Git Product home page Git Product logo

retools's Introduction

RETools

Random tools I made or otherwise just use for reversing quickly.

PEDMPExtractor

  • Search for PE files in a raw dump and display arch + pe file size to allow manual carving quickly

REClass

  • Live memory C, C++, and other structure rebuilding tool

demumble

JITCall

  • Command line application to JIT compile a calling stub around N number of dll exports with arguments provided the calling convention. Additionally can load shellcode or manual mapping of dlls to easily debug dllmain and can read binary files to pass arbitrary data as argument. Wait for execution by key press or int3.

BlobRunner

  • Allocate and run shellcode, print shellcode base and wait for execution by key press.

IdaScripts

Python helper scripts to do random stuff. May contain wrappers around ida operations, binja operations, or misc python utilities useful in low level stuff.

  • Plugins: Ida plugins. Either raw binaries or submodules to the project if it's on github (and installable via src).

    • signsrch: easily create byte signatures of various forms and search for them. Auto-mask the opcode and some immediates
    • hexlight: highlight bracket pairs in hex-rays pseudocode, press 'b' to jump between start/end brackets
    • easy_nop: select and right click an assembly sequence to replace with 0x90 nops
    • capa
    • HexRaysPyTools: C++ structure rebuilding tool, right click else conditions to swap if/then, much more.
    • IDAFuzzy: search plugin

  • SLib: Steve's python lib. Simple python helpers to do binary work packaged into a nice python module.

  • Cfg: My preferences for IDA configuration.

    • idagui.cfg: Escape closes windows disabled via OTHER_CLOSED_BY_ESC, TOOL_CLOSED_BY_ESC, CLOSED_BY_ESC.
    • hexrays.cfg: COLLAPSE_LVARS true, GENERATE_EA_LABELS true, AUTO_UNHIDE true, MAX_FUNCSIZE expanded for stupid obfuscators, PSEUDOCODE_DOCKPOS DP_RIGHT, PSEUDOCODE_SYNCED true, HEXOPTIONS 0x821FF to mask off HO_ESC_CLOSES_VIEW
    • ida.cfg: PACK_DATABASE set to 2 for compressed idbs

retools's People

Contributors

stevemk14ebr avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.