eXeLab
eXeL@B ВИДЕОКУРС !

ВИДЕОКУРС ВЗЛОМ
выпущен 2 июля!


УЗНАТЬ БОЛЬШЕ >>
Домой | Статьи | RAR-cтатьи | FAQ | Форум | Скачать | Видеокурс
Новичку | Ссылки | Программирование | Интервью | Архив | Связь

Русский / Russian English / Английский

Сейчас на форуме: (+2 невидимых)
 · Начало · Статистика · Регистрация · Поиск · ПРАВИЛА ФОРУМА · Язык · RSS · SVN ·

 eXeL@B —› WorldWide —› KirbiDSMx64-OPS (Open Source 64 bit Disassembler)
Посл.ответ Сообщение

Ранг: 3.3 (гость)
Статус: Участник

Создано: 9 мая 2018 11:35 · Поправил: Kirbiflint New!
Цитата · Личное сообщение · #1

Hello everyone,

In this release i'm going to share a my 64 bit Disassembler. Some months ago I released my KirbiDSM for x86 and it was written in C++\CLI .NET.

KirbiDSMx64-OPS is re-made and the code is written in C\C++ and the UI is made in Qt. In this disassembler there are some more features which one of those is the .NET Decompiler plugin that is written in C#

The idea to make an 64 disassembler it comes me because my passion of coding is always more good and my knowledge It is always more better I think. Another reason that i decided to make this Disassembler, it is that i'm inspired of x64dbg since it is a very nice debugger, then i decided to make something my own. 

I'll surely release the new versions of this disassembler, which i'll try to fix bugs or issues. You're welcome if you find something wrong on it or issues, feel free to contact me or in PM here or in this topic, I'm always glad to learn new things and try to do my best helping people.

After said that, here there is a little description.

Currently this disassembler supports:

.NET executables

Executables 64 bit

DLLs and some more...


Functions:

Disassembler: There are 3 engines, (Distorm, Zydis, and Udis86). Opening an executable, you will be able to choose which engine you would like to use.

Hex Dump: there are 3 types of them, the first one show only hex values, the second one too, and the third one can show the hex + ascii charcters.

Memory Map: the memory map can show the PE structures(DosHeader, FileHeader, OptionalHeader).

Protection Analyzer: Detect if the executable is packed and tell which packer is.

AddressConverter + values calculator: As said the name, this feature has 2 options, can convert an adress (example from RVA to VA or vice versa), the values calculator can convert binary, hex, ascii values.

Imports Table: Show the imports of a PE if detected.

Exports Table: Show the Exports of a PE if detected.

Relocations: Show the relocations of a PE if detected.
Then there's the tools which allow you to add sections, import, relocation.

It's possible to save The Memory map, Imports Table into a file.


Download links:

Project (Source Code): github.com/Kirbiflint50/KirbiDSMx64-OPS

Build: KirbiDSMx64-OPS.zip, 23.29 MB


Libraries used are:

-Zydis

-Distorm 

-Udis86

-libpe

-pe_bliss

-IlSpy(.NET Decompiler) 

| Сообщение посчитали полезным: hors



Ранг: 581.6 (!)
Статус: Модератор
Research & Development

Создано: 9 мая 2018 11:53 New!
Цитата · Личное сообщение · #2

Do you have plan to make it cross-platform? You already use QT for interface, so it doesn't seem impossible )

| Сообщение посчитали полезным: sefkrd


Ранг: 3.3 (гость)
Статус: Участник

Создано: 9 мая 2018 11:57 New!
Цитата · Личное сообщение · #3

Sure, Maybe i'll do it in my future version. ^


Ранг: 581.6 (!)
Статус: Модератор
Research & Development

Создано: 9 мая 2018 12:10 New!
Цитата · Личное сообщение · #4

Btw, about size:

Name: KirbiDSMx64-OPS.zip
Size: 138.81 MB

File "KirbiDSMx64-OPS.exe" is less than 3 MB

Why so huge?

Ранг: 3.3 (гость)
Статус: Участник

Создано: 9 мая 2018 12:39 New!
Цитата · Личное сообщение · #5

Because it include Qt dlls too, the exe is like 4mb or such


Ранг: 581.6 (!)
Статус: Модератор
Research & Development

Создано: 9 мая 2018 12:48 New!
Цитата · Личное сообщение · #6

But it's 448 MB in unpacked state %D
Are you sure that you need to redistribute all of these components?

libEGL.dll
libEGLd.dll
libGLESv2.dll
libGLESv2d.dll
qdirect2d.dll
qdirect2dd.dll
qminimal.dll
qminimald.dll
qoffscreen.dll
qoffscreend.dll
Qt5Bluetooth.dll
Qt5Bluetoothd.dll
Qt5Charts.dll
Qt5Chartsd.dll
Qt5Concurrent.dll
Qt5Concurrentd.dll
Qt5Core.dll
Qt5Cored.dll
Qt5DataVisualization.dll
Qt5DataVisualizationd.dll
Qt5DBus.dll
Qt5DBusd.dll
Qt5Designer.dll
Qt5DesignerComponents.dll
Qt5DesignerComponentsd.dll
Qt5Designerd.dll
Qt5Gamepad.dll
Qt5Gamepadd.dll
Qt5Gui.dll
Qt5Guid.dll
Qt5Help.dll
Qt5Helpd.dll
Qt5Location.dll
Qt5Locationd.dll
Qt5Multimedia.dll
Qt5Multimediad.dll
Qt5MultimediaQuick.dll
Qt5MultimediaQuickd.dll
Qt5MultimediaWidgets.dll
Qt5MultimediaWidgetsd.dll
Qt5Network.dll
Qt5NetworkAuth.dll
Qt5NetworkAuthd.dll
Qt5Networkd.dll
Qt5Nfc.dll
Qt5Nfcd.dll
Qt5OpenGL.dll
Qt5OpenGLd.dll
Qt5Positioning.dll
Qt5Positioningd.dll
Qt5PrintSupport.dll
Qt5PrintSupportd.dll
Qt5Purchasing.dll
Qt5Purchasingd.dll
Qt5Qml.dll
Qt5Qmld.dll
Qt5Quick.dll
Qt5QuickControls2.dll
Qt5QuickControls2d.dll
Qt5Quickd.dll
Qt5QuickParticles.dll
Qt5QuickParticlesd.dll
Qt5QuickTemplates2.dll
Qt5QuickTemplates2d.dll
Qt5QuickTest.dll
Qt5QuickTestd.dll
Qt5QuickWidgets.dll
Qt5QuickWidgetsd.dll
Qt5RemoteObjects.dll
Qt5RemoteObjectsd.dll
Qt5Script.dll
Qt5Scriptd.dll
Qt5ScriptTools.dll
Qt5ScriptToolsd.dll
Qt5Scxml.dll
Qt5Scxmld.dll
Qt5Sensors.dll
Qt5Sensorsd.dll
Qt5SerialBus.dll
Qt5SerialBusd.dll
Qt5SerialPort.dll
Qt5SerialPortd.dll
Qt5Sql.dll
Qt5Sqld.dll
Qt5Svg.dll
Qt5Svgd.dll
Qt5Test.dll
Qt5Testd.dll
Qt5TextToSpeech.dll
Qt5TextToSpeechd.dll
Qt5WebChannel.dll
Qt5WebChanneld.dll
Qt5WebEngine.dll
Qt5WebEngineCore.dll
Qt5WebEngineCored.dll
Qt5WebEngined.dll
Qt5WebEngineWidgets.dll
Qt5WebEngineWidgetsd.dll
Qt5WebSockets.dll
Qt5WebSocketsd.dll
Qt5WebView.dll
Qt5WebViewd.dll
Qt5Widgets.dll
Qt5Widgetsd.dll
Qt5WinExtras.dll
Qt5WinExtrasd.dll
Qt5Xml.dll
Qt5Xmld.dll
Qt5XmlPatterns.dll
Qt5XmlPatternsd.dll
Qt53DAnimation.dll
Qt53DAnimationd.dll
Qt53DCore.dll
Qt53DCored.dll
Qt53DExtras.dll
Qt53DExtrasd.dll
Qt53DInput.dll
Qt53DInputd.dll
Qt53DLogic.dll
Qt53DLogicd.dll
Qt53DQuick.dll
Qt53DQuickAnimation.dll
Qt53DQuickAnimationd.dll
Qt53DQuickd.dll
Qt53DQuickExtras.dll
Qt53DQuickExtrasd.dll
Qt53DQuickInput.dll
Qt53DQuickInputd.dll
Qt53DQuickRender.dll
Qt53DQuickRenderd.dll
Qt53DQuickScene2D.dll
Qt53DQuickScene2Dd.dll
Qt53DRender.dll
Qt53DRenderd.dll
qwebgl.dll
qwebgld.dll
qwindows.dll
qwindowsd.dll

Ранг: 3.3 (гость)
Статус: Участник

Создано: 9 мая 2018 12:51 · Поправил: Kirbiflint New!
Цитата · Личное сообщение · #7

I just now re-builed it with another mode.. now it should works and the size its about 10mb https://www20.zippyshare.com/v/WFbOdgT5/file.html

Ранг: 3.3 (гость)
Статус: Участник

Создано: 9 мая 2018 14:16 New!
Цитата · Личное сообщение · #8

Guys sorry for my mistake, but now i fixed it and tested with another PC.. Here the working buid.. i'll edit the topic too.. about the .NET decompiler just download it from the old build and put the folder in this one.. here link https://www89.zippyshare.com/v/TMmTAt6Z/file.html

Sorry again

Ранг: 407.8 (мудрец)
Статус: Участник

Создано: 9 мая 2018 14:18 · Поправил: dosprog New!
Цитата · Личное сообщение · #9

) I'm sure again -
If I can not download the file, then it really does not need me. Philosophy


sefkrd writes:
dosprog
Perhaps this is your problem.

) No problems, really.


Ранг: 0.0 (гость)
Статус: Участник

Создано: 9 мая 2018 15:09 New!
Цитата · Личное сообщение · #10

bad
https://github.com/Kirbiflint50/KirbiDSMx64-OPS/blob/master/KirbiDSMx64-OPS/protectionanalyzer.cpp

good
https://github.com/VirusTotal/yara

Ранг: 70.3 (постоянный)
Статус: Участник

Создано: 9 мая 2018 15:41 New!
Цитата · Личное сообщение · #11

dosprog
Perhaps this is your problem.


Ранг: 126.4 (ветеран)
Статус: Участник
Qt Developer

Создано: 9 мая 2018 16:02 New!
Цитата · Личное сообщение · #12

Nice job! Keep going!


Ранг: 257.5 (наставник)
Статус: Участник
Advisor

Создано: 9 мая 2018 20:49 New!
Цитата · Личное сообщение · #13

Jupiter writes:
You already use QT for interface, so it doesn't seem impossible )

after debugger Mr., I can not say anything good about the environment Qt. dnSpy on c#, is much more reliable.


Ранг: 581.6 (!)
Статус: Модератор
Research & Development

Создано: 9 мая 2018 21:50 New!
Цитата · Личное сообщение · #14

Bronco

qt equals shit?


Ранг: 257.5 (наставник)
Статус: Участник
Advisor

Создано: 9 мая 2018 22:04 New!
Цитата · Личное сообщение · #15

Jupiter
I can not say anything good about the environment Qt == shit ???
do not you think that this is a polar statement?
at hors sniffer the same often does not answer immediately, on large files.
and I do not understand why, cross platform for files under Windows?


Ранг: 581.6 (!)
Статус: Модератор
Research & Development

Создано: 9 мая 2018 22:14 New!
Цитата · Личное сообщение · #16

Bronco

Detect It Easy / DiE is very handy tool that I use on mac, but hors doesn't fix very annoying bug with drag-n-drop. Anyway even his xvolkolak is able to unpack windows files on mac!


Ранг: 257.5 (наставник)
Статус: Участник
Advisor

Создано: 9 мая 2018 22:36 · Поправил: Bronco New!
Цитата · Личное сообщение · #17

Jupiter writes:
to unpack windows files on mac!

I do not return that the category of cross-platform code is a high standard. but you still have not explained to me why you need files from the Windows environment, in a Mac environment? such ne format, this is the specifics of windows, and, for these problems Qt on large volumes, a bad solution.


Ранг: 581.6 (!)
Статус: Модератор
Research & Development

Создано: 9 мая 2018 23:11 New!
Цитата · Личное сообщение · #18

Bronco writes:
why you need files from the Windows environment, in a Mac environment


What's the point? I research different things from different platforms. It's OK in real world ))
Easy, easy, real talk )


Ранг: 257.5 (наставник)
Статус: Участник
Advisor

Создано: 10 мая 2018 20:53 · Поправил: Bronco New!
Цитата · Личное сообщение · #19

Kirbiflint
first acquaintance with the engine distorm, and ...
Code:
  1. NOP DWORD PTR DS:[RAX]
  2. distorm_decode->DB 0xf
  3. NOP DWORD PTR GS:[RAX]
  4. distorm_decode->DB 0x65 
  5. NOP DWORD PTR GS:[RAX + RAX]
  6. distorm_decode->DB 0x65
  7. ...etc

in the engine there is an api for decode the pointer (rip+disp)?
I did not find where the detailed description mode to highlight this type of instruction

Ранг: 3.3 (гость)
Статус: Участник

Создано: 10 мая 2018 21:46 New!
Цитата · Личное сообщение · #20

I think there's not a function that can do that in Distorm, By the way, have you tried the other engines if they works about that?


Ранг: 257.5 (наставник)
Статус: Участник
Advisor

Создано: 10 мая 2018 22:12 New!
Цитата · Личное сообщение · #21

Kirbiflint writes:
if they works about that?

-->Udis86 <--, the last update was 3-5 years ago, I do not see the idea of it watching
Zydis - is the best of your list of engines, leave only him.

Ранг: 15.4 (новичок)
Статус: Участник

Создано: 11 мая 2018 00:53 · Поправил: bizkitlimp New!
Цитата · Личное сообщение · #22

Bronco writes:
-->Udis86 <--, the last update was 3-5 years ago, I do not see the idea of it watching

There wouldn't be a point if only whole cpu world had changed (currently nothing has changed), or if brand new instruction sets released lately. Are there indeed brand new stuff and udis86 requires an update now? Cuz I'm using it, but i don't mind moving to something else.


Ранг: 257.5 (наставник)
Статус: Участник
Advisor

Создано: 11 мая 2018 05:50 New!
Цитата · Личное сообщение · #23

bizkitlimp writes:
(currently nothing has changed)

I did not check the capabilities of this engine. in the visual studio 2015, the project is not going.
from the description on the page:
Code:
  1. Supported ISA extensions:
  2.     - MMX, FPU (x87), AMD 3DNow
  3.     - SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES,
  4.     - AMD-V, INTEL-VMX, SMX

there are gaming applications x64, where there are instructions from the set of AVX, and others

Ранг: 508.6 (!)
Статус: Модератор

Создано: 11 мая 2018 11:27 New!
Цитата · Личное сообщение · #24

what about AVX512 as well as ZMM registers support?
almost 0 tools nowadays that do that, unfortunately
 eXeL@B —› WorldWide —› KirbiDSMx64-OPS (Open Source 64 bit Disassembler)

Оригинальный DVD-ROM: eXeL@B DVD !

Вы находитесь на форуме сайта EXELAB.RU
Проект ReactOS