DEBUGGERS
SoftICE and Tools |
||
NuMega SoftIce 4.0 for Win 9x |
si401w95.zip |
SoftICE,
the Advanced Windows Debugger, is the only debugger for all reversers. |
Numega SoftIce 4.0 for Win NT/2000 |
si401wnt.zip |
|
Bang | bang.zip (3kb) |
SoftICE
hider . It tries to hide SoftICE from detection attempts using the offset
of int3-int1. Win9x only. Win32asm source code included. Author: r!sc http://csir.cjb.net |
BreakICE v1.0 | breakice.zip (3kb) |
BreakICE
is a simple patch that will modify SoftICE 4.00 so that you could set any
kind of Breakpoints (BPX, BPM..) within Winice.exe (SoftICE doesn't allow
this). Author: +Frog's Print http://frogsprint.cjb.net |
DumpFX 1.1 | DumpFX1.1.zip (154kb) |
Features:
Author:
yoda |
FrogsICE v1.08.9 | frogsice.zip (69kb) |
FrogsICE
allows you to intercept programs (exe or COM, DOS/Win16 or Win32) which
would try to detect if SoftICE is loaded. It is particularly useful for
packed/encrypted programs. FrogsICE runs ONLY on Win95/98. Author: +Frog's Print http://frogsprint.cjb.net |
icedump
6.022 nticedump 1.10 |
id6022.zip (980kb) |
SoftICE
extension. Thanks to it you can save part of memory to disk, suspend specified
thread/process, resume specified thread/process, dump the winice console
to a file, change page table entry flags for the specified page, change
bits in EFLAGS that winice normally doesn't let you, notify Procdump/Bhrama
to initiate dumping. Support for SoftICE95 v3.22, 3.23, 3.24, 3.25, 4.00,
4.01, 4.05. Limited support for NTICE. Sources are included. Authors: Fossil, Ghiri, Ice, the owl http://icedump.tsx.org theowl@freemail.c3.hu |
IceLoad v0.16 | il016.zip (31kb) |
SoftICE
loader32.exe replacement which solves 'non executable first section' problem
and adds DLL support. Authors: The Owl, G-Rom, muffin http://icedump.tsx.org |
ICEPATCH v2 build 2000-02-23 | icepatch.zip (23kb) |
With
the ever increasing number of programs that employ some form of winice detection
it is our hope to provide you with at least a basic protection against these
methods. do not expect too much from this little tool as there are really
countless ways of both detecting and crashing winice... SoftICE v3.22-4.01
are supported. Authors: Magic Mike and The Owl magic_mike_@gmx.net |
Interrupter 1.04 | interrupter.zip (5kb) |
Sometimes
SICE loader doesn't work with certain packed files. Interrupter puts CC
at the entry point of all PE files which is the opcode for Int03. Now you
can set a breakpoint "bpint 03" and your problem is solved. Author: Lazarus http://hello.to/lazarus lazarus_hf@hotmail.com |
Memory Dumper 1.0 | memdump.zip (371kb) |
Memory
Dumper is a program which allows you to access the address space of a running
process. It allows you to either download (save) sections of the process
address space to a file, or to upload (load) files into the process address
space. Author: Paul Turner paulturner@cableinet.co.uk |
NT ALL v0.6 Beta | ntall.zip (6kb) |
FrogIce
clone for NT/2K. Author: Pulsar Pulsar_c@geocities.com |
NTIceSet | nticeset.zip (13kb) |
Support
for NT debugging via SoftICE (memory dumper, SoftICE antidetecting patches
etc). Designed for SoftICE for Windows NT v3.24, 3.25 and 4.00. Author: EliCZ http://elicz.cjb.net elicz@email.cz |
pnticeini.zip (2kb) |
Update for NTIceSet. | |
SEX v1.16b | sex115.zip (57kb) sex116b.zip (4kb) |
SEX
(Softice EXtension) is a program which adds new functions to SoftICE such
as text editor, FakeCD. It currently only runs under Windows98. Authors: defiler and ultraschall http://defiler.elitereversers.de, http://lecentral.elitereversers.de defiler@elitereversers.de, ultraschall@elitereversers.de |
SI Backdoor Keeper | ex-sibdk1.zip (6kb) |
FrogsICE
is able to defend almost all Anti-SI tricks and hide Soft Ice. Just 2 well
known ways still exist: the BoundsChecker interface and 'Soft Ice's Backdoor
Commands'. Both are executed by Int 03 that can't be hooked when SoftIce
is in memory :( and FrogsICE can't detect them. This tool modify WinIce.ExE
and switch the BoundsChecker Interface and 'Back Door Commands' off. It
should work with all SoftICE versions (tested on v4.01). Author: Predator NLS http://execution.cjb.net |
Virtual Address to File Offset 1.01 | pc_offset.zip (7kb) |
It's
a handy little utility that you can use to convert virtual addresses seen
under SoftICE into file offset that you can use in hex editors. Author: Iczelion http://iczelion.cjb.net |
WDump95 v2.10 | wd9521s.zip (113kb) |
WDump95
is a "memory dumper", that is a cracking tool to save chunks of memory to
a disk file. It creates a memory mapped file, that is a memory space shared
between all processes, so you can copy data in (using debugger) and then
save those on the disk for further analysis/processing. Sources included. Author: THE KEY equality4all@hotmail.com |
Other Debuggers |
||
Cool Debugger ver. 2.0 | cooldb32v20.zip (717kb) |
Debugger
for WIN32. Author: Wei Bao http://www.nease.net/~baowei wei.bao@usa.net or wei.bao@bj.col.com.cn |
DeGlucker v0.05-VLS | dg5_9may.zip (61kb) |
Nice
and small debugger for DOS. Features: true 80386 protected mode debugger,
nice interface, made for true hard-working hackers specially. Author: Max Martynov (CrazyMaX) http://www.chat.ru/~vagsoft/ VAGSoft@mail.ru |
SoftSnoop 0.3 |
SoftSnoop0.3.zip |
SoftSnoop
is a small debugger which uses the Debug API's to show the normal debug
events but SoftSnoop is also able to spy the API calls of a given process. Author: yoda http://freak2freak.cjb.net yoda_f2f@gmx.net |
Turbo Debugger 5.0 |
td5.zip |
Producer:
Inprise (Borland) http://www.inprise.com |
TR 2.52 | tr252.zip (96kb) |
Very
powerful debugger for DOS. Author: LiuTaoTao http://www.netease.com/~ayliutt liutt@371.net |
TRW 2000 for Win9x (v1.22) |
trw2000.zip |
RW2000
is a system-level advanced debugger running on Windows 9x. What is system-level
? It means that TRW2000 is bewteen OS and hardware . So , TRW2000 can debug/trace
any code that running on Windows (DOS COM, DOS EXE, DOS protected mode,
16bit NE, 32bit PE applications, and ring 0 kernel VxD... , include other
system-level debugger) Author: LiuTaoTao http://trw2000.yeah.net liutt@371.net |