Update\u00a0 (June, 4th, 2014): Added Hex-Rays Decompiler\u00a0 x64<\/p>\n
64-bits platform is becoming a standard and reverse engineering of the PE32+ files is now a daily bread to many malware analysts. Tools that are designed to make things easier are luckily out there and new ones keep popping up all over the place. Unfortunately, many of the tools are not mature enough yet and often crash or do some funny stuff, but this is developing really fast and hopefully the RCE arsenal will expand soon.<\/p>\n
Here is a short list of the tools I came across and use most of them in my research and analysis of PE32+ files. If you know any other useful tools, I’d be grateful if you let me know. Thanks!<\/p>\n
Docs<\/strong><\/p>\n Bypassing signature checks\/disabling PageGuard<\/strong><\/p>\n PE Viewer\/Editors supporting PE32+ Disassembler<\/strong><\/p>\n Decompiler<\/strong><\/p>\n Debugger <\/strong>(they are also disassemblers) Ollydbg 64<\/a> is still not ready, but there are a couple of tools that can be useful even if not that user-friendly:<\/p>\n Process \/ Memory Viewer<\/strong><\/p>\n Process dumpers<\/strong><\/p>\n Hook Detector<\/strong><\/p>\n API Monitor<\/strong><\/p>\n \u00a0Hiding Processes<\/strong><\/p>\n Thanks to Ange and Nanu Jogi for fixes and suggestions.<\/p>\n","protected":false},"excerpt":{"rendered":" Update\u00a0 (June, 4th, 2014): Added Hex-Rays Decompiler\u00a0 x64 64-bits platform is becoming a standard and reverse engineering of the PE32+ files is now a daily bread to many malware analysts. Tools that are designed to make things easier are luckily … Continue reading \n
\n
\n<\/strong><\/p>\n\n
\n
\n
\n<\/strong><\/p>\n\n
\n
\n
\n
\n
\n