strace without executing the binary in question. Uses the objdump command to disassemble and comment binaries. This tool was designed for forensic purposes but could be used for basic reverse-engineering goals as well.
535c72a78282386f1909287a9812a255bac983a1a3e4e05c9e270bd9eee4ff47A disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
ff3d0ecbcfd3aae1a05edbb12329d7b53e69f35f6276bbcb2fe8b968e739217dA disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
deb4902992d31c1b6c37b4dcbc701dbc71c042fb0433831e4d972abcf40efb8cA disassembler written for disassembly of x86 ELF targets on Linux (other file formats/CPUs can be 'plugged in'). Written as a backend or engine -- the UI is a command line; support for controlling the disassembler via pipes or FIFOs is provided. Note that this disassembler does not rely on libopcodes to do its disassembly; rather, the 'libi386' plugin is a standard .so that can be reused by other projects.
6a45ac0ea697d4b71994d3441b9fe0d946819bbd9ee3082f187536aa7225c3b6hypersrc is a GUI program for browsing source code, which uses GTK+. It provides a list widget containing sorted source code tags. A programmer can click a tag to hyperlink to a particular tagged line in a source code file. Screenshot here.
04047cfe613f5003f883a85b25857edb33b11c44b5d61921d4945554a5fb281bhypersrc is a GUI program for browsing source code, which uses GTK+. It provides a list widget containing sorted source code tags. A programmer can click a tag to hyperlink to a particular tagged line in a source code file. Screenshot here.
e207046f65bd61093049aee58e950c824eef84f69463e5a7db0db8d22e977399GVD is a general purpose graphical debugger frontend. It features advanced data display and visualization capabilities, and allows the debugging of multi-process/multi-threaded applications in the same debugging session. GVD works with native and cross-debuggers and can handle several languages in the same debugging session and the same application. C and Ada are supported. GVD can run on a host different from the machine where the debugger is running and provides friendly support for cross-debuggers (VxWorks, Lynx, etc.). For instance, you can use Linux or Windows to debug an application running on a Power PC board with a debugger running on a Sun workstation.
f64f511f0fca1fbd9d0ec8ffed761392d45aaeaf37065995d45c7e36a435d1f2Segment debugger is an ELF binary segment scanner with a console ncurses interface. its currently in alpha stages and features only stack phrase, and double word searching.
a69144965104163e2f64d988a65e509f4f27e166452012c72a23349f8b313c6eBiew is Binary vIEWer with built-in editor for binary, hexadecimal and disassembler modes. It contains a PentiumIII/K7Athlon/Cyrix-M2 disassembler, full preview of MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff executable formats, a code guider, a text viewer with russian codepages support, and many other features.
0c61690e636e16954dfdb9eec1001653d7bb8232dcaf176c26d976db285fa3f7The Reverse Engineer's Patcher is the first byte patcher for UNIX systems. It will compare two binaries and produce a patch in C.
32184bfa34a3bb03ec189b479b49c03cc81c292b3a5be5081a2189e0f0180516Source-Navigator is a source code analysis tool. With it, you can edit source code, display relationships between classes and functions and members, display call trees, and build projects.
646b0bb295d013a2983e27d0adbf286415e12e6d4288932a8025ba16fcd88083
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed