Utilities

Resource Editors

Borland Resource Workshop 4.5 by Borland. Updated: 31.I.1999. Let you edit application's resources. In general, a Windows application's resources are separate from the program code, letting you make significant changes to the interface without even opening the file that contains your program code. This also lets different applications share the same set of resources, so that you don't have to reinvent all your favorite resources. Instead, you can use them over and over.

Symantec ResourceStudio by Symantec. Updated: 31.I.1999. A great resource editor. A bit slow though.

eXeScope 5.00 (385K) by Toshi. Updated: 29.XI.1999. Do you want to customize an application ? For example, to change font, to change menu, to change an arrangement of dialog, etc., but do you think that it is impossible because you have not source files? eXeScope can analyze, display various information, and rewrite resources of executable files, that is, EXE, DLL, OCX, etc. without source files.

Resource Builder 1.0 (1.4M) by SiComponents. Updated: 10.XII.1999. That was long waited since Borland Resource WorkShop 4.5 is happened. Now you have complete powerful tool for visual building RC scripts and resource files for your applications.

File scan tools

EXESCAN 3.21 (70K) by ST!LLS0N. Updated: 12.I.1999. EXESCAN is an executable file analyzer which detects the most famous EXE/COM protectors, packers, converters and compilers.

PEWizard 1.1 by ST!LLS0N. Updated: 05.VIII.1999. PEWizard is an Win32 executables' manipulating tool. Includes join, split option (like PEUtils), a disassembler, dumper, header viewer, and PE loader recognizer. Recognizes 21 PE-packers, 4 compilers.

GetTyp 2.51 by PHaX. Updated: 01.XI.1999. Files: DOS version (159K). Win32 version (201K). - detect 89 archive formats - list 72 archive formats - detect 15 image formats - detect 247 EXE modifier - detect 159 COM modifier - detect 29 EXE/COM compiler - detect 49 PE EXE modifier - detect 18 PE EXE compiler - hugest EXE/COM/PE database - fastest engine - long filename support - updated frequently

File Analyzer v.1.6.11.21.1999 (133K) by Vadim Tarasov. Updated: 23.XI.1999. News: - Too many news to be listed :) File Analyzer written for files recognition. FA recognize many file packers, compilers, encryptors etc. Also FA can recognize many non-exectable files, for example: archives, graphic files, music modules and much more. FA can also list contents of archives.

File Info 2.10 (84K) by M.Hering. Updated: 08.XII.1999. - Full header information for dos and win eXecutable. - Graphical screen to check file encoding/encrypting. - 9 batchfiles to run externals and file unpacking via typnumbers in this batches available. - Internal file viewer HEX/TXT (no edit!), contains options goto, jump, align, filter and search. - CmdLine parameter for listmode or showmode.

TYP 7.11.1999 by Veit Kannegieser. Updated: 12.XII.1999. Files: Dos32 version (282K). Dos version (270K). OS/2 version (304K). - Determine archiver, crypter, viruses, compiler, music, images data files, BIOS-chipsets, ... - userfriendly background search - configuration program - DOS, OS/2

MuLTi RiPPeR 2.70 (794K) by THE WONDERFUL TEAM. Updated: 23.X.1999. - Multi-purpose File Ripper. In few seconds cleans & clips @ the Right size! Rips from any Demo/Game - Rips over 110 file formats! - Rips 32 libraries! - Local Scan Mode, Full Scan Mode, Fast Scan Mode, Recoursive SCAN. All options are: INI configurables, Generic unpacking system, generic, HackStop remover, Win16/Win32 Resource Decompiler! - Generic resource decompiler. RIP: EXE, DLL, VBX, SCR, CPL, DRV, VXD, OCX. - HEX Viewer, XOR PATTERN Search. Some decription tools with full src. - Delphi, C++ builder executable decompiler.

Exe modifiers

PESum v0.02 (51K) by eGIS!/CORE. Updated: 12.I.1999. PESum will check if a PE file has a correct checksum in its header. If it does not have, PESum will compute the checksum and update the PE file.

Virogen's PE Realigner v0.41 (10K) by Virogen. Updated: 06.VI.1999. News: - Fixes minor bug in cases where section physical size is left unaligned by compilers such as LCC. - makes PE exe/dlls smaller - removes unnecessary padding from PEs - removes unncesssary padding from object table - stores new corrrect checksum - does not alter date/time or file attributes

Wipe.Reloc 1.33 (11K) by crayzee. Updated: 02.XII.1999. News: - fixed a bug which prevented the files from running under WinNT. This utility makes PE files smaller by aligning them (like virogen's vgalign) and (if processing a non-DLL PE) by removing the .reloc section. That section is added by TLINK32 to the EXE PE files but is not needed there, because all EXEs are loaded to their original image base. It also removes empty waste above and below PE headers and at the end of the file, sets the correct PE checksum and finally recovers the previous times of the file.

TinyStub 1.1 (5K) by crayzee. Updated: 22.VIII.1999. This tiny utility is for replacing the PE file's dos stub. It doesn't really make the file smaller, but after aligning it with my wipe.reloc its size can be slightly decreased.

STUBEXE 1.055 (18K) by VoidDweller. Updated: 04.VII.1999. - support MZ, PE, LE (beta NE) - optimizes stubs (minimum as could be) - optimizes zero pages, object table - detects & destroys header of packers - DO NOT PACK files

MakePE 1.30 (27K) by G-RoM. Updated: 23.VI.1999. News: - New PE optimizer code. - Added Section Size Optimizer. - Changed Banner Stamp method. MakePE is a PE structure rebuilder. From a dump, made with ProcDump(TM) or with GTR95(TM) or one you did under SoftICE (TM), it will try to rebuild the PE header, import section (when possible) and can reoptimize your dump to reduce it. It can load too a standard PE file and will try to reduce it if you used the '-s' switch.

PE Rebuilder v0.96b by TiTi & Virogen. Updated: 19.X.1999. News: - Added the 'Super-Align' function - Added the 'Wipe .reloc section' function - File Size Decrease percentage indicator in the report dialog - Some minor code fixes - Added the little logo (crucial change :P) This tool is totally free for use and MUST be freely distribued. It has been made for 2 different aims: - To reduce PE files physical size to its minimum (without compression). This is done by realigning the file and wiping useless padding between sections... - To rebuild a file that has been purely dumped from memory (with a softice dumper for example). Actualy, those files need to be slightly modified in order for them to run properly. This tool automatically fixes section entries in header (size & offset) and is also able to rebuild the import table if needed.

PEUtils v1.0 by Andrew de Quincey. Updated: 12.I.1999. This is a suite of utilities for manipulating PE-format executables. Full source included.

BP7PAT 1.2 (6K) by PHaX. Updated: 05.XII.1999. Patches any EXE file compiled by Borland Pascal 7 which has an runtime error 200.

Spy tools

File Monitor 4.26 (74K) by http://www.sysinternals.com. Updated: 22.XI.1999. A very cool low level file access monitor.

Registry Monitor 4.22 (66K) by http://www.sysinternals.com. Updated: 22.XI.1999. A very cool low level registry access monitor.

ApiHooks 1.5 by EliCZ. Updated: 10.XII.1999. Files: ApiHooks (83K). Cdump (9K) dumper example by EliCZ. News: - C support - Better command-line parser. " no longer required. - Process to create can be specified by name without extension and without path if it is located in PATH directories. - r - super quiet, option to suppress displaying of message box, even if there was error. ApiHooks allows developers to watch intermodule communications. Suitable for file monitors, registry monitors, dumpers, antiviruses and unpackers.

Spy & Capture 2.7 (247K) by Kobi Krichmar. Updated: 06.VIII.1999. News: - System Active Processes List added, with Modules dependencies. - Now it is possible to Send Messages to selected window (in "Misc" tab). - Minor bug fixes. Spying tool for Windows 9x/NT. It uses direct mouse positioning to get window properties and all it's objects, styles, classes and process information. If the window is a control you get it's control styles. Also included: - System Active Windows. - System Active Processes (with Modules dependencies). - Window Capture (Included region capture). - Color-Spy (supports HTML color format). - Grabb Password Fields ("***" fields). - Web Update support.

API Spy by Vitaly Evseenko. Updated: 17.VI.1999. Files: API Spy 2.4. Keygen (2K) by Deniska. It allows to examine any known API functions call that is resolved during the program load time and is given by APIS32. APIS32 will only work with Windows95/98/NT and Win32s applications which will be executed under Windows 95 or Windows 98 platform. It won't spy upon API functions called by 16 bit programs.

ATM 2.2 (57K) by Enrico Del Fante. Updated: 03.XII.1999. News: - Better memory stats. - Improved interface (now resizeable). - HEIGHT and WEIGHT command line option added. ATM is a Windows9x-only application ideated for power-users who actually like to handle their systems. It allows you to completely manage the system priority of all processes (and some of their own thread) running. It provides a real-time capability to monitor all processes and threads, to manage them (maybe kill'em all...), and even to spy and control their owned windows.

SMU Inspector (4K) by ???. Updated: 13.IX.1999. A simple windows spy. VB-coded.

Hex editors

Hiew 6.16 (339K) by Eugene Suslikov. Updated: 29.VIII.1999. News: - Pentium-III(R) dis/assembler - Alt-F10 - Leave current file - fix: goto for local offset above .80000000 Basically HIEW (Hacker's view) is a hex viewer for those who need change some bytes in the code (usually 7xh to 0EBh). Hiew is able to view unlimited length files in text/hex modes and in Pentium(R) Pro disassembler mode. Features: - Text/hex mode editor - Built-in Pentium(R) Pro assembler - HIEW is able to create new files - Search and replace mode (can be restricted to block size) - Context-sensitive help (but who needs any goddamned help anyways? HIEW can operate without help file HIEW.HLP) - Search of assembler commands using pattern (for real hackers!)

Biew 5.0.0-pre.10 PRO by Nick Kurshev. Updated: 20.X.1999. BIEW is binary file viewer with build-in editors for binary, hexadecimal & disassembler modes. - Highlight PentiumIII/K6-2 3dNow!/Cyrix disassembler. - Text viewer with codepages CP1251,OEM866,DKOI7/8,EBCDIC. - Full preview of formats MZ, NE, PE, LE, LX, DOS.SYS, NLM, arch, ELF, a.out, coff32, PharLap. - Work with dumps. - Powerful search system. - Mouse support. - Code guider. - DOS, DOS32, OS2, Linux versions available.

QView 2.80.03 (192K) by AGC. Updated: 04.XII.1999. - Editing of files, logical and physical disks, and also 1 Mb of memory in Text/Hex/Asm modes. - Built-in Alt/Win/KOI, and up to 4 user-defined enconding tables. - Support of various LineFeeds. - Support of analysis of headers of 'MZ','PE','NE','LE','LX' files. - Viewing of boot record and MBR disks. - Built-in i486/87 disassembler & i486 assembler. - Tracing of transitions such as jmp/..., etc. - Commenting of a file in assembler viewing mode. - All operations with blocks. - Support of .CRK files. - Built-in calculator (H/D/O/B/Ch). - Multitasking environment friendly. - And much more...

HexIt v1.55 (139K) by Mikael Klasson. Updated: 12.XII.1999. - Built-in assembler (AzmIt) - Calculator - Record & play macros - Built-in disassembler - Configurable keys - Manipulate the EXE-header - Customizeable mousesupport - Compare (w/ lots of options) - Textviewer - Dumpviewer w/ mask-option - Online help - Search & Replace - Goto (absolute or relative) - Clipboard (cut,copy,paste) - Insert & delete bytes - Splitscreen - Use all available mem - Up to 100 files in memory - Native MS-DOS text mode - Native Win32 console mode

Misc.

ShowDLL 0.093 (11K) by VoidDweller. Updated: 06.VII.1999. Show DLL dependencies of NE, PE, LE and LX files.

HASP Emu (105K) by meteo. Updated: 01.XII.1999. This will emulates HASP under Windows 9x and NT. Included full, commented source in asm.