Software Listing of Author : "Didier Stevens"
- Binary Tools
- License: Freeware
- Price: 0.00


The Binary Tools package contains 2 simple binary tools:
- reverse: takes the input file, reverses it (first byte becomes last byte, ) and writes it to a new file
- middle: extracts a sequence of bytes from the input file and writes it to a new file
- Publisher: Didier Stevens
- Date Released:
- Download Size: 61 KB
- Download
- Platform: WinOther
- CASToggle
- License: Freeware
- Price: 0.00


The CASToggle application was designed to be a program to manipulate Code Access Security enforcement for an individual program, unlike caspol, which works system-wide. And its effect is immediate.
Usage: CASToggle process-id [toggle]
Use this program to read or change the SecurityState variable
of a .NET program (enables/disables Code Access Security Policies)
process-id is the ID of the running program you want to manipulate
toggle must be 0, 1 or 2 to change the SecurityState variable
0 means that the SecurityState variable is uninitialized and that the
state must be derived from the state of the mutex created by
caspol -security off
1 means that CAS Policies are disabled
2 means that CAS Policies are enabled
- Publisher: Didier Stevens
- Date Released:
- Download Size: 40 KB
- Download
- Platform: WinOther
- Disitool
- License: Freeware
- Price: 0.00


Disitool was developed to be a small Python program to manipulate embedded digital signatures.
Here are some key features of "Disitool":
* delete a signature: disitool.py delete signed-file unsigned-file
* copy a signature: disitool.py copy signed-source-file unsigned-file signed-file
* extract a signature: disitool.py extract signed-file signature
* add a signature: disitool.py add signature unsigned-file signed-file
* inject data after the authenticode signature: disitool.py inject [--paddata] signed-source-file data-file signed-destination-file
- Publisher: Didier Stevens
- Date Released:
- Download Size: 10 KB
- Download
- Platform: WinOther
- OllyStepNSearch
- License: Freeware
- Price: 0.00


The OllyStepNSearch plugin will allow you to search for a given text when automatically stepping through the debugged program.
When the plugin is enabled, it will step automatically through the debugged program once a step command (like Step Into) is issued. Enabling the plugin is done with the "Optionsd-deDt menu command.
After each step, the plugin will check which registers have changed. If a changed register points to an ASCII string, it is logged. If a search string has been defined and it is contained in the ASCII string pointed to by the register or the Information pane, the stepping is paused. Comparison is case sensitive.
A search string is defined by entering it with the "Optionsd-deDt menu command. It is remembered in the OllyDbg INI file. Entering an empty string disables the break on string...
- Publisher: Didier Stevens
- Date Released:
- Download Size: 40 KB
- Download
- Platform: WinOther
- Runasil
- License: Freeware
- Price: 0.00


The following command launches notepad.exe with a low integrity level, instructing notepad to open test.txt:
runasil.exe notepad.exe test.txt
To automatically launch notepad via runasil.exe, using "Image File Execution Optionsd-deDt, create this registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsnotepad.exe and create a value debugger equal to "runasil.exe -dd-deDt (don't forget option -d).
You can also specify the integrity level via an option:
-l for low
-m for medium
-h for high
-s for system
By default, runasil launches the application with a low integrity level.
Don't forget you need at least Windows Vista to use integrity levels, and that a process can't create a new process with a higher integrity...
- Publisher: Didier Stevens
- Date Released:
- Download Size: 30 KB
- Download
- Platform: Windows 7, WinVista
- USBVirusScan
- License: Freeware
- Price: 0.00


For example, to start a cmd.exe on each USB drive you insert, you start USBVirusScan like this:
USBVirusScan cmd /k %d:
%d (or %c for legacy reasons) is a placeholder for the drive-letter of the inserted USB drive.
USBVirusScan uses a system tray icon and balloons to announce the insertion of a USB drive. If you want to hide this system tray icon, start USBVirusScan with option -i, like this:
USBVirusScan -i cmd /k %d:
You can also hide the command line console with option -c. This only works with Console applications, not with Windows applications. Option -e will disable the Exit command in the pop-up menu.
The -q switch will stop a running instance of USBVirusScan.
A new flag, -d, adds debugging support to USBVirusScan. When this flag is present, USBVirusScan will...
- Publisher: Didier Stevens
- Date Released:
- Download Size: 40 KB
- Download
- Platform: WinOther
- XORSearch
- License: Freeware
- Price: 0.00


The XORSearch application was designed to be a small program to search for a given string in an XOR, ROL or ROT encoded binary file. An XOR encoded binary file is a file where some (or all) bytes have been XORed with a constant value (the key).
A ROL (or ROR) encoded file has its bytes rotated by a certain number of bits (the key). A ROT encoded file has its alphabetic characters (A-Z and a-z) rotated by a certain number of positions. XOR and ROL/ROR encoding is used by malware programmers to obfuscate strings like URLs.
XORSearch will try all XOR keys (0 to 255), ROL keys (1 to 7) and ROT keys (1 to 25) when searching. I programmed XORSearch to include key 0, because this allows to search in an unencoded binary file (X XOR 0 equals X).
If the search string is found, XORSearch will print it until the 0...
- Publisher: Didier Stevens
- Date Released:
- Download Size: 40 KB
- Download
- Platform: WinOther
- ZIPEncryptFTP
- License: Shareware
- Price:


ZIPEncryptFTP is a program I developed to make off-site backups of important data. Like its name suggests, it ZIPs one or more directories, Encrypts the ZIP file with AES and uploads it to a FTP server.
ZIPEncryptFTP is a C# command-line program, you will need the .NET 2.0 framework runtime to run it. It will write to the Application eventlog, so you need to run it the first time with administrator privileges, to register ZIPEncryptFTP with the eventlog.
To backup data, use ZIPEncryptFTP with these parameters:
ZIPEncryptFTP /directory /password /url /ftpuser /ftppassword
Example:
ZIPEncryptFTP /directory:c:Data /password:Secret /url:ftp://ftp.com/backup /ftpuser:Didier /ftppassword:1234
This will compress the c:Data directory and its content (including subdirectories)...
- Publisher: Didier Stevens
- Date Released:
- Download Size: 71 KB
- Download
- Platform: WinOther
