HexEffect symbolTools

Tools are fun to write, and they make life easier.

We've written a number of tools while working on projects. Code is rarely developed in a vacuum, though we've gotten plenty of help from tutorials, open source projects, and from just talking to people in forums. Here are some of the tools we've developed; maybe they'll help you in your next project.

Hades

Hades is a Windows kernel driver that lets reverse engineers monitor and affect the execution of both user and kernel mode code. It works through binary instrumentation, but it's much more lightweight that frameworks like Pin.

Learn More
HexTrace

HexTrace is a user-mode Windows library that monitors execution flow in a target application at both the instruction and functional levels. It's a lot like Hades, but it works via DLL injection rather than with a kernel driver.

Learn More
Virtual Deobfuscator

Virtual machines have become a popular protection technique for malware in the past few years. The Virtual Deobfuscator is a forensic Python application that can locate and help to decode virtual machine instructions in a target binary.

Learn More