Scylla x64-x86

Reconstructing Import Table with Scylla

Scylla x86-x64 is a tool that is used to rebuild the import table.

In Malware Analysis, to analyze a previously packed sample dumping the OEP of the process is not enough, it then needs the import table to be fixed for the disassembler or debugger to identify its imported modules. 

You can follow this project through Github: Click Me!


Dumping process memory with OllyDumpEx

OllyDumpEx is a process memory dumper used for OllyDbg and Immunity Debugger.

In Malware Analysis, this tool is used to dumped the original entry point of the process to ignore the populated code done by a packer.

Immunity Debugger

Reverse Engineering with Immunity Debugger

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

Learn more: Click Me!


OllyDbg Crash Course

OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries.




Malware Static Code Analysis with IDA PRO

The Interactive Disassembler(IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executable. A decompiler plug-in for programs compiled with a C/C++ compiler is available at extra cost.

IDA performs automatic code analysis, using cross-references between code sections, knowledge of parameters of API calls, and other information.