This is only an Alpha Version...hope you like it. It analyzes a few file formats yet. New Features : MPEG AUDIO Filetype added. Fileinfo detects now over 30 different Compiler/Packager/Crypter.Targa Filetype added.PE-Import Table added.RVA to Physical Address Converter.

File Analyzer written for files recognition. FA recognize many file packers, compilers, encryptors etc. Also FA can recognize many non-exectable files, for example: archives, graphic files, music modules and much more. FA can also list contents of archives.

File Info is the best file recognition program made. It's features include : New DOS-String routine (INT21h/40h) for output ó ðñ - improved sysdriver detection, before sometimes bad color of filename for coff/dos32/adam.. now right - improved pageable list, timer & redirect (Hi VAG!) - bugfixed "MH.+lc" l=1..9, c=0..3,4; at offset 28 - bugfixed analyser error and failed listing output - some small bugfixes in code and layout - Full header information for dos and win eXecutable. - Graphical screen to check file encoding/encrypting. - 9 batchfiles to run externals and file unpacking via typnumbers in this batches available. - Internal file viewer HEX/TXT (no edit!), contains options goto, jump, align, filter and search. - CmdLine parameter for listmode or showmode.

New Features : ELF Header , Minor bug fixes , Some detections.

File Scanner is a freeware program for identifying differrent file formats. Now it can do something more, such as unpacking or decrypting DOS executable files, calculating sizes of directories, handle headers of executables, playing sounds, edit binary files in hex, ascii or asm mode and displaying ANSI pictures. The list of features is still growing.

New Features : Fixed memory leaks in polymorph detections, Bug fixes, More detections

This is a set of tools containing Protector Detector 0.6 and Log Ananlyser 0.5 . Detects many protectors which are not coverser by File Scanner itself .

GetTyp is a file format detection program for DOS. It detects several formats without looking at the filename. It searches the code for special strings and byte code to identify the fileformat.

New Features : Major UPX detection changes.

A very good utility to find some info on any executable. Its a compiler and compressor detection utility. Support for Drag & Drop and Always on Top mode . The interface is cool . It currently detects 45 compilers and 29 compressors . Support for database updates .

I've been working on identifiers for some time now, but none of them had something special, some thing that would make it worth being on someone's³ page. PEACE __is__ special - well, a little bit - because it doesn't only show you the information all other identifiers show, but it also displays the required DLL's and OCX's when identifying a Win32PE, and, for those of you who care about it, it also shows the text that is displayed when executing the Win32PE under Real-DOS-Mode.

PEScan is a nice GUI tool for file identification. It currently supports 30 packers/modifiers and around 6 compilers. Supports commandline and Drag'n'Drop.

Determine archiver, crypter, viruses, compiler, music, images data files, BIOS-chipsets, ... / userfriendly background search / configuration program - DOS, OS/2.

PEWizard is an Win32 executables' manipulating tool. Includes join, split option (like PEUtils), a disassembler, dumper, header viewer, and PE loader recognizer. Recognizes 21 PE-packers, 4 compilers.

PESum will check if a PE file has a correct checksum in its header. If it does not have, PESum will compute the checksum and update the PE file

Here is a useful tool for programmers. When you run this program, it will list all the objects currently loaded in the system along with their handles, classes, and captions. Objects are sorted into a tree grouped by ownership for easy organization. This program is written in non-MFC Win32 C++, and should not need any additional files to run.

ApiHooks allows to execute user code in the context(s) of specified/all local 32bit process(es) in Microsoft Windows (x86,32bit). ApiHooks doesn't use drivers and can operate under NT guest account. ApiHooks doesn't change files or system registry. ApiHooks contains built-in code for (un)loading modules and for hooking APIs. APIs to hook must be exported by modules. Establishing API hooks is something like hooking interrupts in MS DOS - your module(s) is/are per-process resident and catch/es API calls between modules. You can change hooked function parameter(s) before call to original function as well as you can change returned value(s) and buffers contents. ApiHooks exports several useful APIs in DLL that developer can call from her/his programs.

New Features : Remote thread implemented in Win9x , APIHooks is console application.

API-Log shows you how often a API is called by the selected process! Furthermore it provides you the EIP of the call!

New Features : Option for excluding API's from logging, Option for logging packed files.

API Monitor is a software that monitors and displays API calls made by applications. Its a powerful tool for seeing how Windows and other applications work or tracking down problems that you have in your own applications. The current version includes Filters to monitor specific API categories.Other features include API Filters , Process Filters , Error Lookup Tools , an IOCTL Decoder and a Process Loader , support for NT Security API . This version of API Monitor also includes a process loader that can be used to monitor API's called by console mode applications or to monitor API's called very early in the program. It can also be used to monitor API's in programs like RUNDLL32. Note that this feature is still buggy (mostly on Windows 98). If your program seems to hang, terminate "injector" from the task manager.

New Features : Added support to display buffers for Read, Write calls, Registry calls, Windows Sockects and Networking calls , Added filters to monitor Memory Managment and Window Classes API's , Integrated MSDN Help , IOCTL Decoder updated to support over 200 IOCTL codes , Bugfixes , Standard registry keys are now displayed by their names.

It allows to examine any known API functions call that is resolved during the program load time and is given by APIS32. APIS32 will only work with Windows95/98/NT and Win32s applications which will be executed under Windows 95 or Windows 98 platform. It won't spy upon API functions called by 16 bit programs.

APISpy32 is a system-wide API spying utility for Windows 9x/NT/2000 and Millenium. It is capable of intercepting API calls issued by ALL active Windows processes and their attached DLLs. While other API spying utilities can only monitor one application at a time, APISpy32 uses several sophisticated low-level techniques in order to intercept API calls made by EVERY running process, making it the most powerful utility of its kind.

This utility is designed specifically for advanced crackers/assembly programmers who want to create custom code snippets in assembly language. It can generate code snippets and save them as binary files , Support both TASM and MASM , Provide simple integrated PE editor to edit the target file you want to patch , Can patch the code snippet into a target PE file both as a new section and as an addition to an existing section (or PE header) , You can use ANY functions that the target imports in your snippet! This utility will fix the calls for you.

convert.dll 1.1 consits of 5 exported functions: ReadPe , Rvatova , Returnmemp , Cleanup , Getsectioninfo.

This is one cool program that lets to replace files that are currently under use ( like shell32.dll ) . Just add the link to the file and the next time you reboot the files are replaced . Usefull eh!!!

New Features : GUI fixes , Added option to delete locked files , Misc. updates.

This program is used to dump objects or sections, it dumps the code or data that they have, this dumping can have problems if you messed with the pe header and changed the objects size, offset... You can also check the pe header and sections, and change them.

New Features : Added 'ADD' & 'DELETE' section , Now you can add your own sectiosn and delete the ones you don't want ;) , Also note that it add a section with 'DaDumper' in name and no fields filled, you have to correct them and etc etc , Corrected documentation bug, and hex viewer should work 100% now , Restructed some parts of code , Old Section table entry offset catcher was buggy.

This is a little program, which allows you to load a specific DLL into the memory of a running Window Process. Keep in mind however that a DLL won't be loaded into the memory of a crypted file and the program may not work under Win2K.

This program copies the above specified amount of bytes to a destination file of your choice. This way you can copy the wanted portion of a dummy file to your hard disk.

Many ideas from ADump. This proggy has no readme or help file because all commands are explained in the proggy (use the H command).

New Features : Task killer/dumper added (works under win nt/2k ! thx ultraschall ;) , One can dump a process through its WindowTitle , Search command added , Copy and Paste support added , The "d" command was changed a bit.

Filemon is a application that monitors and display all file system activity on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way NT works, seeing how applications use the files and DLLs, or tracking down problems in system or application configurations. Filemon works on NT 3.51, NT 4.0, Windows 2000 (NT 5.0), Windows 95 and Windows 98.

This is a powerful PE scanner and modifier with advanced features incuding veiwing and changing full header info, adding imports, packer and compiler detections, Plugin API's and much more. It has a nice multi-lingual GUI.

New Features : Major improvements.

This programme will replace any export from a DLL with another DLL's export, it performs an automatic loading of the DLL + getting the function's address, then calling it. Could be useful sometimes.

Handle Spy is a tool for programmers. It will give you the handle, class name, caption, and parent handle for any object on the screen under your mouse pointer. This is useful when designing programs that make use of API window management functions. Handle Spy is much like its predecessors, IvySpy and FreeSpy, but Handle Spy is written completely in C, and it will pick up objects that FreeSpy could not (i.e. disabled or hidden controls). This program is written in non-MFC Win32 C++, and should not need any additional files to run.

This tool does exactly what it's supposed to : it calculates hashes. I put the most wide-spreaded hash algos in there, but maybe I'll add more later. Calculation of all hashes from the bunch you can see below for a 700M file takes about 6 minutes on Celeron 400. Features Hashes supported: MD5 SHA-1, RIPEMD-16,0 HAVAL (3, 4, 5 passes; 128, 160, 192, 224, 256 bits), Good old CRC-32: Files up to 4,294,967,295 bytes length can be processed, Drag'n'Drop support, Calculation is performed by separate thread and can be stopped at any time by user, Calculation thread runs at low priority (THREAD_PRIORITY_LOWEST), so you're able to work with other programs while taking hash of some big file Sound signal after lengthy operations.

IczDump (Iczelion's PE Dumper) is yet another in-memory Portable Executable File dumper. However, it's different in subtle ways from other dumpers: it runs in the same process as the target because it's a DLL. Once the DLL is in a process, it has the same privilege as the the target. It can: dump file structures: DOS & PE headers, sections, resources do custom dump: let you specify the address range you want to dump suspend-resume primary thread of the process edit the in-memory PE structures reload PE headers from the target display module list: list all modules in the process. You can load/unload modules. select target module to examine,dump via the module list search the target for import table search the target for thunk dwords (import function addresses) do Import Address Table (IAT) query Furthermore, it's difficult to detect because it doesn't use win32 debug api or any ring-0 tracer. Just about the only way it can be detected is for the target to scan the whole process for it and if that occurs, we can find ways of avoiding the detection.

IID King allows you to add imports to ANY PE file's import table, thereby eliminating the need to have to do LoadLibrary then GetProcAddress and all that other bull to get functions added. It allows you to specify how much MORE zero-padded code you wish to add to the end of the section ".IIDKing" that is created when you change a PE file. This is good if you don't have any useful caves in the file you are modifying :) It has a limit to the amount of dlls you can add, per run of the program. There is no limit to the amount of functions for that one dll though. You can run the program as many times on the program you wish! As long as it has enough room in it's PE header. So say you wanted to add MessageBoxA from user32.dll and DeleteFile from kernel32.dll, you would have to run IID King two times. There is also a file backup feature :)

Import/Export viewer is a util which reads the imported as well as the exported functions of the specified file and shows them to you. No more use of wdasm to just disassemble a proggie to look at the imports/exports.

This tool is designed to rebuild all new imports datas from an corrupted IAT (redirected pointers or not by a PE-packer for example). It reconstructs a new Image Import Descriptor, IAT and all ASCII functions names. So it's not designed for newbies... sorry, you have to read PE docs first.

New Features : Fixed a little bug when there is only one invalid pointer and loader is activated, the dialogbox for entering interval of ripped data/code didn't appear , New Auto-tracer , Improved Ripper scanner , Lots more.

InspectExe allows you to explore and diagnose problems with Win32 applications. It is integrated directly into the Windows® Explorer and appears as a set of extra pages in the Properties sheet for the selected executable file. It can display resources , debug information , Import Tables and other info.

This program makes the reversers life a bit easier by helping generate jump opcodes for VB5/6 P-Code and x86 assembly language. Rather than having to go into calc to manually calculate the opcode, this program will do it for you.

This 'code' logs all conditional jumps in a selected file and writes it into a log-file. you just run jumplog.exe, then select any executable that will be traced (that may take several hours with large overbloated code...) but anyways, give it a try or look at its code.

This is one heck of a tool that really helps in making keygens.There ain't no help files but the interface is cool , self explanatory and it does its job. A must have for all you guys out there ( You know who you are ) ;o)

Kiko is a Resource Dumper. It shows the resource tree of a PE file and permits to dump icons, bitmap, etc. to the hard disk.

New Feautres: Runs on Win2K , Now you can dump a functional Icon froma PE file.

Over the years, the software development community at large has gotten a whole host of valuable information about project management from good old Big Blue (IBM)... I should clarify that, valuable information on how NOT to manager a project. For fun, I decided to resurrect one of their worst ideas ever; K-LOC (or more appropriately, paying programmers based on K-LOC). The K-LOC Calculator is the exact opposite of PCalc, my programmers calculator - this has almost no real world application, but it is fun for the number crunchers out there who want some sort of metric about the project. Sure, the metric is completely arbitrary, but hey, you can feed it into a spreadsheet! heheh... Actually, I would say that K-LOC does have it's uses (a simple way to measure project complexity, perhaps), but there aren't too many. AnalogX K-LOC Calculator can scan any number of files, any wildcard extension, and even recursively check subdirectories. It returns not only the total project K-LOC rating, but the average file K-LOC rating and total file size of the project as well!

LibDump is a Win32 utility tool similar to Microsoft's DumpBin utility except that it can be used to display the contents of library files instead of portable executables and COFF (Common Object File Format) .OBJ files. Source code is available.

LordPE is the successor to PEditor. It's a complete recode of all its features plus new ones added into it. It's coded mainly in C. The main features include a Task Viewer, PE Editor, Break & Enter and a PE Rebuilder. This is a demo version.

New Features : ExportTable viewer , ImportTable viewer - edit thunks of ImageImportDescriptors , Compare PE files , ImportTable rebuilder , Split/Unsplit , Relocation viewer , Enlarge header , Rebuilder , status window , SizeOfOptionalHeader editable , Always on top , Restore last directory on startup , Hex Editboxes support now copy, cut and paste actions , Offset to section table is now calculated dynamically.

This program shows : How get a list of a active process on your PC , How display this list in a list view child window control ,· How to get the handle of a process from the process ID , How to kill a remote process , How dump a portion of memory to hard disk , How to display, edit and dump the characteristics of the sections in a pe module loaded in memory , How load a process etc.

PESam is a little utility which allows easily changing section attributes in PE files. This changes can fool some reverser's tools.

Locpinfo is for NT only and displays info about current processes on local machine.

With MediaRipper32 you can easy rip media (images, music, sounds, animations) from games and other resources. MediaRipper32 can scan multiple files and directories for selected types of files and rip it for you. Ripped formats: Grafics: jpeg , gif , png , bmp , tga , icon; Animations: , avi ,- ani , fli/flc , swf ;Sound and Music: wav.

Memory Dumper Pro makes it easy to manipulate sections of memory within a running process, you can now load, save, copy, and edit sections of memory with the ease of pressing just a few keys. Features include => View Target Process’ 4GB Address Space, Search Function, Full Screen ‘Over Type’ Memory Editing, Fill Function with Multiple Options, Open Multiple Memory Views on Same Process, Work On Multiple Processes. Full Source Codes included in the package.

A very nice utility to "SPY" on what's currently in your systems memory with lots of option and a very nice and easy interface . Another great tool from Toshi.

Multi-purpose File Ripper. In few seconds cleans & clips @ the Right size! Rips from any Demo/Game . Rips over 110 file formats! . Rips 32 libraries! . Local Scan Mode, Full Scan Mode, Fast Scan Mode, Recoursive SCAN. All options are: INI configurables, Generic unpacking system, generic, HackStop remover, Win16/Win32 Resource Decompiler! . Generic resource decompiler. RIP: EXE, DLL, VBX, SCR, CPL, DRV, VXD, OCX. - HEX Viewer, XOR PATTERN Search. Some decription tools with full src. . Delphi, C++ builder executable decompiler.

New Features : Fixed a bug in Fusion Library Extraction. Fixed a bug in Primitive Library Extraction. Fixed a bug in Fusion Library Extraction.

You can view and edit NFO-, DIZ- and of course TextFilez. It's possible to change the Background/Fontcolor and also overstriking the text. A special feature is the integrated Launch to Websites and starts your e-mail prog. You have to doubleclick at the URL (http://; ftp://; www. and ftp.) or E-mailAddy to select it. After selecting shows a button to start corresponding program.

A lil tool that generates opcodes for your far 32 bit jumps/calls, no more Assemble Instruction from SoftIce or computation of the virtual address difference when reversing your targets... plus an useful (imho;) Import Table scanner which will tell you the exact displacement of the various patchspots to call inside the FirstThunk array (no more disasming in order to find what to call when reversing, or looking for the patchspot manually when you want to call an API function inside alien code.Source Code included.

This program is actually a remakes of NeuRaL_NoiSE's opcode generator. His generator had some serious lacks. it was not able to generate short jumps or calls. that is what my opcode generator does depending on the offsets.

New Features : Added interrupts , Added stack operations , Changed layout slightly , Fixed some minor bugs.

If you're a programmer, you've probably downloaded a so-called 'programmers calculator' at least once in your life, only to be sorely disappointed; I'm sorry, but displaying the results in hex and/or binary doesn't make a calculator a 'programmers calculator', nor does making 42 a constant in it either! Someone should do something about this, and someone has... Programmers around the world, your prayers have been answered - Behold AnalogX PCalc, the ULTIMATE programmers calculator. Forget putting up lame buttons with numbers on them; that's fine in the real world, but hardly useful in a GUI, let's instead focus on functionality, and that's just what I did. PCalc allows you to enter any equation in the EXACT same format as C/C++, and it will process it with the same precedence, giving you the results in a variety of formats! PCalc also supports the use of user-defined variables, and also has most of the common constants used already defined.

PE Explorer allows one to see all sorts of info about the internal structure of PE files. The PE ("portable executable") file format is the native format of executable binaries (DLLs, drivers and programs) for the Microsoft Windows 32-bit operating system.

New Features : Loads of fixes and new features.

Shows the most important infos of the PE Header. Shows Section Table and Directory Table. It can split a file into it's sections & PE Header. It is able to make a PE Header win nt/2k compatible. It shows the checksum of a file and is able to correct.

New Features : Import Table rebuilder recoded (not win NT/2k compatible any more, resides now in rebIT.dll...rebIT.txt for more infos) , Realigner recoded (resides now in realign.dll) , Export Table Viewer recoded , Import Table Viewer - now one can add new Imports , one can delete Image Import Descriptors , a refresh button was added (useful for long reversing sessions :) , one can now use return in many edit boxes.

This tool is totally free for use and MUST be freely distributed. It has been made for 2 different aims: - To reduce PE files physical size to its minimum (without compression). This is done by realigning the file and wiping useless padding between sections... - To rebuild a file that has been purely dumped from memory (with a softice dumper for example). Actualy, those files need to be slightly modified in order for them to run properly. This tool automatically fixes section entries in header (size & offset) and is also able to rebuild the import table if needed.

This is a suite of utilities for manipulating PE-format executables. Full source included.

This is a resource fixer for dumped and unpacked files. Documentation in Russian.

This is a simple programm using the Toolhelp-API's and WindowHook-API's. The programm lists all running processes and allows you to kill/dump them. Furthermore you can get all OEPs (OriginalEntryPoints) of the running processes an you can view the modules of a process. In addition it can list all WindowClassNames! You will also find a MessageMonitor, which lists all windowsmessages a process sends and gets!

New Features : Added API-Value-Informer , Added finally SEH.

ProcessHacker is a small tool for selection of the main memory. After selection of a current process and one knows input of a valid Address the memory select starting from the entered address. The announcement can in ascii or hexadecimal way of writing take place.

New Features : Coded in Delphi2 , Some bug fixes.

Process memory manipulator is a win32 application which allows to map the memory of a specified currently running process. SMU Inspector by ???.

This is a wrapper for yoda's famous rebit.dll which rebuilds damaged imports. VC++ source codes included.

Regmon is a application that monitors and display all registry activities on a system. It has advanced filtering and search capabilities that make it a powerful tool for exploring the way system works, seeing how applications use the Windows registry.

The Resource-Grabber will scan the directories and drives on your computer and extract all Bitmaps, Glyphs (button images), Icons, Cursors, Wave sound files, AVI Clips and Cursors it finds inside the programs and DLL files in any directory of your choice. Forget painting all that stuff by yourself; forget hours of searching for Windows-compatible button layouts ... simply use the images that are already on your computer ! The Resource-Grabber will extract them from their "hidden" locations inside DLL and EXE files and give you full access by saving them as regular bitmaps.

This program is intended to help you rebuild *damaged* IAT's from packed/protected programs after dumping. An advanced tool with a tracer for unsolved imports. Includes an example on *notepad.exe* protected by ASProtect.

New Features : Complete Trcaer redesign , Device driver updated for Win2K and WinXP support

RVA converter is a nice tool which converts memory addresses to file offsets and the other way. It allows you to find bytes you saw in a debugger in few seconds.

Little tool that adds sections to any PE file and takes care about size of image, alignments etc.Source Code included.

After you, the user, enters some search info, the program then searches through your computer's files and finds the files that import the dll and/or the functions within the dll you specified in the search info :) "What the hell is this good for?": Well, say you patched mprserv.dll, as I did, to log peoples usernames and passwords. Now, with this program, you can search your system for all the files that use that dll. Because the part you patched could be used by more than one program! Therefore, this program is very helpful.Source Codes inculded.

This simple, console mode utility will verify, and optionally set, the correct checksum of Portable Executables (win32 EXE,DLL,OCX,SCR,etc..). This checksum is required to be accurate for NT device drivers and some system DLLs. C++ source included.

Show DLL dependencies of NE, PE, LE and LX files.

TaskInfo2000 shows information about all running processes and threads (including Windows 9x ring0 VxD threads) in real time. Information about each process includes: threads , CPU usage , scheduling rate , path , open files , command line , environment variables , memory usage , DLLs in usage , and other System information includes: CPU, memory and cache usage , data rates for disk, network, dial-up and other , all open files , CPU identification information (type, model/step etc.) , loaded kernel drivers information , OS version info and system directories , logged user and computer name , IP network host name and IP names/addresses on network adapters , power status (including battery status for portable PCs) TaskInfo also allows to: run new processes , force termination of badly behaving processes , change process priority , shutdown/restart system.

Have you ever run across a piece of software that did something that you couldn't figure out how they did? Or perhaps you suspect that some Microsoft application might be using an undocumented function; in either place,TextScan gives you a quick and easy way to find out details from just about any program. AnalogX TextScan searches any binary file for a minimum and maximum string length, and then returns all occurrences in sorted order... But it doesn't just stop there, it also has the ability to identify most functions and DLL's inside of a file, and even has the ability to extract both char and unichar strings! This is a great first step in getting a better understanding of what's happening inside of a program you're interested in, or even for just looking for the occasional Easter egg!

This is a little application which breaks classical limitation in file patching and avoids the use of loaders/uncompressors.It can add new sections to EXE/DLLs.It can setup space into existing sections.It can redirects the entrypoint to new available area.It can return to old entrypoint once added code is executed.It cannot be detected by antivirus soft since PE structure is changed according compiler/linker specifications. Samples of ASPack and UPX patching without loaders/unpackers are included.

New Features : Earlier version only scan executable PE sections looking for zero padded areas.This version allows scanning all sections.

Ultra Search locates strings and hex numbers in files. The search is performed using one of 8 different methods or combinations of methods. Results of the search are saved by default to a file named " results.txt " .

This is a utility from PC Coding Division. Written entirely in win32asm. It's a handy little utility that you can use to convert virtual addresses seen under SoftICE into file offset that you can use in hex editors. You can specify two modes: Virtual Address or RVA.

This is one cool tool with a huge list of features for its size. It can control the windows of programs, has a process viewer with lots of features and a resource viewer. It can act as a File monitor and a Registry Monitor. It has a 'Menu' and 'Hook' feature which can be quite usefull. It also can show PE-Information of PE files. An all in one tool for all!

This utility makes PE files smaller by aligning them (like virogen's vgalign) and (if processing a non-DLL PE) by removing the .reloc section. That section is added by TLINK32 to the EXE PE files but is not needed there, because all EXEs are loaded to their original image base. It also removes empty waste above and below PE headers and at the end of the file, sets the correct PE checksum and finally recovers the previous times of the file.

New Features : Fixed a bug which prevented the files from running under WinNT.

This is just another PE Realigner with C sources included.

New Features : Nice Mode, Wipe reloc section, Validate PE.