Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Immunity Degugger, OllyDbg #65

Closed
Bang1338 opened this issue Mar 12, 2023 · 9 comments
Closed

Add Immunity Degugger, OllyDbg #65

Bang1338 opened this issue Mar 12, 2023 · 9 comments
Assignees
Labels
tool-request Request to add a new tool

Comments

@Bang1338
Copy link

Bang1338 commented Mar 12, 2023

Debugger

  • Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
    https://www.immunityinc.com/products/debugger/

  • OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
    https://www.ollydbg.de/

Network

- Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

- nmap is a free and open source utility for network discovery and security auditing. https://nmap.org/

PE analyser

Disassembler (missing)

- IDA Freeware: https://hex-rays.com/ida-free/

@merces
Copy link
Contributor

merces commented Mar 13, 2023

Hi @Bang1338. Thanks for suggesting these tools. Here are the reasons why I don't think it is worth adding them though:

  • When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
  • nmap is not really useful for software reverse engineering, is it?
  • PEiD is old and by now probably completely superseded by DIE/Exeinfo PE.
  • Hex-Rays does not allow anyone else to redistribute IDA.

Thanks!

@merces merces self-assigned this Mar 13, 2023
@merces merces added the tool-request Request to add a new tool label Mar 13, 2023
@ExeinfoASL
Copy link

ExeinfoASL commented Mar 13, 2023

PEiD is old try Exeinfo PE

:-)

@merces
Copy link
Contributor

merces commented Mar 13, 2023

PEiD is old try Exeinfo PE

Indeed, Exeinfo PE is there. :)

@ExeinfoASL
Copy link

@merces
Copy link
Contributor

merces commented Mar 13, 2023

main : https://github.com/ExeinfoASL/ASL

I meant it is already part of the kit. The wiki entry links to http://www.exeinfo.xn.pl/

@Bang1338
Copy link
Author

PEiD is old try Exeinfo PE

:-)

I agreed.

@Bang1338 Bang1338 changed the title Add Wireshark, nmap (ZenMap), PEiD, IDA Freeware Add Immunity Degugger, OllyDbg, Wireshark, nmap (ZenMap), PEiD, IDA Freeware Mar 24, 2023
@Bang1338
Copy link
Author

Bang1338 commented Mar 25, 2023

Hi @Bang1338. Thanks for suggesting these tools. Here are the reasons why I don't think it is worth adding them though:

  • When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
  • nmap is not really useful for software reverse engineering, is it?
  • PEiD is old and by now probably completely superseded by DIE/Exeinfo PE.
  • Hex-Rays does not allow anyone else to redistribute IDA.

Thanks!

Oh, now i realized :)

  • When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
    Bang1338: Just like any.run?
  • nmap is not really useful for software reverse engineering, is it?
    Bang1338: Yeah I agreed, but somehow it's useful for scanning license server and hack it? Good idea?
  • PEiD is old and by now probably completely superseded by DIE/Exeinfo PE.
    Bang1338: Like I said before, I agreed with that.
  • Hex-Rays does not allow anyone else to redistribute IDA.
    Bang1338: I agreed. Hex-Rays is very greedy btw

@Bang1338 Bang1338 changed the title Add Immunity Degugger, OllyDbg, Wireshark, nmap (ZenMap), PEiD, IDA Freeware Add Immunity Degugger, OllyDbg Mar 25, 2023
@merces
Copy link
Contributor

merces commented May 27, 2023

When analyzing malware, you usually capture the VM traffic from the host machine using either Wireshark or any other software. So, no need to have Wireshark in the malware VM IMHO.
Bang1338: Just like any.run?

I meant you can capture the VM traffic using your host OS. It's safer and faster. 😊 But Wireshark/tshark could still be useful for localhost traffic capture for example.

nmap is not really useful for software reverse engineering, is it?
Bang1338: Yeah I agreed, but somehow it's useful for scanning license server and hack it? Good idea?

Indeed. Will be in the next release. Thanks!

merces added a commit that referenced this issue May 27, 2023
merces added a commit that referenced this issue May 31, 2023
@Bang1338
Copy link
Author

Bang1338 commented Jun 5, 2023

nice!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tool-request Request to add a new tool
Projects
None yet
Development

No branches or pull requests

3 participants