RevEngX is an extension for the Debugging Tools for Windows, Windows Debuggers, that aids the user in Research, Reverse Engineering, finding IAT and EAT hooks, and performing Code Injection from the debugger. x86 and x64 targets are supported.
Functions include:
- !callfn for calling any function in the target process with a C-like syntax for parameters and access to hundreds of common constant values as defined in SDK header files
- !define constant for defining new constant numeric values that may be used in calls to !callfn
- !iathooks for finding Import Address Table hooks set in any or all modules in the process
- !eathooks for finding Export Address Table hooks set in any or all modules in the process
- !iatentry for analyzing Import Address Table entries and setting IAT hooks
- !eatentry for analyzing Export Address Table entries and setting EAT hooks
- !loadlibrary for injecting DLLs (this can also be done via !callfn)
- !freelibrary for ejecting DLLs (this can also be done via !callfn)
- !dle for analyzing the PEB's Dynamic Linker Table
- Extensions for synthetic modules and symbols
- Extensions for formatting data output in the debugger
- Extensions for tracking sockets (TCPv4) in breakpoints
- Extensions for printing COM CLSIDs and IIDs
- NEW: Constants, COM CLSIDs, IIDs, and other data stored in a sqlite database so that additions are permanent. RevEngX.db is stored in the user's Documents directory. It can be copied to different machines or pointed to using the REVENGX_DATABASE environment variable.
- And more... See !help for details
|