Disassemblers & Debuggers

Popular disassemblers and debuggers for various platforms.

Debuggers

OllyDbg 2 Plugin

  • Sequential DumperMore information on Zairon site
    Sequential Dumper is conceptually able to dump blocks of memory in sequence: it monitors the flow of the malware code trying to dump all the new allocated/decrypted parts in different memory areas containing code of the malware itself.
  • DbgHookMore information on our Community
    DbgHook is a small plugin for Olly 2.1 that hooks the classics functions used for antidebug’s tricks, the driver is for Windows 7 x64 (tested on build 7600.16385.1), so for running it need to be registered and PatchGuard disabled (you can use tools like DSEO).
  • ollydbg2-python
    Scripting OllyDBG2 using Python.

OllyDbg 1 Plugin

  • FullDisasm 3.0.1.175
    FullDisasm is a small plugin for OllyDbg 1.10 which allows you to replace the old disassemble routine used in OllyDbg. With this plugin, you can now debug MMX, FPU, SSE, SSE2, SSE3 and SSSE3 without problems.
  • HideDebugger 1.24
    Hide Debugger is a plugin that uses various tricks to hide the presence of the debugger.
  • ODbgScript 1.82.6
    ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language.
  • OllyAdvanced 1.27
    All in one OllyDbg plugin: olly hidding, olly bugs fix etc… [ Fixed some bugs to work on Windows Vista/7 OS ]
  • OllyStealth64 1.3
    Anti Anti and compatibility plugin for Olly 1.10 running on Vista x64.
  • OllyDbg PDK v1.10
    OllyDbg Plugin Development Kit
  • OllyDump 3.00.110
    Dump the process with a rebuilded IT
  • Qcmdline 1.06
    A commandline for OllyDbg with much more features than the standard one
  • SehSpy 0.1
    Useful while you are stepping through SEH Handlers
  • StrongOD 0.4.8.892
    This plugin is more usefull to set some OllyDbg settings, especially in unpacking case to make it very strong.
  • PhantOm 1.85
    Another plugin, like StrongOD, that allows you to mod your Olly.
  • Illy 0.1 Beta 3
    Try to debug your .NET targets into Olly!

Disassemblers

  • IDA 6.9 Demo
    IDA Demo version
  • IDA 5.0 Free
    IDA 5.0 Freeware version
  • W32Dasm zip password: disassembler
    The famous disassembler patched to include VB support and comments in the listing

IDA Utilities

  • Determina PDB plugin 1.0
    This is a replacement for the IDA PDB plugin which significantly improves the analysis of binaries with public debugging symbols.
  • Delphi signatures 1.0
    Delphi 6 and 7 IDA signatures.
  • IDA Stealth 1.3.3
    IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques.
  • Rock4 v2
    Rockey4 v2.x C++ library IDA signatures.
  • Sentinel Hardware Keys
    Sentinel Hardware Keys v1.0.3 IDA signature.
  • Sentinel Lm
    From SentinelLm 7.0 to 7.3 and 8.x IDA signatures.
  • Sentinel SuperPro
    From Sentinel SuperPro 6.0 to 6.4.4 IDA signatures.
  • PatchDiff2 2.0.10b
    PatchDiff2 is a plugin that can analyze two IDB files and find the differences between both.
  • Funcap 0.91
    IDA Pro script to add useful runtime info to static analysis.
  • IDA Sploiter 1.0
    IDA Pro script designed to enhance IDA’s capabilities as an exploit development and vulnerability research tool.
  • IDA Patcher 1.2
    IDA Pro script designed to enhance IDA’s ability to patch binary files and memory.
  • IDAPython 1.7.2
    IDAPython is an IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro.
  • IDA Toolbag 2.0
    The IDA Toolbag is a plugin providing supplemental functionality to the Hex-Rays IDA Pro disassembler.
  • IDAscope 1.2.1
    IDAscope is an IDA Pro extension with the goal to ease the task of (malware) reverse engineering.
  • BinSourcerer 1.31
    BinSourcerer is an assembly to source code matching framework written in Python.

Android

.NET

.NET Debuggers

  • dnSpy
    .NET assembly editor, decompiler, and debugger
  • DILE 0.2.13
    Dotnet IL Editor (DILE) allows disassembling and debugging .NET 1.0/1.1/2.0/3.0/3.5/4.0 applications without source code or .pdb files. It can debug even itself or the assemblies of the .NET Framework on IL level

VB

Delphi

Java

Flash

Misc