From Collaborative RCE Tool Library

Jump to: navigation, search

Symbol Tools


Tool name: radare
Rating: 5.0 (2 votes)
Author: pancake                        
Website: http://www.radare.org
Current version: 2.0.0
Last updated: October 10, 2017
Direct D/L link: http://bin.rada.re/radare2-w32-2.0.0.zip
License type: LGPL
Description: The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with 6502, 8051, arc, arm64, avr, brainfuck, whitespace, malbolge, cr16, dcpu16, ebc, gameboy, h8300, tms320, nios2, x86, x86_64, mips, arm, snes, sparc, csr, m68k, powerpc, dalvik and java.

The main program is 'r2' a commandline hexadecimal editor with support for debugging, disassembling, analyzing structures, searching data, analyzing code and support for scripting with bindings for Python, NodeJS, Perl, Ruby, Go, PHP, Vala, Java, Lua, OCaml.

Radare comes with the unix phylosophy in mind. Each module, plugin, tool performs a specific task and each command can be piped to another to extend its functionality. Also, it treats everything as a file: processes, sockets, files, debugger sessions, libraries, etc.. Everything is mapped on a virtual address space that can be configured to map multiple files on it and segment it.

If you are interested or feel attracted by the project join us in the #radare channel at irc.freenode.net.

See website for more details.
Also listed in: .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Disassemblers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Symbol Type Viewer
Rating: 4.0 (1 vote)
Author: Lionel d'Hauenens                        
Website: http://www.laboskopia.com/
Current version: 32Bit/64Bit Version 1.0.0.6 (beta)
Last updated: May 19, 2008
Direct D/L link: http://www.laboskopia.com/download/SymbolTypeViewer_v1.0_beta.zip
License type: Free
Description: Symbol Type Viewer 32Bit/64Bit Version 1.0.0.6 beta

Symbol Type Viewer is a tool which makes it possible to easily visualize the types which can be defined in the symbols of the modules of the systems Microsoft Windows 32/64bit. Moreover, it makes it possible to convert these informations for the C language (.h) and the disassembler IDA of DataRescue (.idc).

Symbol Type Viewer allows to :
- download the symbols (pdb) very simply.
- sail and visualize in a detailed way the types and their members in the form of tree structure
easily find the unused areas in the structures (padding). These areas are theoretically usable to put personal data there
- translate the structures for the C Language (.h) and for IDA script (.idc) of DataRescue (http://www.datarescue.com/idabase/)
- personalize the formatting: addition of suffix in the names of types, freeze the sizes of structures and members (the pointers become ULONG32 for a 32bit system and UINT64 for a 64bit system)
- apply searchs of texts or regular expressions
- do a batch processing by treating all modules met in a directory and its under-directories. For example: C:\Windows;)

CHRONOLOGY

[+] May 18th, 2008 : Version 1.0.0.6 beta (32Bit / 64Bit)
- [bug] Correction of a problem with “_unnamed” structures included in a member of struct array. Those are not defined during a complete translation to the C format. This problem doesn't appear during a translation to IDA script like with Viewer. (Thank to Damien AUMAITRE)

[+] May 10th, 2008 : Version 1.0.0.5 beta (32Bit / 64Bit)
- [bug] Correction of a problem of identification of bitfield structure inside “union” (Thank to mxatone)
- [bug] Correction of a problem with IDA and the too small member names. IDA does not accept the names lower than 3 characters. To solve that, "__” is automatically added at the end of the names with one or two characters. This is applied only for IDA formatting script.

[+] March 20th, 2008 : Version 1.0.0.4 beta (32Bit / 64Bit)
- Addition of a filter allows to limit the translation scan (Thank to Orkblutt and buri)
- [bug] Correction of a problem of inappropriate error message when the symbols don't contain Types (Thank to Orkblutt and memo5)

[+] February 27th, 2008 : Version 1.0.0.3 beta (32Bit / 64Bit)
- Addition of a function of research starting from a text or a regular expression
- Addition of buttons of navigation keeping in memory the 100 last selections
- Possibility of fixing the size of the pointers in the structures for the C language. This option can be very useful when one wishes to make a work with 32bits processes in an 64bits environment.
- Possibility of personalizing a suffix at the end of all the names of the unions, structures, enumerations and functions. This makes it possible to use the entities formatted in projects while avoiding the conflicts of declaration which can appear.
- All the entities deduced or without name (unnamed) met in the members from the structures have a single name then. In order to give a maximum of information making it possible to identify the role of these entities, it is added to the single name the names of all the members dependant on this entity. Each name of added member is separated by a character “_”
- Addition of Exit menu (Thank to ouadji (most crazy of my friends) -> "An application without Exit menu is not a application. It's like the Camenbert… There doesn't exist Alsatian Camembert cheese..." )
- [bug] Correction of a problem of size of pointers in 64bit structures formatted for IDA script
- [bug] Correction of a problem of principal window refresh under Vista.
- [bug] Correction of a problem when one makes “Brut copy” with the “Format view” panel wich is empty. (Thank to ouadji )

[+] January 15th, 2008 : Version 1.0.0.2 beta (32Bit / 64Bit)
- Symbol Type Viewer is now compatible with the versions 32bits and 64bits of Windows.
- The functions met in the structures are now accessible directly since the tree view.
- Preparing of the tree with icons significant.
- In the format C structures, the unused zones appear now clearly in red. These zones are theoretically available to store personal data.
- [bug] Correction of bad size estimate with certain local structures.

[+] December 29th, 2007 : Version 1.0.0.1 beta (32Bit)
- [bug] Correction of a problem giving (with certain parameters of system appearance) a nonwhite background in the formatted structures view. This can be disturbing. Especially when the background appears in black. (Thank to DarKPhoeniX).
- [bug] Correction of a bad management of the variable system _NT_SYMBOLS_PATH when this one isn't completly in lower case (Thank to Neitsa)

[+] December 28th, 2007 : Version 1.0.0.0 beta (32Bit)
- Initial version

Bugs report : stv(at)laboskopia.com

www.laboskopia.com
Also listed in: Symbol Retrievers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DbgHelp Examples
Rating: 0.0 (0 votes)
Author: Oleg Starodumov                        
Website: http://www.debuginfo.com/examples/dbghelpexamples.html
Current version:
Last updated: September 21, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Here you can find complete examples of using various DbgHelp functions.

Of course, there are various examples of using DbgHelp available on the Internet, magazines and books. But since most of them were published, DbgHelp continued to evolve and introduce new functions to work with debug information (often replacing old functions with the new ones). These examples show how to use the latest versions of the functions.

Every example can be compiled and used as a simple tool to explore the corresponding contents of debug information.

Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PDB Exploder
Rating: 0.0 (0 votes)
Author: Sven Schreiber                        
Website: N/A
Current version:
Last updated:
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: PDB exploder will parse and break PDBs into individual files for each "stream" in the PDB.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PDBRipper
Rating: 0.0 (0 votes)
Author: Sergey Perfiliev                        
Website: http://ntinfo.biz/index.php/pdbripper
Current version: 1.8
Last updated: December 21, 2012
Direct D/L link: http://ntinfo.biz/files/pdbripper.rar
License type: Freeware
Description: PDBRipper is a utility for extract a information from PDB-files.

PDPRipper can extract:

Enumerations
User define types(structures, unions ...)
Type defines

and creates header C/C++ files.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PdbDump
Rating: 0.0 (0 votes)
Author: Andrew de Quincey                        
Website: http://pdbdump.sourceforge.net
Current version: 0.8
Last updated: September 4, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: PdbDump is a sample tool using DiaLib, which dumps all the information from a PDB file.

DiaLib is a C++ wrapper around Microsoft's DIA SDK 2.0, providing a much nicer interface than its COM-based interface.

During this project, I found out that certain PDB, OBJ, and LIB files unexpectedly contain much private information, for example C++ class definitions, full enumerations, and function prototypes.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PdbXtract
Rating: 0.0 (0 votes)
Author: Aaron LeMasters                        
Website: http://www.mandiant.com/resources/download/pdbxtract
Current version: 1.0
Last updated: April 23, 2012
Direct D/L link: http://beta.mandiant.com/assets/PdbXtract.zip
License type: Freeware
Description: PdbXtract enables you to explore symbolic type information as extracted from Microsoft programming database files. This tool is primarily for reverse engineering of Windows-based applications and for exploring the internals of Windows kernel components.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Print Types
Rating: 0.0 (0 votes)
Author: moyix                        
Website: http://moyix.blogspot.com/2007_10_01_archive.html
Current version:
Last updated: October 4, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Over the past few weeks, I've been continuing to investigate the structure of the Types stream (stream 2) in Microsoft PDB files with the help of Sven Schreiber's PDB parsing code. Some issues with getting approval to publish research came up at work, but I think they're mostly ironed out now, so I'm going to devote this entry to going through some of the trickier bits involved in parsing the Types stream. Some code also accompanies this entry: a python script to parse and print out the types contained in a stream. It works on streams that have alrady been extracted from a PDB file (see this earlier entry); if you don't have one around you can try it out on the Types stream from ntoskrnl.exe on Windows XP SP2.

More technical documentation on this parsing is included, and source code.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SymChk
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Current version:
Last updated:
Direct D/L link: N/A
License type: Free
Description: Included in Microsoft Debugging Tools
Also listed in: Symbol Retrievers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Symbol Retriever
Rating: 0.0 (0 votes)
Author: Compuware / Numega                        
Website: http://www.compuware.com
Current version:
Last updated:
Direct D/L link: N/A
License type: Commercial
Description: Included in the (now discontinued) Compuware DriverStudio.
Also listed in: Symbol Retrievers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SymbolFinder
Rating: 0.0 (0 votes)
Author: deroko of ARTeam                        
Website: http://www.woodmann.com/forum/showthread.php?t=11917
Current version:
Last updated: July 19, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This small program is designed to locate structs, enums, and symbols from ntoskrnl.exe, and guess what, it's OPEN SOURCE!!!

Googling for some samples of symbol listers is kinda hard, as there is no any open source symbol lister availalbe (or I couldn't find it), so here is source code which might help ppl to figure how to deal with symbols...

Program only tries to locate ntosknrl.exe/ntkrnlpa.exe/ntkrnlmp.exe and loads proper symbols for running kernel, this is required as when you specify -a option, it will give you symbols name and it's address in used(running) kernel.


Usage:

SymbolFinder.exe <name_of_struct or enum_type>
SymbolFinder.exe -s - list all structures from ntos pdb file
SymbolFinder.exe -e - list all enums from ntos pdb file
SymbolFinder.exe -a - list all symbols with addresses in running ntos
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: TypeInfoDump
Rating: 0.0 (0 votes)
Author: Oleg Starodumov                        
Website: http://www.debuginfo.com/tools/typeinfodump.html
Current version: 1.0.2
Last updated: September 21, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This is an accompanying example for the "DbgHelp Examples" tools (see related URls below), to access type information. It reads debug information for an executable specified by the user, and shows the exact type of every variable or function, as well as other interesting information.

Usage: TypeInfoDump FileName
where FileName is the name of the executable or a .PDB file

TypeInfoDump depends on DbgHelp.dll (DbgHelp.dll 6.3.17.0 or newer is required). The DLL must be in the same directory as TypeInfoDump executable. You can download the DLL with TypeInfoDump, or you also can download TypeInfoDump only and obtain DbgHelp.dll from another source (the latest version of DbgHelp.dll is usually supplied with Debugging Tools for Windows).
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There is one subcategory to this category.


Retrieved from "http://woodmann.com/collaborative/tools/index.php/Category:Symbol_Tools"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (294)
   Categorized by Tool Type  (1403)
   Anti Anti Test Tools  (17)
   Assemblers  (29)
   Code Coverage Tools  (13)
   Code Injection Tools  (40)
   Code Ripping Tools  (2)
   Crypto Tools  (17)
   Data Extraction Tools  (29)
   Debuggers  (61)
   Decompilers  (31)
   Deobfuscation Tools  (18)
   Dependency Analyzer Tools  (6)
   Diff Tools  (48)
   Disassemblers  (83)
   Dongle Analysis Tools  (28)
   Exe Analyzers  (51)
   Executable File Editors & Patchers  (107)
   Firefox Extensions  (3)
   GUI Manipulation Tools  (20)
   Hardware Reversing Tools  (28)
   Helper Tools  (3)
   Hex Editors  (13)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (15)
   Memory Data Tracing Tools  (10)
   Memory Patchers  (7)
   Memory Search Tools  (8)
   Monitoring Tools  (154)
   Network Tools  (26)
   Packers  (20)
   Patch Packaging Tools  (13)
   Profiler Tools  (11)
   Programming Libraries  (56)
   Regular Expression Tools  (4)
   Resource Editors  (14)
   Reverse Engineering Frameworks  (12)
   Source Code Tools  (12)
   String Finders  (10)
   Symbol Tools  (13)
   System Information Extraction Tools  (10)
   Technical PoC Tools  (8)
   Test and Sandbox Environments  (25)
   Tool Extensions  (178)
   Tool Hiding Tools  (7)
   Tool Signatures  (20)
   Tracers  (23)
   Unpacking Tools  (95)
   Needs New Category  (3)