Reverse Engineering Tools
Welcome to my reworked tools page. Here you will find a combination of archives and direct links to many of the great reversing tools that most reverse engineers use. If you are just starting out, you could do a lot worse than download all of the materials I've made available here (I apologise if it is rarely updated). Many of the files are compressed 'scene style', i.e. RAR inside ZIP, you'll therefore need WinZip & WinRAR to uncompress them. I don't take any responsibility for the tools here, so be sure you read the instructions very carefully.
Some readers have asked why I always rip .nfo files from downloads. The reason I do so is that I'm guessing (rightly or wrongly) that most of my readers aren't the slightest bit interested in the .nfo file unless it actually contains something useful (usually its just a long list of egotistical greetings / members etc. that frankly not that many people seem to care about and causes me all sorts of legal hassles). Should you find bad URL's and I'm sure you probably can, please send me just 1 e-mail and see what happens in a week or so, although link fixing is important from your viewing perspective it is seldom a priority for me, you can probably source that which you require elsewhere. If you really can't find a particular tool then maybe someone on one of the IRC channels can help.
|Decompiler/Disassembler Archive - (479k - 490,557 bytes).|
|Sebastien Apel's InstallShield Script CRC corrector, Wisdec, Wise Install Decompilers.|
|Key Generator Source Code Archive - (427k - 437,901 bytes).|
|Collection of key generator source codes in various languages, ASM/C/C++/Java/Pascal/Perl/Win32ASM.|
|HEX Editing Archive - (849k - 869,884 bytes).|
|HEdit v2.1.11, Hex Workshop v3.01 & Hiew v6.15 Key Generator's, Hiew 6.55 full, Implant.|
|HCU Tools Archive - (201k - 206,393 bytes).|
|Dasm (requires PERL), FrogsICE v0.43 source code + FrogsICE v1.07.3/v1.08.5, Iceman's SoftICE Helper VxD, Letter Opener & SoftDump (courtesy of Quine).|
|Miscellaneous Tools Archive - (518k - 531,307 bytes).|
|ASCII Table v2.01, Flu[X]'s File Utils & Key Generator Functions, GPatch v1.2b, ICEPATCH v2.0, InstallShield v5.5 Cabinet Utilities, i6comp v1.03beta, Matt Pietrek's PEDump, Package For The Web Cracker, PE Rebuilder v0.96b, PkCrack v1.2, SoftICE DevStudio Serial # Generator.|
Google.com :- The crackers friend, your first choice for tools.
The art of effective web searching is a skill you will need to learn over time (I don't profess to be any good at it myself), and if you really wan't to delve into this subject check out+Fravia's new site. As the number of web pages increases exponentially, it becomes more and more difficult to find the 'gem' which you are looking for, especially since many search engines are now sponsored by big businesses 'sponsored links' and 'click through $ payments' are the coin of the realm in this world. Bear in mind also that whilst searching you have to be ruthless, it is very easy to get sidetracked into doing other things whilst trying.
Once upon a time regarded as the best friend of the reverse engineer but not any longer, these days I use Google. If you have to resort to AltaVista try using combinations of search parameters, such as '+softice +cracking +download +version 4.05' and filter out the scam sites with -warez and other inappropriate terms, such sites are probably smut/warez repositories anyway, be prepared to trawl through the various pages too since the first 20 or more tend to be of the 'sponsored link' variety, when evaluating results it is also very important to look at the last updated date reported by AltaVista, even if the jewel you are searching for appears to be listed on a sites description, look at this date closely, anything with 'last updated in 1997' has probably had the link long removed even if the page remains intact. If you find a site recently updated (and I mean probably no more than 2 weeks ago) then look also at the server address, 'here today, gone tomorrow' uploaders always use the free providers such as FortuneCity/GeoCities/Xoom and such, it can be quite a futile hunt ;-).
FTPSearch - Located in Norway (now owned by AllTheWeb), this FTP search engine can find many hidden directories. In the golden days trying appropriate filenames say 's-ice' & 'softice' could net you a few older copies from servers in the East, it may still have a use in locating older archives. AllTheWeb also has a web searching interface which seems to return very biased German results, like AltaVista expect to trawl through a few links to find what you need.
This used to be a good resource back in 2000 however on running some new searches I've seen that the links are now sanitised by commercials and 'Editors Choice' sites, however there are some other notable search engines now available here, e.g. GoTo.com, which produces some fairly useful results (I have not hyperlinked the link since it will inevitably die or expire and my link checking program will have me fixing them again), the following search was conducted using +softice +download.
To download softice 4.05 press here or, better, here. To download softice 4.05 for NT/2000 press here (mirror link).
Unlike Google (see below) GoTo is not such a 'jewel', it requires careful filtering of the results, its links appear old as well, even servers in the East (.ru) are often missing files. Lyco's is also accessible here, it is one of the worst search engines for sanitised results, you may however be able to dig something during the process or get better results by specifying a full filename with extension e.g. softice.zip. Note that the warez releases of such tools, and one assumes most of you will want to retrieve the very latest version, usually have very specific filenames, you may need to source the precise name from one of the dupecheckers.
Nomen est Omen & Other Search Engines
Remember those relocators?, cjb.net/ml.org (now redundant) surf.to/tsx.org etc, prefix these with softice or softice4 and try them, you may be fortunate. Use also the various banner webrings you may see on various sites, check links, use cross links from visited links, you'll find within 4-5 clicks what you are looking for. You might even be able to persuade Yahoo to work for you by using its advanced search capabilities and selecting Web Site Matches, again look at the date of the hits closely before visiting.
Don't be afraid also to try any of the other search engines (there is tremendous concurrence on the web as these portals always advertise), try for instance Dogpile, HotBot, InfoSeek/Lyco's (one of the largest), Northern Lights, WebCrawler and probably 101 others.
Still Lost - Part I?
Try all of these 5 resources then :
DataRescue - You know, believe it or not ;-), the freeware version of IDA is still more than adequate to get you started in this game.
http://asm.deformed.us - Home of UnderNet #asm, at the moment (read that carefully) they have everything you might ever wan't in the latest versions, as this URL gets better known expect things to get trickier for the files to remain intact, but for now.....
ExeTools - Aaron's home page has everything you might ever need to download, however for most you need to be provided access to the FTP, at the time of checking ftp.txt was a 404, you might need some luck to get access. Since the host is in China, the links might survive for a while.
Links - Try combing/perusing sites I've linked too.
ProTools (Programmers Tools) - Once upon a time, a great tooling site, now more of a news archive of 'latest releases of various protectors' and unpackers, its still worth the visit and Kaparo keeps it very up-to-date, but don't expect to find IDA or SoftICE here.
Still Lost - Part II?
Now listen up, if you really can't find what you seek maybe I can help, but please make sure you have exhausted every possibility before asking me and give me plenty of time to reply. Finding me on IRC is easily your best chance of getting some assistance and I'm not going to push warez around for anyone.
11/04/2005 - Please look after these links, I can't keep updating them :-), if you encounter any 404's by all means drop me an e-mail, don't expect miracles though.
MASM32 v8 - Maintained by hutch-- and Iczelion, this compilation is one of the best ready-made Win32 assembly resources you can download.
Turbo Assembler v5.0 - Full version of Borland's TASM (original installation disks). You'll need this to assemble and link most of the assembly language source codes on my site. Disk 1, Disk 2, Disk 3. TASM v5.0r patch (minor update 152k).
Turbo Assembler v5.3 & Resource Compiler v5.4 - Updated files taken from Borland Developer Studio (1.31Mb's).
Decompilers / Disassemblers
BDASM v2.5 - Lightweight disassembler, an alternative to W32Dasm (1.84Mb's).
DeDe 3.50.02.1619 - Delphi decompiler by DaFixer.
Eltima Flash Decompiler v188.8.131.520 - Flash Decompiler (6.58Mb's).
InstallShield 6 Tools - Further continuation of fOSSiL's great i5comp (121k).
Interactive Disassembler Pro (IDA) v4.30a - Masterpiece from Datarescue (32Mb's) (since this link seems to disappear or be actively removed, I suggest you make note of the name 'ida430a.rar' for future searches ;-) ).
Interactive Disassembler Pro (IDA) v4.51.770 - A later version of IDA (29.2Mb's).
Interactive Disassembler Pro (IDA) v4.9 SDK - for making your own plugins (6.37Mb's).
isDcc v1.22 - Very capable InstallShield script decompiler by Andrew De Quincy.
palmdeMON - Carpathia's experimental Palm Pilot disassembler, abandoned in 2003 or so.
V-Communications Sourcer 7 - Old but worthy sourcering tool which deserves a place in any reversers archive (986k - 1,010,214 bytes).
V-Communications Sourcer 8 - Latest version (1.62Mb).
VB Decompiler Pro 3.4 - GPcH Soft's Decompiler (2.12Mb).
Visual Basic v3.0 Decompiler - from DoDi (1.28Mb).
W32Dasm v8.93 - Good disassembler for starting out, superseeded by IDA a while back.
Debugger Archive - MeltICE, SoftICE v1.54 (Windows 3.1), SoftICE v2.62 (DOS), SoftICE v2.8 (DOS), SoftICE ATI Driver Fix (621k - 636,249 bytes).
NuMega SoftICE v4.05 (Windows 9x) (filename si405w9x.zip) & NuMega SoftICE v4.05 (NT) - (filename SI405WNT.zip) Debugger of choice, alternative link here (NT).
NuMega SoftICE for Windows Millennium Beta (120k).
OllyDbg - 32-bit code level debugger (useful for environments where SoftICE doesn't perform so well).
SoftICE Cover v1.0 - Tool for hiding SoftICE against well-known anti-debugging tricks (9.61Mb's).
Syser v1.93 - Very capable and recent SoftICE alternative (3.55Mb).
TRW 2000 v1.22 - LiuTaoTao's capable (if slightly buggy) SoftICE alternative (453k).
Borland Resource Workshop v4.5 - The original installation disks for this very good (if aging) resource compiler/editor.
Resource Hacker - Freeware resource editor.
Symantec ResourceStudio v1.0 16/32 bit - Alternative to BRW.
HelpPC v2.10 - Invaluable quick ASM reference.
APISpy32 v2.5 - A poor man's BoundsChecker, of limited use (255k).
File Monitor, Registry Monitor & VxD Monitor - Capable file, registry and vxd monitoring tools with source code by Mark Russinovich & Bryce Cogswell.
Forms Spy - A hard to find tool for spying on applications using forms, e.g. VB and Delphi programs (129k).
OpenTrap v1.2 - Another recommended file system activity monitor for Windows 95/8 (323k).
Win-eXpose-I/O v3.00 - A very useful I/O monitoring tool (1.81Mb).
Win-eXpose-Registry v1.00 - A capable registry monitoring tool (1.12Mb).
Byte Parser - Tool written by me for parsing dumps into text (well I think its useful anyway ;-) ) (16k).
FrogsICE - Useful anti-debugging tool for Win9x/WinME (please note his page is MSIE hostile).
Hex Workshop v3.0x - HEX editor from Breakpoint Software.
Hiew - Another great HEX editor from Sen.
IceDump - The tool that NuMega forgot with a neverending array of options, study the source code, for all common versions of SoftICE 95 & NT, highly recommended.
j0b's DeShrink v1.6 - Latest version always available here, j0b has now fixed the problems with Shrinker v3.4.
ProcDump v1.6.x - The last ever version of G-RoM, lorian & Stone's very capable OO unpacker.
Snippet Creator v1.05 build 2 - Iczelion's handy programming tool.
WinManage v1.0 - 605k.
If you feel I have missed, or you have personally written any other tools or documents which you think might be useful to reverse engineers please contact me (via e-mail) and I'll make them available here for download.
1998-2007 CrackZ. 24th September 2007.