The Tool Shop

Welcome to the tool shop. Here you'll find most of the great reversing tools that I've discussed in the tutorials as well as links to several others. If you are just starting out in our honorable trade then you should download most of the tools I've made available here. Please also be sure to respect the copyright of the authors of these programs. Several of the downloads I have linked too are compressed "scene style", this means that you will need to unzip the files and then unrar them, (WinRAR) available from just about anywhere is the tool to do this.

Downloads

In order to make the most effective use of my web space all of the local downloads on this page have been compressed using WinZip, I'm assuming that all of my visitors will be familiar with this method of compression. To download these tools via your Internet browser you should select the link and then save the file to your local Hard Disk. Most of these downloads are stored locally, if a file isn't available send just one e-mail.

File Base Notes

Some of the downloads on this page are files stored locally on my server, as far as I am aware none of the aforementioned files are illegal in any way, BRW for example was given away free by a PC Magazine a few years back, where as MASM is no longer supported by M$. If you have ANY issues regarding my local filebase then please e-mail me and I will quickly remove anything which is a problem. One of my conditions of using this server is no illegal files and I intend firmly to keep to that policy.

Important

As links to the tools we all need inevitably expire on a regular basis, I have password protected the SoftICE v4.01 files on my server. I should point out that they are really only here for my archival use (hence the stripping of the PDF manuals and samples), as I am a legitamate NuMega purchaser this doesn't break any conditions of my licensing agreement.

I HAVE tried the "friendly policy" approach with tools requests yet 50% of my e-mail is still of the form "where is BoundsChecker/IDA/SmartCheck". So visitors if you want tools that you can't see here, yet are prepared to click the banners to support a site, go to http://protools.cjb.net and try your luck with the links. Only genuinely interested new reversers need e-mail me for tools.

Assemblers

Microsoft ASM v6.14 - Latest version update (~800k).
Turbo Assembler v5.0 Full - Full version of Borland's TASM. You'll need this to assemble and link the assembly language source codes on this site. Disk 1 (2.77Mb) & Disk 2 (863k).

Debuggers & NuMega

MeltICE - David Eriksson's example of how to detect SoftICE by using CreateFileA to check for the presence of the vxd, a good method which is sadly too easy to find and beat (12k).
NuMega's SoftICE v1.3 (Windows 3.1) - An earlier version of SoftICE for Windows 3.1 (284k).
NuMega's SoftICE v1.54 (Windows 3.1) - Debugger for Windows 3.1/3.11 (482k).
NuMega's SoftICE v2.62 (DOS) - The recommended DOS version as used by +ORC (129k).
NuMega's SoftICE v2.8 (DOS) - The last DOS version (160k).
SoftICE v4.0 (Win 95/98) - Most recent major release of the only debugger you'll ever need.
SoftICE v4.01 (Win 95/98) - The latest minor version. Note that this installation has been stripped of its samples and PDF manuals. You also need to e-mail me for the password to unlock the file (2.55Mb).
SoftICE v4.01 (Win NT/2000) - The latest minor version. As above except for Windows NT/2000 users (3.01Mb).

* These links are for reversers and legal owners of SoftICE only, see my notes above. If you do not have a serial number then the password which is 'vodka' will be of no use to you.

TRW v0.75 for (Windows 95/98) - LiuTaoTao's answer to SoftICE. This is a really awesome debugger and SoftICE junkies should feel right at home with TRW's interface. There are a few niggling bugs but this could be a useful alternative if you are manually unpacking or have a target which dislikes SoftICE (165k).

Decompilers/Disassemblers/Resource Editors

Borland Resource Workshop v4.5 - The final version ever shipped of this great resource decompiler, good for removing those hard to find nag strings (825k).
eXeScope v4.40 - Really good resource editor by Toshi (more stable than BRW), a real contender (413k).
IDA v3.84b Patch - A good patch and aesthetic keyfile maker for the best disassembler out there (8k).
isDcc v1.22 - Based on Wisdec, Andrew De Quincy's InstallShield script decompiler might be a better choice for newer script files, especially if you are getting errors from Wisdec, its also significantly faster however lacks the CRC recalculation i.e. (not for beginners) (55k).
Sebastien Apel's InstallShield Script CRC corrector - A simple yet real gem of a tool especially if you've decompiled or edited a script and want to re-CRC your changes (25k).
Sourcer v7.00 - A good DOS based disassembler (~1Mb).
Symantec ResourceStudio v1.0 16/32 bit - Resource monitoring tool (~1.8Mb).
Visual Basic v3.0 Decompiler - AshSoft Corporation's VB3 decompiler (1.29Mb).
W32Dasm Version 8.9 - URSoftware's disassembler is a highly recommended tool (918k).
W32Dasm Version 8.93 - URSoftware's latest version (VB5 StringRef enabled) (590k).
Windows InstallShield Decompiler - A very useful tool indeed by NaTzGUL, used to decompile setup.ins files (~1Mb).

Dongle Utilities

DongleSpy v1.0 - A monitoring program for SuperSentinelPro dongles. I'm not really convinced of the usefulness or accuracy of this tool, being that you require the dongle, and the program must link the SuperSentinelPro dll. Try it and see (25k).
DumbHASP - A program used to dump the memory of HASP dongles in your possession. I've re-tested this program with 2 HASP dongles as I had a hardware problem previously and it does now actually seem to work. Invaluable if you have a HASP using those services which return a byte/word. Ultimately this is only really useful if you have the original dongle and it might save you a bit of time working back any checks on certain services (47k).
HASP Commercial Emulator - Emulation of pertinent HASP services via vxd/sys (yes this works with NT). These files found there way to me from a disillusioned commercial customer of a de-hasping business (i.e. a certain cracking group). I don't really like this sort of trend towards "profit from reversing" so I'm making these files public as you can easily crack the registry entries this emulator uses (57k).
HASP Grabber v0.97.3 - Another HASP memory dumper which I've not tested personally, may overcome the limitations of DumbHASP and work with the HASP 496-byte range (10k).
Safesoft Systems SSI dongle emulator - Generates vxds for this flavour of dongle (.ssinod section sometimes present in these targets) (20k).
SenZap v1.2 - (includes WinZap v2.3 & DosZap v1.2), software to remove existing hardware dongles (8k).
WKPE Dongle Emulator v1.81 - A freeware dongle emulator sent to me by the author that claims to work with 80% of current keys. My own testing however reveals that this percentage is somewhat optimistic to say the least (203k).

HEX Editors

HEdit v2.1.11 - Yuri Softwares' HEX Editor (179k).
Hex Workshop v2.5 - An easy-to-use Windows HEX Editor.
Hiew v6.15 - A fairly recent version of my favourite HEX editor (345k).
Hiew v6.15 Keymaker - Keyfile generator for this protection based on RSA (13k).

HCU Tools

FrogsICE v0.31 - Good vxd written by Frogs Print for determining whether your target is using a number of well-known anti-SoftICE tricks (39k) - Note: place the vxd in your /SYSTEM directory.
ICEDump Beta 5 - The tool that NuMega forgot with a neverending array of options, study the source code, for most versions of SoftICE 95 & selected NT support (89k).
IceMan's SoftICE helper VxD - Source code demonstrating how dot command functionality can be added to SoftICE (3k).
ICEPatch - The Owl's tool to patch values detected by anti-SoftICE programs, (v3.22/3 w95 only), these tricks are only really used by big $ programs and probably older ones at that, if your domain is shareware/retail this isn't probably an issue for you or your winice (217k).
Letter Opener - The HASP envelope decryptor by Quine, virtually obselete now but still worth a look (18k).
McLallo's CD Cops Decryptor v0.9 BETA - More for the games reversers amongst you who might have encountered this encrypted scheme (31k).
SoftDump 95/NT - A competent and genuinely useful tool by Quine for dumping memory mapped files to disk, now surpassed by IceDump (43k).

Monitoring / Spying Tools

File Monitor v4.2 (95/NT) - A capable file monitoring and access tool with source code (333k).
Forms Spy - A hard to find tool for spying on applications using forms, e.g. VB and Delphi programs (129k).
OpenTrap v1.1 - Another recommended file system activity monitor for Windows 95 (323k).
Registry Monitor v4.2 (95/NT) - Monitor registry access with this great tool by the authors of File Monitor (278k).
VxD Monitor 1.0 - Track Windows VxD's (308k).
Win-eXpose-I/O v2.00 - A very useful I/O monitoring tool (65k). (Requires msvcrt40.dll / mfc40.dll).
Win-eXpose-Registry v1.00 - A capable registry monitoring tool (66k). (Requires msvcrt40.dll / mfc40.dll).

Miscellaneous/Other

ASCII Table v2.01 - A convenient program which displays the ASCII table (13k).
C.u.Dilla - Tool for unwrapping the C-Dilla protection (will require the original CD though) (16k).
Duelist's 2 part guide to BPX detection - Recommended reading for protectionists (55k).
FlexLM Key 5 Generator - A useful tool from prs which generates secret Key 5 using a patched dll (128k).
Flu[X]'s File Utilities - Appending & File dumping utilities as well as QPatch (a command line HEX editor) (12k).
Flu[X]'s Key Generator Includes - Standard Pascal functions for Key Generator authors (6k).
GPatch v1.2b - Jes's easy to use and very efficient patcher. Generates com files (3k).
HelpPC v2.10 - David Jurgens reference guide for Intel assembly language, includes notes upon Interrupt Services (257k).
InstallShield v5.5 Cabinet Utilities - Support for the latest .cabinets (97k).
Matt Pietrek's PEDump - Fine PE dumper, ideal for those of you into packers/unpackers (19k).
Package For The Web Cracker - A tool from UCF for breaking PFTW installation passwords (21k).
PE Rebuilder v0.95b - Great tool for general PE editing as well as re-aligning, includes source code, one for the purists (71k).
PkCrack v1.2 - DOS & Windows 95 versions of this recommended zip password cracker, the only one I've found that implements a plaintext approach as opposed to simple brute-force (221k).
Snippet Creator v1.05 - A tool for programmers by Iczelion, very useful for those of you adding functionality or rebuilding target PE headers (100k).
SoftICE DevStudio Serial # Generator - The EGOiSTE'S small program to generate valid DevStudio serial #'s (2k).
VBRef v1.0 - Adds String References to VB5 programs disassembled with W32Dasm. Now upstaged by a 2 byte patch but the precursor to a long overdue enhancement (22k).

Packers / Unpackers

ASPack v1.08.03 Keymaker - Keymaker by egis for this competent if simple packer which uses 64-bit RSA (13k).
CUP386 v3.4 - Final version of this ageing com/exe file unpacker, courtesy of CyberWare/UCF (47k).
j0b's DeShrink v1.5 - Latest version always available here (276k).
Petite v1.4 - Shareware packer by Ian Luck (49k).
ProcDump v1.5 - The very latest version of G-RoM, lorian & Stone's very capable OO unpacker (103k).
Un-Armadillo - UCF's memory dumper for this very basic protection system, dubious tool (232k).

Additions

If you feel I have missed, or you have personally written any other tools or documents which you think might be useful to reverse engineers please contact me (via e-mail) and I'll make them available here for download.

Links not functional? 404 Errors?

Sadly fixing 3rd party links is not that high a priority for me, its pretty easy to track down most of these tools with a search engine/FTP search anyhow, if you find a bad url feel free to send me an e-mail but don't expect me to break any world speed records getting it fixed.

Return to Main Index
© 1999 CrackZ. 4th November 1999.