Printable View
hi
are there any open source tools (compatible with QT & win XP), that perform reverse engineering.
I have found a very good software (Imagix 4D) , but unfortunately , it is commertial (Costs around $2k, eval version for 2 weeks only). can any one suggest me free tools similar to Imagix 4D(for reverse engineering process).
thanks in advance
vvbkumar
I think you should start by stating what exactly do you want to reverse eng. I mean, what results do you expect to achieve.Quote:
Originally Posted by vvbkumar
The best reverse engineering tools are all shell based:
- nm <binary> returns all symbols used by the app
- strings <binary> returns all strings inside the binary
- lsof -p <pid> monitors files, sockets and files used by the application
- dtrace <process>
- strace <process>
- ltrace <process> all do more or less the same. monitor the calls of the app
- dtruss (mac)
- gdb -atacched to process-
- You can rewrite also standard C/C++ functions used by the application. This is known as method swizzling. Use LD_PRELOAD on linux and DYLD on mac.
On Windows, you can exploit the way that Windows loads dynamic link libraries. Let's say, for example, that App(X) loads dll(Y). By creating your own dll (Z) of the same name and binary interface, you can have the application load Z instead of Y, with all of your calls being forwarded to Y. This allows you access to the parameters. The same data can be seen with a debugger, but this way allows you to create more readable/custom output via logging. Your options, overall, vary greatly with how the application is structured and the (non)existence of encryption/compression (upx compression and bogus PE header data can really screw alot of debuggers up).
At work, I use Hex-Rays IDA Pro, but it's commercial, and they even refuse to sell it to individuals - you must be an established company with a known history.
At home, I typically use the free Ollydbg with lots of other tools, some of which I've created myself.
For DLL exploitation, a decent utility is WinAPIOverride. It can analyse function calls, and even replace functions with your own.