Utilities
Cerbero Suite
Date: present Author: Erik Pistelli
State-of-the-art suite of tools for malware triage and file analysis. Analysis for many file formats including PE, Mach-O, ELF, Java, SWF, DEX, PDF, DOC, XLS, RTF, Zip and many more. Automatic analysis, interactive analysis, Carbon Interactive Disassembler, byte-code disassemblers (.NET MSIL, Java, DEX, ActionScript2/3, VBA, fonts), hex editor with layouts, Windows memory analysis (raw dumps, WinDmp files, hibernation files), JavaScript debugger, extremely rich Python3 SDK, extension support, C++/PDB structures importer, support for projects and bookmarks. Completely multi-platform (Windows, Linux, OS X). Full trial available for download.
Explorer Suite
Date: 18/11/2012 Author: Erik Pistelli
A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86 and x64.
Rebel.NET
Date: 1/1/2009 Author: Erik Pistelli
Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams. It’s possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.
Phoenix Protector
Date: 1/1/2007 Author: Erik Pistelli
A protection software for .NET assemblies. It provides obfuscation features like Name, String and Control Flow Obfuscation. The last feature is particularly important since it prevents the .NET assembly from being decompiled into an understandable language. The Name Obfuscation is provided with an exclusion list. Also there are some more features. The Phoenix Protector is the ideal solution for every .NET developer, due to its support of every kind of project and compatibility with every version of the .NET framework. If you want to know more, click on the product for a detailed presentation.
Filter Monitor
Date: 17/10/2009 Author: Erik Pistelli
This utility can list kernel mode filters and also unregister them. Monitored filters are, for instance, registry filters, create process and thread notifications. FilterMon comes both for x64 and x86 and it should work on all Windows systems from Vista RTM to Windows 7 RTM. I can’t guarantee that it will work on future versions of Windows as it relies heavily on system internals.
Driver List
Date: 09/10/2009 Author: Erik Pistelli
Very small utility which lists the loaded drivers. The utility is 64-bit compatible and can generate a report file from the list.
VirtualReg Manager
Date: 23/05/2008 Author: Erik Pistelli
VirtualReg Manager is a utility which creates virtual registry files and is also able to edit them through a regedit-like interface. It provides command line support for automation. Feel free to include this application in your freeware. Since it’s a .NET assembly, it works on every Windows platform.
DynLogger
Date: 13/04/2008 Author: Erik Pistelli
DynLogger logs all dynamically retrieved functions by reporting the module name and the requested function. It can come very handy when one wants to know a “hidden” function used by an application. I recycled the code of a bigger project to write this little application. It’s a very small utility, but it might be of use after all. It was tested on XP and Vista, both x86 and x64. It works for .NET application as well. Just start the logging process, the log will be saved after you quit the monitored application.
Vista4Experts
Date: 13/04/2008 Author: Erik Pistelli
Vista4Experts is kind of a treat for computer experts who don’t want security center notifications, User Account Control dialogs, automatic Windows Defender scannings, automatic update installations (which cause you to reboot your system if you don’t react quickly enough). People who want MSDN (or google) set as default search engine in the Internet Explorer search bar, who want the start menu power button to shut down the system instead of hibernating it, etc. These and many more fixes are included in Vista4Experts. All of these changes can be discarded, enabled or reversed. Vista4Experts is first the expert utility of its kind and works on every platform.
4GB Patch
Date: 29/11/2007 Author: Erik Pistelli
This very little tool patches x86 executables in order to let them have 4GB (instead of only 2) of virtual memory on x64 platforms. This tool comes very handy for applications which need a great amount of virtual memory like games, 3D renderization, multimedia etc. To gain these 2GB, you just have to use this tool to patch the executable (*.exe file) of the software you want to have these additional GBs of virtual memory. It can be used by clicking on it and choosing the file or through command line (e.g.: “4gb_patch file.exe”). It automatically creates a backup copy of the original executable.
PE Detective
Date: 01/05/2007 Author: Erik Pistelli
A freeware PE identifier. This tool was originally designed to be part of the Explorer Suite II, but it can be downloaded separately as well. The PE Detective can scan single PE files or entire directories (also recursevely) and generate complete reports. The PE Detective is deployed along with the Signature Explorer, which is an advanced signature manager to check collisions, handle, update and retrieve signatures.
WIM Installer
Date: 21/04/2007 Author: Erik Pistelli
A little utility created to handle from a graphical interface and in a extremely easy way setups based on wim images. Regardeless if they have been released by microsoft or not.
ScreenWriter
Date: 14/05/2006 Author: Erik Pistelli
This is a little freeware software which makes the writing of screenplays for TV and cinema very easy. It follows the standard american indentation rules and provides autocompletion for characters, places and day times. You can also export your scripts in various file formats.
.NET Generic Unpacker
Date: 07/03/2006 Author: Erik Pistelli
This is a program to dump .NET packed applications. Of course no serious .NET protection relies on packing. In fact, this software shows how easily you can unpack a protected assemly. This .NET Generic Unpacker was written in a couple of hours and despite of the fact that it’s very simple, it might turn useful having it: otherwise you have to unpack manually, which is also very easy.
SNSRemover
Date: 29/11/2005 Author: Erik Pistelli
This tool removes the Strong Name Signature from .NET Assemblies. I had to code it since all the other tools over the internet didn’t work correctly with the new .NET Framework 2.0, which was released a couple of days ago. This tool was coded in plain win32, so like the CFF Explorer it doesn’t need the framework to run.
NoDel
Date: 04/05/2005 Author: Erik Pistelli
Small utility I wrote for a friend of mine (who needed it for work), it preserves files from deletion in a directory that you choose.
AntiMida 1.0
Date: 10/04/2005 Author: Erik Pistelli
The AntiMida 1.0. Here you find the project files and a compiled executable. For more information read the article.
Sources
Qt MetaData IDAPython Script
Date: 28/11/2008 Author: Erik Pistelli
Little IDAPython script to extract Qt metadata from binary files. For more information about this source, read the article about Qt Internals & Reversing.
DisasMSIL
Date: 30/04/2008 Author: Erik Pistelli
DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any). For more information about this project, read the article.
Small Application Wizard
Date: 21/8/2006 Author: Erik Pistelli
A wizard designed for Visual Studio .NET (2005) to build small applications with just a few clicks. The package includes a small libc. If you’re interested in knowing more about this project, read the article.
Manifest Resources Class
Date: 09/11/2004 Author: Erik Pistelli
A Class to handle the Manifest Resource format. For more information read the article.
AntiWFP
Date: 09/11/2004 Author: Erik Pistelli
The Anti-WindowsFileProtection. Here you find the project files and a compiled executable. For more information read the article.