Создано: 9 мая 2018 11:35 · Поправил: Kirbiflint New! Цитата · Личное сообщение · #1
In this release i'm going to share a my 64 bit Disassembler. Some months ago I released my KirbiDSM for x86 and it was written in C++\CLI .NET.
KirbiDSMx64-OPS is re-made and the code is written in C\C++ and the UI is made in Qt. In this disassembler there are some more features which one of those is the .NET Decompiler plugin that is written in C#
The idea to make an 64 disassembler it comes me because my passion of coding is always more good and my knowledge It is always more better I think. Another reason that i decided to make this Disassembler, it is that i'm inspired of x64dbg since it is a very nice debugger, then i decided to make something my own.
I'll surely release the new versions of this disassembler, which i'll try to fix bugs or issues. You're welcome if you find something wrong on it or issues, feel free to contact me or in PM here or in this topic, I'm always glad to learn new things and try to do my best helping people.
After said that, here there is a little description.
Currently this disassembler supports:
Executables 64 bit
DLLs and some more...
Disassembler: There are 3 engines, (Distorm, Zydis, and Udis86). Opening an executable, you will be able to choose which engine you would like to use.
Hex Dump: there are 3 types of them, the first one show only hex values, the second one too, and the third one can show the hex + ascii charcters.
Memory Map: the memory map can show the PE structures(DosHeader, FileHeader, OptionalHeader).
Protection Analyzer: Detect if the executable is packed and tell which packer is.
AddressConverter + values calculator: As said the name, this feature has 2 options, can convert an adress (example from RVA to VA or vice versa), the values calculator can convert binary, hex, ascii values.
Imports Table: Show the imports of a PE if detected.
Exports Table: Show the Exports of a PE if detected.
Relocations: Show the relocations of a PE if detected. Then there's the tools which allow you to add sections, import, relocation.
It's possible to save The Memory map, Imports Table into a file.
Создано: 9 мая 2018 14:16 New! Цитата · Личное сообщение · #8
Guys sorry for my mistake, but now i fixed it and tested with another PC.. Here the working buid.. i'll edit the topic too.. about the .NET decompiler just download it from the old build and put the folder in this one.. here link https://www89.zippyshare.com/v/TMmTAt6Z/file.html
Создано: 9 мая 2018 22:04 New! Цитата · Личное сообщение · #15
Jupiter I can not say anything good about the environment Qt == shit ??? do not you think that this is a polar statement? at hors sniffer the same often does not answer immediately, on large files. and I do not understand why, cross platform for files under Windows?
Создано: 9 мая 2018 22:36 · Поправил: Bronco New! Цитата · Личное сообщение · #17
Jupiter writes: to unpack windows files on mac! I do not return that the category of cross-platform code is a high standard. but you still have not explained to me why you need files from the Windows environment, in a Mac environment? such ne format, this is the specifics of windows, and, for these problems Qt on large volumes, a bad solution.
Создано: 11 мая 2018 00:53 · Поправил: bizkitlimp New! Цитата · Личное сообщение · #22
Bronco writes: -->Udis86 <--, the last update was 3-5 years ago, I do not see the idea of it watching There wouldn't be a point if only whole cpu world had changed (currently nothing has changed), or if brand new instruction sets released lately. Are there indeed brand new stuff and udis86 requires an update now? Cuz I'm using it, but i don't mind moving to something else.