Welcome to the tool shop. Here you'll find most of the great reversing tools that I've discussed in the tutorials as well as links to several others. If you are just starting out in our honorable trade then you should download most of the tools I've made available here. Please also be sure to respect the copyright of the authors of these programs. Several of the downloads I have linked too are compressed "scene style", this means that you will need to unzip the files and then unrar them, (WinRAR) available from just about anywhere is the tool to do this.
In order to make the most effective use of my web space all of the local downloads on this page have been compressed using WinZip, I'm assuming that all of my visitors will be familiar with this method of compression. To download these tools via your Internet browser you should select the link and then save the file to your local Hard Disk. Most of these downloads are stored locally, if a file isn't available send just one e-mail.
Some of the downloads on this page are files stored locally on my server, as far as I am aware none of the aforementioned files are illegal in any way, BRW for example was given away free by a PC Magazine a few years back, where as MASM is no longer supported by M$. If you have ANY issues regarding my local filebase then please e-mail me and I will quickly remove anything which is a problem. One of my conditions of using this server is no illegal files and I intend firmly to keep to that policy.
As links to the tools we all need inevitably expire on a regular basis, I have password protected the SoftICE v4.01 files on my server. I should point out that they are really only here for my archival use (hence the stripping of the PDF manuals and samples), as I am a legitamate NuMega purchaser this doesn't break any conditions of my licensing agreement.
I HAVE tried the "friendly policy" approach with tools requests yet 50% of my e-mail is still of the form "where is BoundsChecker/IDA/SmartCheck". So visitors if you want tools that you can't see here, yet are prepared to click the banners to support a site, go to http://protools.cjb.net and try your luck with the links. Only genuinely interested new reversers need e-mail me for tools.
Microsoft
ASM v6.14 - Latest version update (~800k).
Turbo Assembler v5.0 Full
- Full version of Borland's TASM. You'll need this to assemble
and link the assembly language source codes on this site. Disk 1 (2.77Mb) & Disk
2 (863k).
MeltICE - David Eriksson's
example of how to detect SoftICE by using CreateFileA to check
for the presence of the vxd, a good method which is sadly too
easy to find and beat (12k).
NuMega's SoftICE v1.3 (Windows 3.1)
- An earlier version of SoftICE for Windows 3.1 (284k).
NuMega's SoftICE v1.54 (Windows 3.1)
- Debugger for Windows 3.1/3.11 (482k).
NuMega's SoftICE v2.62 (DOS)
- The recommended DOS version as used by +ORC (129k).
NuMega's SoftICE v2.8 (DOS) -
The last DOS version (160k).
SoftICE
v4.0 (Win 95/98) - Most recent major release of the only debugger
you'll ever need.
SoftICE v4.01 (Win 95/98) - The
latest minor version. Note that this installation has been stripped
of its samples and PDF manuals. You also need to e-mail me for
the password to unlock the file (2.55Mb).
SoftICE v4.01 (Win NT/2000) -
The latest minor version. As above except for Windows NT/2000
users (3.01Mb).
* These links are for reversers and legal owners of SoftICE only, see my notes above. If you do not have a serial number then the password which is 'vodka' will be of no use to you.
TRW v0.75 for (Windows 95/98) - LiuTaoTao's answer to SoftICE. This is a really awesome debugger and SoftICE junkies should feel right at home with TRW's interface. There are a few niggling bugs but this could be a useful alternative if you are manually unpacking or have a target which dislikes SoftICE (165k).
Borland
Resource Workshop v4.5 - The final version ever shipped of
this great resource decompiler, good for removing those hard to
find nag strings (825k).
eXeScope v4.40 - Really good
resource editor by Toshi (more stable than BRW), a real contender
(413k).
IDA v3.84b Patch - A good patch
and aesthetic keyfile maker for the best disassembler out there
(8k).
isDcc
v1.22 - Based on Wisdec, Andrew De Quincy's InstallShield
script decompiler might be a better choice for newer script files,
especially if you are getting errors from Wisdec, its also significantly
faster however lacks the CRC recalculation i.e. (not for beginners)
(55k).
Sebastien Apel's InstallShield Script
CRC corrector - A simple yet real gem of a tool especially
if you've decompiled or edited a script and want to re-CRC your
changes (25k).
Sourcer
v7.00 - A good DOS based disassembler (~1Mb).
Symantec
ResourceStudio v1.0 16/32 bit - Resource monitoring tool (~1.8Mb).
Visual Basic v3.0 Decompiler -
AshSoft Corporation's VB3 decompiler (1.29Mb).
W32Dasm
Version 8.9 - URSoftware's disassembler is a highly recommended
tool (918k).
W32Dasm Version 8.93 - URSoftware's
latest version (VB5 StringRef enabled) (590k).
Windows
InstallShield Decompiler - A very useful tool indeed by NaTzGUL,
used to decompile setup.ins files (~1Mb).
DongleSpy v1.0 - A monitoring
program for SuperSentinelPro dongles. I'm not really convinced
of the usefulness or accuracy of this tool, being that you require
the dongle, and the program must link the SuperSentinelPro dll.
Try it and see (25k).
DumbHASP - A program used to
dump the memory of HASP dongles in your possession. I've re-tested
this program with 2 HASP dongles as I had a hardware problem previously
and it does now actually seem to work. Invaluable if you have
a HASP using those services which return a byte/word. Ultimately
this is only really useful if you have the original dongle and
it might save you a bit of time working back any checks on certain
services (47k).
HASP Commercial Emulator - Emulation
of pertinent HASP services via vxd/sys (yes this works with NT).
These files found there way to me from a disillusioned commercial
customer of a de-hasping business (i.e. a certain cracking group).
I don't really like this sort of trend towards "profit from
reversing" so I'm making these files public as you can easily
crack the registry entries this emulator uses (57k).
HASP Grabber v0.97.3 - Another
HASP memory dumper which I've not tested personally, may overcome
the limitations of DumbHASP and work with the HASP 496-byte range
(10k).
Safesoft Systems SSI dongle emulator
- Generates vxds for this flavour of dongle (.ssinod section sometimes
present in these targets) (20k).
SenZap v1.2 - (includes WinZap
v2.3 & DosZap v1.2), software to remove existing hardware
dongles (8k).
WKPE Dongle Emulator v1.81 - A
freeware dongle emulator sent to me by the author that claims
to work with 80% of current keys. My own testing however reveals
that this percentage is somewhat optimistic to say the least (203k).
HEdit v2.1.11 - Yuri Softwares'
HEX Editor (179k).
Hex Workshop v2.5 - An easy-to-use
Windows HEX Editor.
Hiew
v6.15 - A fairly recent version of my favourite HEX editor
(345k).
Hiew v6.15 Keymaker - Keyfile
generator for this protection based on RSA (13k).
FrogsICE v0.31 - Good vxd
written by Frogs Print for determining whether your target is
using a number of well-known anti-SoftICE tricks (39k) - Note:
place the vxd in your /SYSTEM directory.
ICEDump Beta 5 - The tool that
NuMega forgot with a neverending array of options, study the source
code, for most versions of SoftICE 95 & selected NT support
(89k).
IceMan's SoftICE helper VxD - Source
code demonstrating how dot command functionality can be added
to SoftICE (3k).
ICEPatch - The Owl's tool to
patch values detected by anti-SoftICE programs, (v3.22/3 w95 only),
these tricks are only really used by big $ programs and probably
older ones at that, if your domain is shareware/retail this isn't
probably an issue for you or your winice (217k).
Letter Opener - The HASP envelope
decryptor by Quine, virtually obselete now but still worth a look
(18k).
McLallo's CD Cops Decryptor v0.9
BETA - More for the games reversers amongst you who might
have encountered this encrypted scheme (31k).
SoftDump 95/NT - A competent
and genuinely useful tool by Quine for dumping memory mapped files
to disk, now surpassed by IceDump (43k).
File Monitor
v4.2 (95/NT) - A capable file monitoring and access tool with
source code (333k).
Forms Spy - A hard to find tool
for spying on applications using forms, e.g. VB and Delphi programs
(129k).
OpenTrap
v1.1 - Another recommended file system activity monitor for
Windows 95 (323k).
Registry Monitor
v4.2 (95/NT) - Monitor registry access with this great tool
by the authors of File Monitor (278k).
VxD Monitor 1.0
- Track Windows VxD's (308k).
Win-eXpose-I/O v2.00 - A very useful
I/O monitoring tool (65k). (Requires msvcrt40.dll / mfc40.dll).
Win-eXpose-Registry v1.00 - A
capable registry monitoring tool (66k). (Requires msvcrt40.dll
/ mfc40.dll).
ASCII Table v2.01 - A convenient
program which displays the ASCII table (13k).
C.u.Dilla - Tool for unwrapping
the C-Dilla protection (will require the original CD though) (16k).
Duelist's 2 part guide to BPX detection
- Recommended reading for protectionists (55k).
FlexLM Key 5 Generator - A useful
tool from prs which generates secret Key 5 using a patched dll
(128k).
Flu[X]'s File Utilities - Appending
& File dumping utilities as well as QPatch (a command line
HEX editor) (12k).
Flu[X]'s Key Generator Includes
- Standard Pascal functions for Key Generator authors (6k).
GPatch v1.2b - Jes's easy to use
and very efficient patcher. Generates com files (3k).
HelpPC
v2.10 - David Jurgens reference guide for Intel assembly language,
includes notes upon Interrupt Services (257k).
InstallShield v5.5 Cabinet Utilities
- Support for the latest .cabinets (97k).
Matt Pietrek's PEDump - Fine PE
dumper, ideal for those of you into packers/unpackers (19k).
Package For The Web Cracker -
A tool from UCF for breaking PFTW installation passwords (21k).
PE Rebuilder v0.95b - Great tool
for general PE editing as well as re-aligning, includes source
code, one for the purists (71k).
PkCrack v1.2 - DOS & Windows
95 versions of this recommended zip password cracker, the only
one I've found that implements a plaintext approach as opposed
to simple brute-force (221k).
Snippet Creator v1.05 - A tool
for programmers by Iczelion, very useful for those of you adding
functionality or rebuilding target PE headers (100k).
SoftICE DevStudio Serial # Generator
- The EGOiSTE'S small program to generate valid DevStudio serial
#'s (2k).
VBRef v1.0 - Adds String References
to VB5 programs disassembled with W32Dasm. Now upstaged by a 2
byte patch but the precursor to a long overdue enhancement (22k).
ASPack v1.08.03 Keymaker -
Keymaker by egis for this competent if simple packer which uses
64-bit RSA (13k).
CUP386 v3.4 - Final version of
this ageing com/exe file unpacker, courtesy of CyberWare/UCF (47k).
j0b's DeShrink
v1.5 - Latest version always available here (276k).
Petite v1.4 - Shareware packer
by Ian Luck (49k).
ProcDump
v1.5 - The very latest version of G-RoM, lorian & Stone's
very capable OO unpacker (103k).
Un-Armadillo - UCF's memory dumper
for this very basic protection system, dubious tool (232k).
If you feel I have missed, or you have personally written any other tools or documents which you think might be useful to reverse engineers please contact me (via e-mail) and I'll make them available here for download.
Sadly fixing 3rd party links is not that high a priority for me, its pretty easy to track down most of these tools with a search engine/FTP search anyhow, if you find a bad url feel free to send me an e-mail but don't expect me to break any world speed records getting it fixed.