Jay Taylor's notesback to listing index
Luigi Auriemma[web search]
Original source (aluigi.altervista.org)
Tags: programming hacking tools decompilation reverse-engineering luigi-auriemma aluigi.altervista.org
Clipped on: 2020-02-07
open source programs created by me for fun or requirement.
read here if you don't know how to use my stuff and tips for their recompiling
- Offbreak 0.3.4 (offbreak)
tool for monitoring the offsets of specific files read and written by a target program and breaks its execution for debugging it.
Offbreak can set an INT3, set an hardware and software breakpoint, automatically attach the system debugger and display a MessageBox when the monitored files and offsets are handled by the target.
to make the debugging more easy, Offbreak sets some registers to show the buffer containing the data read/written, the amount of bytes in the operation, name of the API and full name of the file.
additional information are available at runtime.
- DAA2ISO / GBI2ISO 0.1.7e (daa2iso) .image.
program for converting the DAA and GBI files ("Direct Access Archive" used by PowerISO and gBurner) to ISO.
on Windows the tool works from both command-line and GUI (double-click on daa2iso.exe).
supports multi part files too.
- UIF2ISO 0.1.7c (uif2iso) .image.
program for converting the UIF files (Universal Image Format, used by MagicISO) to uncompressed images depending by the input file type: ISO, BIN/CUE, MDS/MDF, CCD/IMG/SUB and NRG.
on Windows the tool works from both command-line and GUI (double-click on uif2iso.exe).
supports multi part files too.
- myRTP command-line interface 0.1.1a (myrtp)
basic tool that acts as an interface for the RTPatch patchw32.dll allowing to specify all the available options supported by this library.
it's very useful in my tests when I have only some files of the target software (usually a game) and so I can patch the available files using the -ignoremissing option, or maybe for going back of some versions.
the provided patchw32.dll is version 12.00, while a more recent version 12.21 is available here.
- wav4xm 0.1 (wav4xm)
simple tool I have written to clean my PCM wave instruments used in FastTracker and other music trackers:
- convert to mono 16bit
- remove initial/final silence
support for single wav file or a whole folder (that's how I cleaned all my collection)
- x86 32bit calling conventions 0.2.2a (calling_conventions)
set of wrapping functions for being able to use dumped functions that use particular calling conventions not available or not easy to implement in the own compiler.
for example the stdcall and cdecl conventions are supported natively in almost any compiler but the others don't, and this is where this wrapper becomes useful.
calling conventions supported by the wrapper: cdecl, stdcall, thiscall, msfastcall, borland, pascal, watcom, safecall, syscall, optlink and clarion.
gcc only compatible (works with both cygwin and mingw).
- dump2func ripped functions skeleton generator 0.1.1 (dump2func)
simple tool that creates a C source code for using one or a set of dumped/ripped functions with the automatic handling of the static/fixed buffers and the compatibility with DEP.
for example sometimes happens to have a pre-compiled function that does a particular job (like an algorithm) but it's too long or is composed by others sub-functions or simply there is no time and desire to reverse it.
so this tool can "help" (a reviewing and modification of the results is EVER necessary!) in the usage of the ripped function avoiding to spend much time, just pass the binary dumped function to it.
the binary dump must contain all the part of code (sub-functions included) executed by the function, so from the first to the last byte that could be executed (example: sub1 sub2 function sub3 sub4 sub5).
- Executable's strings lister and replacer 0.2.3a (exestringz) .image.
this tool has the main purpose of finding any ASCII and unicode string inside PE and ELF executables with the possibility of modifying them using any external text editor and re-injecting them in the original executable.
technically the finding of the strings works in the following way: it disassembles all the executable sections of the input file (like .text, only x86 32 bit supported) and visualizes any string or any array of strings, so any instruction like push "string" or mov eax, "string" or mov eax, "[4*edx+array]" and so on is handled perfectly.
instead the injecting of the modified strings back in the executable (ELF not supported) is performed through the adding of a new "stringz" section which contains all the new strings and the substituiting of all the pointers to those strings collected in the "finding" operation with the new ones (relocation).
the tool can be also used as a quick and advanted strings program (the one available on *nix) with the difference that the strings found by exestringz are not casuals but are found and confirmed by the disassembled code avoiding false positives.
anyway through the -b option the tool can acts exactly like the strings program and naturally can also re-import the modified strings.
there is also an "experimental" option specific for the asian utf8 which was also the reason of the initial creation of this tool for the translating of a japanese game.
note that for obvious technical reasons is not possible to export and reimport ever all the strings for any executable because in some cases (usually with big programs) could be generated false positives, anyway the output file generated by the tool is very easy to understand and edit so it's not a problem.
- the end_of_line (carriage return/line feed) is left as was in the original string, so the result is that the output file could have a "mixed" style of unix ('\n') and windows ('\r\n'), and some text editor could try to convert the whole text in or the other style causing troubles (for example overwriting other strings or resources in the executable)
- the recognization of the english strings is ok since that charset is enough limited but for the others it's just a chaos
anyway the tool is still a work-in-progress...
- Bynaryo 0.1 (bynaryo) .image.
tool for converting binary strings to ASCII or to numbers of 8, 16, 32 and 64 bits (both big and little endian) and vice versa for example for converting "hello" in 0110100001100101011011000110110001101111 and then again in "hello".
the tool is able to recognize the input automatically and so choosing the needed conversion, anyway there are various options available which allow to force a specific conversion, using a file as input or output, choosing if the input/output is a hex or decimal number or an ASCII char and doing the hex dump of the output.
- hosts file/list DNS checker 0.1 (hostsdns) .image.
tool which checks if the hostnames listed in a file or contained in a hosts file can be resolved or not.
supports multi-threading, logging, delay between each query and allows to choose the type of primary query (A record by default) and a backup one in case the first fails (for example A and then NS).
thanx a lot to Andrew Short of Global Advert Servers Blocklist for all the ideas, suggestions and testing of the tool on over 100000 hosts.
- webimgms 0.1.2b (webimgms)
experimental tool for refreshing the same image or a sequence of images and for slide shows.
works on both local and remote web images and allows to dump them too.
it's fully configurable for specifying an exact format of the files (in C printf style like %d or %08x) and has also some other small options.
it uses SDL, SDL_image and SDL_resize to work (all the needed runtime files for Windows are already in the package).
one of its ideal usages is with the recorded streams of jmeetrec and awcamrec or with static URLs like those used to monitor the cars traffic and other webcams or collections of images.
- NRG2CUE generator 0.1.1 (nrg2cue)
simple tool which generates a CUE file (the one of the couple BIN/CUE) from a NRG one, both NRG v1 and v2 supported.
it can also dump the ISO by specifiying the output file as second argument from the command-line.
- Mydown 0.4 (mydown) .image.
HTTP/HTTPS file downloader based on mydownlib library with various features like multi-threading, multiple downloads and mirrors, SSL, list of URLs, list of files to download from the same URL with incremental fields, customization of the HTTP fields, and more.
very useful as simple stand-alone downloader and for testing purposes.
from version 0.4 mydownlib is distributed in this package.
- MORSE2ASCII 0.2 (morse2ascii)
experimental tool for decoding the morse codes from a PCM WAV file using a volume/peak based method.
the tool can also decode the morse codes from text and RAW PCM files.
it contains some options for parsing abbreviations, prosigns and qcodes.
- Morse generator 0.2.1 (morsegen)
simple tool for converting an input file to morse notation, like ...---... for SOS.
- DTMF2NUM 0.1.1 (dtmf2num) .image.
useful tool for decoding the DTMF and MF tones from PCM wave files
supports any type of wave file (frequencies, channels and 8, 16, 24 and 32 bits), automatic optimizations (DC bias adjust and normalization) and both WAV and raw PCM data.
the program has been successfully tested with many audio files and moreover with those highly dirt and damaged, for example recorded with a microphone in a room or at a very low volumes or with some noise.
- myftpidx 0.1.3 (myftpidx) .image.
tool for indexing recursively any file available inside a FTP server or one of its folders.
it has options for verbose output, full or relative URL, fields to visualize and HTML output.
I wrote it because sometimes happens to need a specific file or a set of files available on a FTP server but we don't know in what folder they are located or if exist different and most updated versions and copies of that program/file, so this tool lists all the names and sizes of the files inside a specific FTP directory or just in the entire server for allowing an easy searching of these files in the local list.
note: the tool works only with *nix servers and at the moment is no longer supported.
- Proxymini 0.2.3 (proxymini) .image.
proxy server that fully supports all the following protocols: HTTP, HTTP CONNECT (for HTTPS and so on), SOCKS4 (TCP and TCP bind) and SOCKS5 (TCP, TCP bind and UDP).
it's designed to be small and for being used in trusted environments where there is no need of complex or advanced options and other boring things, double click on it and it will work immediately.
it supports also some options like binding a specific interfaces for incoming or outgoing connections, custom port to bind (default is 8123), stdout and file verbose logging.
the tool works also as a Windows service.
please note that this tool is not good for production, the problem resides in the DNS caching mechanism which is not perfect; you can disable it with the -D function that hopefully would rely on the caching of the OS (for example Windows DNS Client).
- Signsrch 0.2.4 (signsrch) .image.
tool for searching signatures inside files, extremely useful in reversing engineering for figuring or having an initial idea of what encryption/compression algorithm is used for a proprietary protocol or file.
it can recognize tons of compression, multimedia and encryption algorithms and many other things like known strings and anti-debugging code which can be also manually added since it's all based on a text signature file read at runtime and easy to modify.
supports multithreading, scanning of folders using wildcards, scanning of processes, conversion of the executables offsets in memory offsets, loading of custom signature files and their automatic checking for avoiding errors, automatic finding of the instructions that reference the found signatures (like "Find references" of Ollydbg) and the launching of an executable placing an INT3 byte at the desired memory offset (for example one of those retrieved with the -F option, watch the Video setion for an example).
the tool supports 8, 16, 32 and 64 bits, float and double plus automatic CRC table creation and C style strings.
feel free to send me your comments and new signatures.
the latest signsrch.sig file is available here: 23 Jul 2016
- CMDsock 0.1.2b (cmdsock) .image.
simple tool which acts like a telnet server (or shell binder) and works on any Windows and *nix OS.
supports some options for setting a password, changing the listening port and interface, reverse shell (the tool connects to a specific host:port) available also over UDP and automatic LF to CR/LF conversion.
NOTE that this program is experimental yet and exist some bugs, for example it's not possible to stop the execution of the programs and on Windows is not possible to use stdin.
the tool can be compiled also as a dll for using it with RunDll32: RunDll32 cmdsock.dll,cmdsock@16 arg1 arg2 ... argN
- MyWAV 0.1.1 (mywav)
simple set of (uncommented) functions for reading and writing WAV headers.
an example of how to use them is WAVEhead in the TestingToolz section.
- BDE64 0.2.3 (bde64) .image.
quick tool which performs base64 decoding and encoding.
supports both stdin and stdout, automatic hex dump visualization if no output file has been specified, Gamespy base64 decoding, HTTP URL base64 decoding (%) and automatically ignores spaces, bad chars and uuencode's begin (like begin-base64 644 file).
- Lanfile 0.1.6 (lanfile) .image.
quick tool for sending and receiving files with many features: MD5 hash, multiplatform, large file support, listen and connect mode for using it when is not possible to receive connections (NAT/router), file resuming, compression, password (APOP-like), execution of commands when each file is received, allowed hosts, stdin, encryption, xor and others.
it's really a very useful and simple tool, perfect for LAN and for my personal needs.
read the text file inside.
- ICMPInfo 0.2 (icmpinfo) .image.
tool that uses ICMP type 13 (timestamp RFC792) and 17 (netmask RFC950) for retrieving the current time and the netmask of a remote host.
- Simple UDP proxy/pipe 0.4.1 (sudppipe) .image.
advanced UDP proxy/datapipe/packets forwarder and modifier with multiple functions.
a datapipe is like a minimalistic proxy which acts as a bridge for connecting to a specific host, so the input connection can be any UDP client while the output is ever the same IP:port (clients->sudppipe->target).
it supports multiple clients allowed, creation of tcpdump capture files (like a sniffer), packets forwarding (chat style, each packet is forwarded to all the other clients and server connected), packets injection (the tool opens a specific UDP port to which is possible to send the customized packets that will be sent to the server), support for multiple target hosts plus some interesting options for controlling the outgoing sockets, hexadecimal visualization and plugins support for the modification and visualization of the packets (supports also the mysendto and myrecvfrom functions of the plugins of Proxocket).
in the package there are also some example plugins: Zdaemon huffman, Doom huffman, Half-life decoding and one for the replacement of the text strings.
the plugins (which work on both Windows and Linux) are very basic to create and use, just take a look at example_sudp.c for more details.
- DCE Messenger 0.1a (dcemsg)
this tool is able to send the DCE messages become infamous due to their usage for spamming home users, as far as I know and in my tests SP2 no longer supports them.
all the packets are created from scratch, that's why it can be used from non Windows systems too.
- Net send spoofer 0.2.1 (netsends / netsendz)
the name says all: it sends the winpopup messages with spoofed source.
it contains a normal version for Windows and a Netbios-free version which can be used on any operating system since builds the packet in real-time.
supports also some interesting options like the loading of the message from a file, multiple destinations (IP and hostnames) and the funny/lame message flooding.
- THEGUI 0.3.1 (thegui) .image.
THEGUI is an almost universal front-end for many command-line programs which works on both Windows and Linux because it uses the GTK+ library.
it has been successfully tested also with programs like nmap, netcat, gcc, tidy, nasm, lame, curl, almost all my tools and many others.
it is also very easy to use and has tooltips so is enough to keep the mouse pointer over a button to know what it does.
* WINDOWS USERS: DOWNLOAD THE GTK+ INSTALLER FIRST!!!
if still doesn't work add ;C:\Program Files\Common Files\GTK\2.0\bin to your PATH environment variables.
- sendto_spoof.h 0.1.2 (sendto_spoof)
a sendto() replacement which automatically enables the spoofing of the UDP packets in any existent program.
compatible with both Windows and other operating systems and little/big endian CPU.
read the header of the file for all the needed information.
- Calcc 0.1.5 (calcc) .image.
excellent console calculator (double-click & run) which supports multiple input and output formats and lot of operators.
input formats: hexadecimal, binary, base4, various time identifiers, float/double, decimal, octal, IPv4 address, percentage, strings/chars and current date/time.
output formats: decimal, hexadecimal, octal, binary, signed decimal, ascii, explonential, base4, IPv4 address, base32 (rfc4648), base64 (rfc4648), date/time, float (*(float *)&number) and double (*(double *)&number).
operators: parenthesis, complement, not, shift, rotate, xor, or, power, root, byte and bit swapping, multiplication, division, modulus, addition and substraction.
it's available in two executables which support max 32 and 64 bit numbers, so is possible to choose the 32 bit one in specific cases.
can be used also like a quick and easy to use numbers converter.
I wrote it just because I needed it for my tests and programming and there was nothing similar in all Internet.
- MyBrute 0.2 (mybrute)
sets of easy-to-use functions composed just by some lines of code for adding password guessing features to other programs.
supports both brute forcing and the scanning of wordlists with different types of "case" (like password, PASSWORD, Password, pAssword and so on).
read the text file inside and moreover the example.
- CmdDiz 0.2 (cmddiz) .image.
a console interface/translator for the huge amount of free dictionaries of The Dictionary Team.
supports also wildcards like *hello* or hello* and *hello.
- DirComp 0.2.1 (dircomp) .image.
tool for comparing the files contained in two or more directories.
the output is easy to read and lists all the files which differ (the check is performed on both size and content) and those who are not available in certain folders.
- Byte2C 0.2a (byte2c) .image.
great tool for converting files into 8, 16, 32 and 64 bit numbers and float and double types too.
supports many options and the manual handling of the format string for the visualization of the numbers like hexadecimal, decimal, unsigned and all the various flags used in the printf() C function.
very useful for retrieving arrays (crc tables, arrays of float numbers and so on) from an executable.
- Lame Patcher 0.4.4b (lpatch)
file patcher available with both GUI (on Windows) and command-line mode plus various features.
it uses some text files with the lpatch extension for the list of operations to perform on the target file to patch.
these text files are trivial to create and edit and allow to specify comments, the default name of the file to patch, an introduction to display before apply the patch, MD5 hash verification, the modification of a byte at a specific offset, the substituition of a sequence of bytes or a string, wildcards and more.
exists also an older version of "patch files" used for substituiting bytes at fixed offsets and are identified by the lpatch.dat name.
on Windows the tool can also be used to patch a running process and launching+patching it.
this patcher and its patch files are the only that I use for my patches.
- PackZip 0.3.1 (packzip) .image.
a nice tool to create raw deflated files or inject deflate data in any file using the maximum compression level.
useful for modifying archives of unknown format replacing only the data which has been modified without touching the rest.
supports zlib, deflate and lzma.
- Web passwords and links checker 0.2 (webpwdchk)
nice tool for checking all the URLs in an input text file and scanning them sequentially.
its primary purpose is to verify if the username and password for a website are valids but can also check if pages exist or not.
read the text file inside
- Read/Write bits to buffer 0.1.2 (rwbits)
two functions I wrote to use in my programs that read and write number of a certain amount of bits (max 32) into a buffer, useful for bit packing.
- Offzip 0.4.1 (offzip / Offset file unzipper) .image.
a very useful tool to unpack the zip (zlib/gzip/deflate) data contained in any type of file like raw files, packets, zip archives, executables and everything else.
it's needed only to specify the offset where the zip data starts or using the useful -S search option able to scan the file for possible deflate (-z -15) and zlib data.
there are also other options for extracting all the compressed streams (-a) or dumping them compressed (-A).
it's also possible to choose a windowBits value for scanning both the zlib (RFC1950) and deflate (RFC1951) blocks.
the -c option allows to work with chunked files and trying to build the original files.
the files will be dumped with a guessed extension that can be useful for their quick identification.
the tool has also a reimport option (-r) like QuickBMS.
how to dump all the zlib compressed files in an archive:
- offzip.exe -a input_archive output_folder 0
how to dump all the deflate compressed files in an archive:
- offzip.exe -z -15 -a input_archive output_folder 0
- ether_hdrlen 0.2 (ether_hdrlen)
two simple functions that return the size of some data_link levels and ethernet types.
I have collected the values while playing with Ethereal/Wireshark and Nmap and is enough useful to write simple ethernet sniffers.
- Simple TCP proxy/datapipe 0.4.8b (stcppipe) .image.
simple proxy/datapipe for TCP connections with multiple options and advanced features.
a datapipe is like a minimalistic proxy with only one fixed destination host and port; it acts as a bridge for connecting to a specific host, so the input connection can be any TCP client while the output is ever the same IP:port (clients->stcppipe->target).
it supports multiple clients at the same time (it uses a thread for each client), binding of a specific local IP, allowing only certain hosts/IPs, multiple target hosts to which is possible to connect at the same time or one at time (the first available), reverse connection, dumping of the connections in tcpdump format or stdout, support for SSL connections useful for dumping the data exchanged between a SSL client and server in MITM (man in the middle), SSL tunnel, a lame XORing function and more.
some SSL related examples:
- connecting a browser to a SSL web server: stcppipe -Y 2 www.example.com 443 80
- connecting a SSL browser to a non-SSL web server: stcppipe -Y 1 www.example.com 80 443
- dumping the content of a SSL connection: stcppipe -d . -S www.example.com 443 443
if you need to use tls1: -Y tls1 "" ""
- Byte2hex 0.2 (byte2hex) .image.
converts any byte from a file or stdin to a format of your choice (hex is default but is possible to choice octal, decimal and more since the format string is controlled by you).
- HEX2BYTE 0.3.1 (hex2byte) .image.
converts any hex char like 0x61, \x61 or just 61 from a file/stdin into the relative bytes.
the default format is a fast hexadecimal conversion but is possible to choose alternative C-like formats like octal, decimal and others which are parsed directly by the sscanf() function.
the tool has also a special option for parsing the hexdumps like: "01C99BB0 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop".
- show_dump.h 0.1.1a (show_dump)
optimized function to show the hex dump of a buffer to stdout or to write it into a file/stream.
exists also a 0.2 version which adds a new parameter for specifying the spaces to add at left of the visualization.
- Formatted tabs to spaces 0.1 (tab2spc)
useful tool to convert tab in spaces with the possibility of choosing the number of spaces which will substituite the tabs.
- Fcomp 0.3.1 (fcomp) .image.
very good binary file comparison tool with support for multiple files, ASCII and hexadecimal visualization and offset of the files from where starting the comparison.
- Sleepy 0.2.4a (sleepy)
this tool waits a custom amount of time (milliseconds, seconds, minutes, hours, days, weeks and local/UTC time) and then exits or executes a program specified by the user one or more times.
- Pings 0.2.3 (pings)
this tool allows to send ICMP packets with a custom type, code, ID and sequence (for ping query and reply) and allows also to send multiple packets or filling them with the data of a file or with a specific size and some other options.
it has also a listening mode but works only on some systems.
- ZipComp 0.4.1a (zipcomp)
quick tool for comparing the size and then the CRC32 checksum of the files contained in a zip archive with that of the files in the current directory or in another zip file specified by the user.
it can also compare two zip files and self-extractors too.
- MyCRC 0.3a (mycrc) .image.
easy and fast tool to calculate the checksums CRC8, CRC16, BSD16, 2 types of FCS16, sum16, 4 types of CRC32, sum32, MD2, MD4, MD5 and SHA1 of a file or a stdin stream.
useful to check if an unknown field of a protocol or file format could be a checksum or an hash.
- Xor 0.2 (xor)
simple tool for XORing an input file with a byte or a key chosen by the user, which can be a file, a string or a sequence of hex bytes.
- Zipweb 0.4.1 (zipweb) .image.
utility for viewing the index of remote ZIP packages located on HTTP servers without downloading them.
the program supports proxy and automatic keep-alive and has a lot of options and useful functions as the interactive download of the files in the ZIP package or their download based on part of filenames (so for example is possible to download a text file of 2 kilobytes from a ZIP file of 3 gigabytes in a couple of seconds) and the CRC32 comparison between the remote files in the ZIP and the local files on the disk.
it works with both ZIP and auto-extracting ZIP files so use it also with EXE files and can be used also to show only the size of any remote file.
- CHD 0.1 (chd) .image.
a mini tool of some lines of C that displays each given char/string in its hex, decimal, octal and binary format.
very small but very useful.
- Charcount 0.1.4 (charcount) .image.
gives the number of ASCII chars contained in one or more files.
- Bincat 0.1 (bincat)
concatenator of multiple binary files, similar to the "copy /b" of Windows.
- Rmchar 0.2 (rmchar)
removes all the occurences of a specific byte in a file.
- Mini Winamp input plugins player/converter 0.1.3 (wampmini) .image.
mini command-line tool which takes a Winamp input plugin (like in_plugin.dll) and an input file and plays it or generates a wave file or dumps the raw pcm data to stdout.
other than for playing and converting, it's also a good way for testing single plugins and/or knowing what of them is able to read a certain file format.
- Dumproc 0.2 (dumproc)
quick tool for dumping memory from a process or writing data into it.
- Proxocket 0.1.8 (proxocket) .image.
Proxocket is a dll proxy project for the main Winsock functions which allows to capture any type of packet and data sent/received by a specific software of your choice and optionally modifying its content or the connect, bind and accept functions through a custom dll very easy to create.
Proxocket handles the following functions for both ws2_32.dll and wsock32.dll: WSAStartup, socket, WSASocketA, WSASocketW, closesocket, connect, WSAConnect, bind, accept, WSAAccept, recv, recvfrom, WSARecv, WSARecvFrom, WSARecvEx, send, sendto, WSASend, WSASendTo.
it has also specific support for TCP, UDP, ICMP, IGMP and RAW packets with handling of SOCK_STREAM, SOCK_DGRAM and SOCK_RAW on both incoming and outgoing data.
the project is divided in two parts:
- monitoring/sniffing: a CAP file in tcpdump format will be generated for any captured packet, this is the default operation
- user's custom manipulation of the captured data: through a custom myproxocket.dll edited and created by the same user is possible to have control over the captured data like creating a rudimental firewall for a specific software or editing the data which will be passed to the main program on the fly or creating a decompressor/decrypter/protocol_analyzer and so on
read the text file inside for more details and if you want to write a plugin take a look at the source code of my myproxocket.c example.
the following are some "example plugins" I wrote for proxyfying the main program and or doing some things:
- web proxy forcer 0.1: works like a classical web proxyfier
- web proxy forcer mode2 0.1: works like a classical web proxyfier
- connect proxy forcer 0.1: works like a CONNECT proxyfier
note: if you have Vista and the local ws2_32/wsock32 dlls are not loaded try to set the registry key
"HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\DevOverrideEnable"to 1.
note: the exported functions of myproxocket.dll MUST be declared as CDECL, this is default on Mingw but not on other compilers.
note: do NOT use Cygwin for compiling the myproxocket plugins.
- monitoring/sniffing: a CAP file in tcpdump format will be generated for any captured packet, this is the default operation
- DLL proxy skeleton generator 0.1.1b (dllproxyskel) .image.
quick tool for generating a base C code to use for proxifying the exported functions of any DLL.
with the resulted code is a lot more simple and easy to hook a specific function of a dll (like recvfrom or sendto and so on) so that then is only needed to modify the wanted functions to hook.
my Proxocket project is an example of result obtained through this tool and some parts of its code could be an useful practical example.
the generated C source code is gcc/mingw compatible, it's commented to allow an easier customization and comprehension, has a small example about hooking recv in wsock32/ws2_32 and is written with the compatibility in mind (to avoid problems with some gcc options like -fomit-frame-pointer).
a DEF file is generated too, it's needed to keep the ordinal values of the exported functions.
note: if you have Vista and the local proxy_dlls are not loaded try to set the registry key
"HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\DevOverrideEnable"to 1
there is also another small tool which simply lists all the exported ordinals and functions of a DLL.
- QuickRVA 0.2.3a (quickrva) .image.
cool and easy to use RVA converter for various types of executables which allows to convert file offsets to a memory offsets and viceversa.
at the moment the tool supports DOS, LE, PE (both 32 and 64 bits), VXD, ROM, OS2, ELF (both 32 and 64 bits) and XBE executables in little-endian mode.
it contains tons of useful features like drag'n'drop, files and processes loading, C style text/binary search, hex visualization of the data at current offset, various details about each section of the executable, real-time disassembling (16, 32 and 64 bits supported) of the visualized bytes with parsing of the ASCII and unicode strings, navigation in the window of the hex dump and the disassembled instructions and more.
- Mylibaow32 0.1 (mylibaow32)
a simple libao clone which works on Windows using waveOut.
some functions like ao_open_file have not implemented because useless.
thanx to David Overton for his useful Windows waveOut tutorial.
- Winamp plug-in info 0.1.1a (wainfo) .image.
interesting tool which shows all the details about the plugins for Winamp, XMPlay, MusikCube and The Core Media Player.
it's extremely useful when in doubt about a version of a specific plugin or what it does without loosing time.
for example you have two plug-ins with the same name and don't know what is the most recent.
- Winerrmsg 0.1.1 (winerrmsg) .image.
some lines of code to convert Windows error codes into comprehensible error messages in your language, supports also socket errors.
- Winerr.h (winerr)
this is a very useful function I have written to use in Windows programs for handling the Winsock and common I/O errors (using errno).
I use it in ALL my network related tools.