Collect computer related tutorials,tools and codes!
- Reverse Engine
- Compiler
- Decompiler
- Hack Program
- Windows Kernel
- Operation System
- Emulator
- Virtualization
- Game Engine
- Fuzzing
-
Framework
-
- code - Triton - Triton is a Dynamic Binary Analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint Engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings.
- code - Tigress_protection - Playing with the Tigress binary protection. Break some of its protections and solve some of its challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.
- pdf - Symbolic Deobfuscation: From Virtualized Code Back to the Original
-
[binwalk]
-
Tools
-
Tutorial
- Book - "Reverse Engineering for Beginners" free book http://beginners.re
- List - List of awesome reverse engineering resources
- Doc - IDAPython - This document contains the API (Application Programming Interface) documentation for IDAPython. Documentation for the Python objects defined by the project is divided into separate pages for each package, module, and class. The API documentation also includes two pages containing information about the project as a whole: a trees page, and an index page.
-
File Format
-
[PE]
- code - PE-sieve - PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.
- code - PEExplorer - Portable Executable Explorer
-
AntiDebug
- code - AntiDebug - 此目录收集整理反调试方法
- code - anti-debug -
- code - -
-
Debug
- code - ret-sync - ret-sync stands for Reverse-Engineering Tools synchronization. It's a set of plugins that help to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg/OllyDbg2/x64dbg) with IDA disassembler. The underlying idea is simple: take the best from both worlds (static and dynamic analysis).
-
IDA
- code - IDAStealth-v1.3.3 - IDA反-反调试插件 IDAStealth v1.3.3, created 06/28/2011, Jan Newger
- code - Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!Ponce (pronounced [ 'poN θe ] pon-they ) is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely written in C/C++.
- code - uEmu - Tiny cute emulator plugin for IDA based on unicorn.
- code - ida-efiutils - Some scripts for IDA Pro to assist with reverse engineering EFI binaries
- code - YaCo - YaCo is an Hex-Rays IDA plugin. When enabled, multiple users can work simultaneously on the same binary. Any modification done by any user is synchronized through git version control.
- code - IDArling - Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays https://idarling.re
- code - keypatch - Multi-architecture assembler for IDA Pro. Powered by Keystone Engine. http://www.keystone-engine.org/keypatch
- code - idasec - IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform
- code - Python_editor - Better CodeEditor for Ida Pro.
- code - IDAPython - IDAPython project for Hex-Ray's IDA Pro http://www.hex-rays.com/
- code - Sark - IDAPython Made Easy http://sark.readthedocs.io
-
x64Dbg
- code - Api-Break-for-x64dbg - x64dbg plugin to set breakpoints automatically to Win32/64 APIs
- code - CeAutoAsm-x64dbg - An x64dbg plugin that allows users to execute Cheat Engine auto assembler scripts within x64dbg.
- code - xAnalyzer - xAnalyzer plugin for x64dbg
-
[OD]
-
VMProtect
-
Tutorial
-
Tools
- code - NoVmp - Writing An Optimizing IL Compiler, For Dummies, By A Dummy: 0x1 Symbolic Expressions
- code - vmp3.2crack - [调试逆向] [虚拟机保护] [原创]VMP3.2授权分析
code-VmpHandlecode-VmP_DBG-This is a VmProtect integrated debugger, that will essentially allow you to disasm and debug vmp partially virtualized functions at the vmp bytecode level. It was made using TitanEngine for the debug engine and Qt for the gui. Do not expect much of it and feel free to report any bugs.code-VMPDBG2-VMPDBG is a (GUI included) debugger and devirtualizer for x86 obfuscted code that was obfuscated by VMProtect. This project was designed only for scientific purposes and / or malware analysis.- code - VMHunt - VMHunt: Extraction and Simplification of Virtualized Binary Code.
- code - pinvmp - PinVMP:虚拟化代码辅助分析工具
- code - VMAttack - VMAttack PlugIn for IDA Pro.IDA Pro Plugin for static and dynamic virtualization-based packed analysis and deobfuscation.VMAttack was awarded the second place at the annual IDA Pro Plug-in Contest in 2016!
- code - VMP_ODPlugin - [原创]VMP分析handler与脱壳插件&源码
-
Implement
-
-
Android
- Tutorial
- book - r2frida-book - The radare2 + frida book for Mobile Application assessment https://www.nowsecure.com
- Tools
- Tutorial
-
IOS
-
UnPack
- code - ConfuserEx-Unpacker - A dynamic confuserex unpacker that relies on invoke for most things
-
Pack/Protect
-
LLVM
-
Tutorial
-
Tools
-
-
Book
- code - dragon-book-exercise-answers - Compilers Principles, Techniques, & Tools (purple dragon book) second edition exercise answers
-
code
- ShivyC - A hobby C compiler created in Python.
- LuaJIT(http://luajit.org/)
- code - ljd - The original name was ljwthgnd as in LuaJIT 'What The Hell is Going On' Decompiler named under the LuaJIT C sources variable naming convention.
- code - decompiler - A decompiler with multiple backend support, written in Python. Works with IDA and Capstone.
- code - recompiler - Xbox360 -> Windows executable converter
-
DDOS
-
Exploit
- code - sploits
- code - awesome-windows-exploitation - A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom
-
Inject
- code - Injectors - DLL/Shellcode injection techniques
- code - DriverInjectDll - Use Driver Global Memory Load DLL
- code - injectAllTheThings - Seven different DLL injection techniques in one single project.
- code - UniversalInject - Windows IME-based DLL injection. Able to inject a DLL without OpenProcess or a process handle being necessary..
-
PS
-
Sandbox
- code - cuckoo - Cuckoo Sandbox is an automated dynamic malware analysis system http://www.cuckoosandbox.org
- code - cuckoo-modified - Modified edition of cuckoo.
- code - CAPE - Malware Configuration And Payload Extraction https://cape.contextis.com/analysis.CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware reverse engineering and threat intelligence.
-
DB
- code - LeakLooker - Find open databases with Shodan
-
Tools
-
Bootkit
-
Rootkit
-
File System
-
Tutorial
- os_course_info - 清华大学操作系统课程(2018)
- code - ucore_os_lab - os kernel labs for operating systems course in Tsinghua University.
- Cmulator - code - Cmulator is ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries . Based on Unicorn & Capstone Engine & javascript
- Client
- cocos2d
- code - cocos2d-x - Cocos2d-x is a suite of open-source, cross-platform, game-development tools used by millions of developers all over the world.
- code - Quick-Cocos2dx-Community - Cocos2d-Lua 社区版 http://www.cocos2d-lua.org
- bs::framework
- cocos2d
- Server
-
- code - SuperSocket - SuperSocket is a light weight, cross platform and extensible socket server application framework.
- code - SuperSocket.ClientEngine - A .NET library which can make your socket client development easier
-
forgottenserver
- code - forgottenserver - A free and open-source MMORPG server emulator written in C++ https://otland.net/
-
Simple-Web-Server
- code - Simple-Web-Server - A very simple, fast, multithreaded, platform independent HTTP and HTTPS server and client library implemented using C++11 and Boost.Asio. Created to be an easy way to make REST resources available from C++ applications.
-
- Game
- applepie
- code - A hypervisor for fuzzing built with WHVP and Bochs