-
-
[转贴]反汇编工具――ETU-Dasm
-
发表于: 2004-11-19 18:25
-
.
转自:exetools.com
ETU-Dasm is a dynamic 32/16-bit disassembler + hexeditor for Win9X and above. Dynamic, because it doesn't create a deadcode listing so you have to wait years (for big programms ) to even have a first look at the code and you can change the code by changing the opcodes directly (either in asm or hex mode) or click on the command (not the parameters) and type in the whole command (though, there are still far too much commands not supported by the opcode.dll .....).
Also ETU has features like scanning all code and executable sections for code (call & jxxx), import, menu and ressource string references (no string reference scanning yet, but you can use the search function + popup menu on the first character of the string to search for a memory reference).
Another useful feature is the "Fixed registers" feature, which allows you to set fixed values for single registers which will be replaced in the showed code, which is especially helpful for programms with relative positioning where everything depends on EBP for example. You can see an example of that feature on our download page at http://www.fuckup5group.de.vu (see button below) (while the page is mainly in German, ETU is completly in English).
One feature we're currently working on is being able to "trace" the programm inside the file by emulating the code execution. This is meant to help replacing stuff like push 12345678 pop eax rol eax,7 xor eax,63826333 by a mov eax,what ever's the result *beinglazy*
Also ChaosCreator is just working on routines to eliminate redundant code like jumps to other jumps or the above code more or less automatically, to naivly help us to analyse ExeCryptorized code (this is our first more intense look at any protectors, so please execuse the naive way we look at these problems )
So, please have a look at our tool and post any suggestions, bugs or things you don't like at all ;D
Greets
Ripper
PS: The 16-bit mode is currently rather broken in the v2.21.
PPS: Oh, I forgot to mention, that it also supports MAP files, which of course is very handy for debugging or other things, if you got the MAP file from IDA, Dede or something like that
附件:ETU-Dasm.zip
转自:exetools.com
ETU-Dasm is a dynamic 32/16-bit disassembler + hexeditor for Win9X and above. Dynamic, because it doesn't create a deadcode listing so you have to wait years (for big programms ) to even have a first look at the code and you can change the code by changing the opcodes directly (either in asm or hex mode) or click on the command (not the parameters) and type in the whole command (though, there are still far too much commands not supported by the opcode.dll .....).
Also ETU has features like scanning all code and executable sections for code (call & jxxx), import, menu and ressource string references (no string reference scanning yet, but you can use the search function + popup menu on the first character of the string to search for a memory reference).
Another useful feature is the "Fixed registers" feature, which allows you to set fixed values for single registers which will be replaced in the showed code, which is especially helpful for programms with relative positioning where everything depends on EBP for example. You can see an example of that feature on our download page at http://www.fuckup5group.de.vu (see button below) (while the page is mainly in German, ETU is completly in English).
One feature we're currently working on is being able to "trace" the programm inside the file by emulating the code execution. This is meant to help replacing stuff like push 12345678 pop eax rol eax,7 xor eax,63826333 by a mov eax,what ever's the result *beinglazy*
Also ChaosCreator is just working on routines to eliminate redundant code like jumps to other jumps or the above code more or less automatically, to naivly help us to analyse ExeCryptorized code (this is our first more intense look at any protectors, so please execuse the naive way we look at these problems )
So, please have a look at our tool and post any suggestions, bugs or things you don't like at all ;D
Greets
Ripper
PS: The 16-bit mode is currently rather broken in the v2.21.
PPS: Oh, I forgot to mention, that it also supports MAP files, which of course is very handy for debugging or other things, if you got the MAP file from IDA, Dede or something like that
附件:ETU-Dasm.zip
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
谢谢fly,下来试试看。。。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TO jdpack :铁甲的作者 ?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
