What reversing tool do you guys prefer?

No. 1 = The Brain!



Regards,

umm.. smartcheck? r u srsly?

There is no "best". Use whichever you need for the particular job.

It's a combination of all of the above.

No one tool will do everything.

Woodmann

I usually run smartcheck in ollydbg running inside a virtual machine while remote debugging with Softice. The whole process is then monitored by "other", which I will release if it proves popular in this poll

Any tools still work for modern applications nowadays?

what do u mean?

Each application is different, so you can't really say "modern", but you can usually "persuade" a tool to work on your target unless the arch is different (eg. 16 bit app, 32 bit tool).

As someone once said IDA Pro is like the swiss army knife of reverse engineering. I would call it a pretty clear winner as far as software tools are concerned especially now that a decompiler is being introduced. The techniques of decompilation are almost identical to those of compilation so it makes you wonder what sort of secrets Microsoft has up their sleeves that they keep tightly protected. From my studies of incremental algorithms, I would even argue that (de)compilation could be done in a single pass if every aspect of code and data flow analysis used these algorithms. Granted there would need to be steps for translation to/from the internal format used.

Why do you want to find out the best reversing tool?

As someone in a long trenchcoat, moving at bullet speed once told: "There is no protection."

:P

Have pHun

There you go Woodmann, prefect quote for your 2.0 T-Shirt lol

I do a lot of my reversing in a flat dis-assembly - old habits never die, but as for a debugger I use Olly, (where in the heck is the stacks in version 2.x????), even for non P-Code VB - Smart Check I was very excited about but, lost interest quickly - even do some reversing using the old trial version of VBReformer 4.7 - you could still change and save in that one - if you ask pretty please I might supply a copy for the tools archive here, it will take a while to find the install prog. .net almost exclusively IDA de-compile but I have been checking out some debuggers, not impressed yet!

SiGiNT

SiGiNT

Ok SiGiNT, pretty please for that VBReformer copy then?

Oh, and the best reversing tool is of course CRCETL, duh...

I've always thought the best cracking tool was your brain, but I don't see it listed.

I'll upload it as soon as I can find the installer!!!

SiGiNT

Gawd!

Took 4 hours, searching thru 4 old machines, WHERE WAS IT???? on my main machine - I was searching for VBR - VB and variations of those - nope found it under "reformer" - here it is.

Thanks SiGiNT! It now lives safely in the CRCETL:

http://www.woodmann.com/collaborative/tools/VBReFormer

Please feel free to expand its description, since the different new editions on its website confused me as to what it can do or not...

Version 3.7 was the last demo version of VBReformer that allowed changes to be re-compiled, although it is a decompiler of dubious worth , it's main useful purpose that I have found is in changing forms and dialog boxes - enabling grayed out functions, inserting text and enabling non working functions - it only will work with native VB apps it will not work with P-code, I've found it more useful than Olly and Smartcheck for instance you MAY be able to disable a serial number check. As you work with it you'll appreciate it's simplicity.

SiGiNT

Ok, great, I have copied your info into its CRCETL entry.

One question though, in your first post in this thread you say it's version 4.7, but in this last one you say it's 3.7. So, which one is it really (can't install it to test on this computer, sorry)?

In the post above SiGiNT is talking about "Version 3.7 was the last demo version of VBReformer that allowed changes to be re-compiled." He was lamenting the loss of that fuctionality.

When he was uploading, he said he was uploading version 4.7. Seems to be two different subjects. Unless he faked me out completely.

Regards,

v 3.7 freeware. It installs in French, but the language can be changed under the "Fichier" menu.

JMI,

Apparently my eyes are going faster than yours! - meant 3.7 all along sorry for the confusion - reading glasses don't coexist with me working on a computer and failing eye hand coordination are my excuses today - HMMMMM could be the drugs

Of course I mean from the 60's

SiGiNT

Ok, thanks, I've updated the CRCETL entry with the correct version, and also that language tip from Kayaker.

Most of the time its all OllyDbg but some times depends on the need az Dede and VBdecompller and Smartcheck have their own scope and works well with Delphi, VB apps..

Can you mention the name? It would be useful.

Yeah! pretty please!!! I have a target that only can be reversed this way!

SiGiNT

Yes, number 1 is the brain, number 2 is the feeling, which can be a little bit sharpened by experience. Can also be thought that number 3 is the experience.