TitanEngine
With time, malware authors are becoming cleverer and are successfully finding ways of evading security software. The only thing standing between a ’clean’ machine and malware is a reverse engineer/malware analyser. As malwares get equiped with newer techniques, it is becoming imperative for reverse engineers to test for malwares in the time made available to them. Tools like TitanEngine will surely help us in our malware analysis & reverse engineering endeavours! It is one of the tools that we have been waiting for download since the time it was announced at the BlackHat 09!
TitanEngine is a an OPEN SOURCE framework from the Reversing Labs that can be used to perform over 250 functions! Best of all, you can have all of that automated. It can also be used to make new tools that work with PE files! Both – 32 bit & 64 bit formats are supported! It can be used to create all known types of unpackers. It’s features are:
- SDK has 250 documented functions
- Easy automation of all reversing tools
- Supports both x86 and x64
- Can create: Static, Dynamic & Generic unpackers
- Tested on over 150 unpackers
- Its free and open source–LGPL3!
- Integrated x86/x64 debugger
- Integrated x86/x64 disassembler
- Integrated memory dumper
- Integrated import tracer & fixer
- Integrated relocation fixer
- Integrated file realigner
- Functions to work with TLS, Resources, Exports,…
Normally, you would unpack the file in this process – debug until entry point, then dump memory to disk, then collect data for import fixing, then collect data for relocation fixing and the apply any custom fixes like Code splices, Entry point relocation etc. TitanEngine will do all of that, automatically!
With the integrated x86/x64 Debugger, you can Attach/Detach a process, Trace (including single stepping) a process, set several types of breakpoints like Software (INT3), Hardware, Memory, Flexible, API for a process & access debugged file’s context! You can then perform a full disassemble or perform memory manipulation, find, replace, patch, fill, get call/jump destination, check if the jump will execute or not, thread module for thread manipulation!
With the integrated Memory Dumper you can, dump memory or process or regions or modules, paste PE header from disk to memory, manipulate file sections, extract or resort or add or delete or resize and manipulate file overlay, convert addresses from relative to physical and vice-versa, get section number from address or PE header data or get and set PE header values!
There are a lot many functions that you can find in the TitanEngine! We have left the remaining parts for you to research upon by downloading TitanEngine here. Since we know that you would love to learn more about this tool, you can read more about it from the author slides – here & here!
Related External Links
titanengine, titanengine tutorial, TitanEngine SDK, titanengine sdk tutorial, multi pe header reverse engeenering, x64 disassembler, turbodiff x64, x86 rfi scanner, The TitanEngine, immunity debugger x64, Immunity Debugger header1=( EXPLOIT, titanengine blackhat, TitanEngine import, relocation fixing dump, ioctl fuzzer unix, google code iocontrol fuzzing, free web scanner xss opensource
{ 1 trackback }
{ 0 comments… add one now }
You must log in to post a comment.