CPP / C++ Notes - C++ Tooling

• https://coliru.stacked-crooked.com/
  • The only online compiler which supports C++17 and the experimental C++20.
• http://rextester.com/
  • The main selling point of this online tool is that it allows to save code snippets and run them again.
  • Online C++ compiler, provides GCC, CLANG and Visual Studio Compiler, also known as MSVC (VC++ - Visual C++).
  • Supports Boost libraries.
• https://repl.it/languages/cpp11
  • Oline compiler (GCC / C++11 only) with REPL support.
• https://wandbox.org/ (Best)
  • Supports C++11, C++14, C++17 and C++20a (draft).
  • Supports Boost libraries.
  • Supported Languages other C++:
    • Non-managed languages: C, Rust, D, Go C#, CMake, Nim, Haskell, Nim
    • Managed languages: C#, Java, R, Scala, Swift, PHP, Ruby, SQL and so on.

• https://godbolt.org/ [BEST]
  • Compiler explorer - allows to explore the assembly generated by a wide variety of compilers, including, GNU GCC, Clang, MSVC and so on.
• https://www.onlinegdb.com [BEST]
  • Online GNU Debugger
• https://cppinsights.io
  • "C++ Insights is a clang-based tool which does a source to source transformation. Its goal is to make things visible which normally, and intentionally, happen behind the scenes. It's about the magic the compiler does for us to make things work. Or looking through the classes of a compiler. You can see, for example the transformation of a lamda, range-based for-loop or auto. Of course, you can transform any other C++ snippet. "
• https://macro.virhex.com/
  • Macro expander tool
• https://demangler.com/
  • Symbol demangler for MSVC, GCC and Clang.
• http://quick-bench.com
  • Tool for micro benchamrks
• http://metashell.org/index.html
  • Tool for visualizing template expansion

• https://mbebenita.github.io/WasmExplorer/
  • "Here you can translate C/C++ to WebAssembly, and then see the machine code generated by the browser. For bugs, comments and suggestions see: https://github.com/mbebenita/WasmExplorer built with Clang/LLVM, AngularJS, Ace Editor, Emscripten, SpiderMonkey, Binaryen and Capstone.js."
• https://webassembly.studio/

• Assembly x86 - NASM Compiler / TutorialsPoints
• http://shell-storm.org/online/Online-Assembler-and-Disassembler/
• https://www.jdoodle.com/compile-assembler-nasm-online/
• https://defuse.ca/online-x86-assembler.htm
  • "This tool takes x86 or x64 assembly instructions and converts them to their binary representation (machine code). It can also go the other way, taking a hexadecimal string of machine code and transforming it into a human-readable representation of the instructions. It uses GCC and objdump behind the scenes. You can use this tool to learn how x86 instructions are encoded or to help with shellcode development."

• ARMv7 DEC1-Soc CPU Emulator
  • https://cpulator.01xz.net/?sys=arm-de1soc
  • https://cpulator.01xz.net/doc/
  • "CPUlator is a simulator and debugger of a computer system (CPU, memory, and I/O devices) that runs inside a web browser. Simulation allows running and debugging programs without needing to use a hardware board. When you load a program onto the simulator, the program will behave (almost) identically to the same program running on real hardware. The simulated systems are based on the computer systems from the Altera University Program (Nios II and ARMv7) or SPIM (MIPS). A simulator has several advantages over hardware. It is more convenient and easily accessible than a hardware board. Also, compared to hardware, a simulator has greater visibility into the system state and can warn about suspicious behaviours, such as self-modifying code or violating calling conventions, making debugging easier."
• Unicorn.js - The Unicorn emulator framework, now available for JavaScript.
  • https://alexaltea.github.io/unicorn.js/
  • https://news.ycombinator.com/item?id=13570281
  • "Unicorn.js is a port of the Unicorn emulator framework for JavaScript, done with Emscripten. It's released as a 19 MB JavaScript file supporting the architectures: ARM, ARM64, M68K, MIPS, SPARC, and x86. Alternatively, per-platform Unicorn.js releases are also available here. Follow the Readme to build Unicorn.js manually. Unicorn is a lightweight multi-architecture CPU emulator framework originally developed by Nguyen Anh Quynh et al. and released under GPLv2."

Regex Testers

• https://myregextester.com/index.php
• RegExr: Learn, Build, & Test RegEx
• https://regex101.com/
• https://extendsclass.com/regex-tester.html

BNF Grammar Testing Tools for Building Parsers

• https://fransfaase.github.io/ParserWorkshop/Online_inter_parser.html
• https://ohmlang.github.io/editor/
• https://omrelli.ug/nearley-playground/

UML Ascii/Text Drawing Tools

• ASCIIFlow Infinity (Pick-and place)
  • Allows to draw Ascii UML box diagrams by dragging and dropping like in MS-Paint.
• http://stable.ascii-flow.appspot.com/ (Pick-and place)
• https://textik.com/ (Pick-and place)
• https://www.planttext.com/ (Latex-like)
• https://textart.io/sequence (Latex-like)
  • UML Sequence Diagram drawing tool. The user writes the commands and the tool draws the diagram. It adopts an approach similar to Tex/Latex.

• MISC
  • float point online - Google Search
  • IEEE-754 Floating Point Converter
  • IEEE 754 Calculator

SQL Simulator / Playground

• https://www.db-fiddle.com/ => Database SQL Snippets
• compile sql server online (Microsft SQL Server Simulator)
• SQL Tryit Editor v1.6
• Online Sqlite Compiler - Online Sqlite Editor
• Oracle Live SQL

Tools for creating database schema

• https://dbdiagram.io/d
  • Tool for creating Database schema

Tools for translating SQL Dialects

• Translate your SQL from one dialect to another
• http://www.sqlines.com/online
  • Convert between SQL dialects PostgresSQL, MySQL, OracleDB, MariaDB (MySQL fork), Microsft SQL Server …
• Query Mongo: MySQL to MongoDB Query Translator
  • Conversts SQL queries to MongoDB (NonSQL) queries.

• Latex Equatuion Editor - Codecogs
  • https://www.codecogs.com/latex/eqneditor.php
• QuickLaTeX
  • https://www.quicklatex.com/
• Sciweavers
  • http://www.sciweavers.org/free-online-latex-equation-editor
• LaTeX Tables Generator
  • https://www.tablesgenerator.com/
• Online Bibtex Editor
  • https://truben.no/latex/bibtex/
• Latex Templates for Algorithms and Pseudo-code
  • https://www.overleaf.com/learn/latex/algorithms

Clang / LLVM

• https://clang.llvm.org/

Windows / GCC-MingW

• MinGW Compiler [Official Web Site]
• mingw-w64 - GCC for Windows 64 & 32 bits [Download]
• Mingw - newen.net Distribution (GCC Ported for Windows)
  • "My MinGW distribution ("distro") is x64-native and currently contains GCC 9.2.0 and Boost 1.71.0. - The components of this distro fall into four categories: Essentials: The components of MinGW itself. They are required in order to run GCC; Libraries: Useful C and C++ libraries; Utilities: Programs used by programmers; Utilities (Binary): More programs used by programmers. Unlike everything else, I obtained these executables from their official websites instead of building them myself."

• Emscripten - Emscripten: An LLVM-to-Web Compiler
  • https://github.com/emscripten-core/emscripten
  • "Emscripten compiles C and C++ to WebAssembly using LLVM and Binaryen. Emscripten output can run on the Web, in Node.js, and in wasm runtimes. Emscripten provides Web support for popular portable APIs such as OpenGL and SDL2, allowing complex graphical native applications to be ported, such as the Unity game engine and Google Earth. It can probably port your codebase, too! While Emscripten mostly focuses on compiling C and C++ using Clang, it can be integrated with other LLVM-using compilers (for example, Rust has Emscripten integration, with the wasm32-unknown-emscripten and asmjs-unknown-emscripten targets)."
• Emcsripten SDK
  • https://github.com/emscripten-core/emsdk
  • https://developer.mozilla.org/en-US/docs/WebAssembly/C_to_wasm
  • https://webassembly.org/getting-started/developers-guide/
  • "Emscripten toolchain is distributed as a standalone Emscripten SDK. The SDK provides all the required tools, such as Clang, Python and Node.js along with an update mechanism that enables migrating to newer Emscripten versions as they are released. You can also set up Emscripten from source, without the pre-built SDK, see "Installing from Source" below."
• Cheerp - Cheerp - a C/C++ compiler for Web applications
  • https://leaningtech.com/cheerp/
  • "Cheerp is a C/C++ compiler for the Web, based and integrated into the LLVM/clang infrastructure, and featuring numerous custom optimisation steps to maximise performance and minimise size of the compiled JavaScript/WebAssembly output. As such, Cheerp is the best performing, most optimised C++ to WebAssembly compiler available on the market Cheerp is used mainly to port existing C/C++ libraries and applications to HTML5, but can also be used to write high-performance Web applications and components from scratch. C/C++ gets optimised and compiled into JavaScript/WebAssembly, and can easily be deployed as part of a web page."

Android (Cross compiler for Linux running on ARM or MIPS)

• https://developer.android.com/ndk
  • Old NDK - used GCC compilers, new NDK uses Clang/LLVM compiler.

Side Note: Android is "Linux" with BSD-license LibC and user-space utilities provided by toybox.

• SDCC Compiler
  • "SDCC is a retargettable, optimizing Standard C (ANSI C89, ISO C99, ISO C11) compiler suite that targets the Intel MCS51 based microprocessors (8031, 8032, 8051, 8052, etc.), Maxim (formerly Dallas) DS80C390 variants, Freescale (formerly Motorola) HC08 based (hc08, s08), Zilog Z80 based MCUs (z80, z180, gbz80, Rabbit 2000/3000, Rabbit 3000A, TLCS-90), Padauk (pdk14, pdk15) and STMicroelectronics STM8. Work is in progress on supporting the Padauk (pdk13), Microchip PIC16 and PIC18 targets. It can be retargeted for other microprocessors."
• GCC for ARM Core/ISA
  • https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm
  • http://blog.atollic.com/arm-gcc-the-arm-compiler-for-embedded-developers
• GCC AVR - Modified GCC for AVR Microcontrollers
  • https://ccrma.stanford.edu/~juanig/articles/wiriavrlib/AVR_GCC.html
  • https://www.nongnu.org/avr-libc/user-manual/overview.html
  • https://blog.podkalicki.com/how-to-compile-and-burn-the-code-to-avr-chip-on-linuxmacosxwindows/

• https://gnutoolchains.com/
  • "This website contains pre-built GNU toolchains for many embedded platforms. Every toolchain includes: GNU Binutils; GCC compiler for C and C++ languages; GDB debugger; A port of libc or a similar library (e.g. newlib)"
• ARM Core
  • https://gnutoolchains.com/arm-eabi/
• Beagle Bone ARM Development Board (SBC - Single Board Computer)
  • https://gnutoolchains.com/beaglebone/
• Raspberry Pi - SBC Single Board Computer
  • https://gnutoolchains.com/raspberry/
• ESP32
  • https://gnutoolchains.com/esp32/
• AVR Microcontrollers
  • https://gnutoolchains.com/avr/

• rr-project - Reverse Debugging
  • "rr aspires to be your primary C/C++ debugging tool for Linux, replacing — well, enhancing — gdb. You record a failure once, then debug the recording, deterministically, as many times as you want. The same execution is replayed every time. rr also provides efficient reverse execution under gdb. Set breakpoints and data watchpoints and quickly reverse-execute to where they were hit. rr works on real applications and is used by many developers to fix real bugs. It makes debugging hard bugs much easier, but also speeds up debugging of easy bugs."
  • rr features:
    • Low overhead compared to other similar tools, especially on mostly-single-threaded workloads
    • Supports recording and replay of all kinds of applications: Firefox, Chrome, QEMU, LibreOffice, Go programs, …
    • Record, replay and debug multiple-process workloads, including entire containers
    • Works with gdb scripting and IDE integration
    • Durable, compact traces that can be ported between machines
    • Chaos mode to make intermittent bugs more reproducible

• CGDB - Curses-style termninal user interface for GDB
  • "cgdb is a lightweight curses (terminal-based) interface to the GNU Debugger (GDB). In addition to the standard gdb console, cgdb provides a split screen view that displays the source code as it executes. The keyboard interface is modeled after vim, so vim users should feel at home using cgdb."
• GdbGUI - Brower GUI user interface - it opens a webpage at localhost containing a front-end for GDB.
  • Supports commands: YES
  • Video: gdbgui demonstration - browser based gdb frontend
• Nemiver
  • Screencast
  • Supports commands: NO.
• DDD - Data Display Debugger
  • Supports commands: YES.
  • Manual
  • Video: GDNU DDD - Software Debugging
• Eclipse CDT IDE
  • Video: GDB Remote Debugging using LUbuntu Linux and Eclipse CDT Neon 3
  • Video: Debian C/C++ Cross-Compilation for Embedded Linux using Eclipse (Luna), CDT, RSE & Remote Debug
• JetBrain CLion IDE
• Microsft Visual Studio - (Visual Stdio Debugger can connect from Windows to a GDB server remotely over the network)
• Emacs
  • Supports commands: YES.
  • Video: AoD_1: Debugging with GDB in Emacs
• More info, see: GDB Front Ends - GDB Wiki

• Valgrind
  • Most well known memory leak debugger for *Nix systems. Unfortunately, it doesn't work on Windows.
  • Valgrind - Wikipedia
  • Using Valgrind Code Analysis Tools | Qt Creator Manual
• Dr. Memory Memory Debugger for Windows and Linux
  • "Dr. Memory is a memory monitoring tool capable of identifying memory-related programming errors such as accesses of uninitialized memory, accesses to unaddressable memory (including outside of allocated heap units and heap underflow and overflow), accesses to freed memory, double frees, memory leaks, and (on Windows) handle leaks, GDI API usage errors, and accesses to un-reserved thread local storage slots."

See also:

• c - Is there a good Valgrind substitute for Windows? - Stack Overflow

• jeaye/stdman - Formatted C++20 stdlib man pages (cppreference).
  • stdman is a tool that parses archived HTML files from cppreference and generates groff-formatted manual pages for Unix-based systems. The goal is to provide excellent formatting for easy readability. stdman has been tested on Linux and OS X.
• tldr - Simplified and community-driven man pages.
• sinclairtarget/um - "um is a command-line utility for creating and maintaining your own set of man-like help pages. It is available for MacOS (via Homebrew) and Linux (via AUR in Arch, otherwise via Linuxbrew)."

The following tools are not only useful for debugging, diagnosing and assisting development, they are also useful for reverse engineering.

Note:

• object files: executables and shared libraries (*.so files), generally with ELF format.

Command Line Hexadecimal Visualizer

• hexdump
• od

GNU Tools

• readelf - View ELF file structure
  • https://www.linuxjournal.com/article/1060
• objdump - View ELF file object-code (disassembler)
  • https://www.howtoforge.com/linux-objdump-command/
• nm - Show symbols of executable or shared library (dll equivalent, aka shared object).
• strace - Allows tracing process system calls and view files opened by process.

• makeself - "makeself - Make self-extractable archives on Unix. makeself.sh is a small shell script that generates a self-extractable compressed tar archive from a directory. The resulting file appears as a shell script (many of those have a .run suffix), and can be launched as is. The archive will then uncompress itself to a temporary directory and an optional arbitrary command will be executed (for example an installation script). This is pretty similar to archives generated with WinZip Self-Extractor in the Windows world. Makeself archives also include checksums for integrity self-validation (CRC and/or MD5/SHA256 checksums)."

• auriamg/macdylibbundler
  • "Utility to ease bundling libraries into executables for OSX. dylibbundler is a small command-line programs that aims to make bundling .dylibs as easy as possible. It automatically determines which dylibs are needed by your program, copies these libraries inside the app bundle, and fixes both them and the executable to be ready for distribution… all this with a single command on the teminal! It will also work if your program uses plug-ins that have dependencies too."

• shmcat
  • This is a simple tool that dumps shared memory segments (System V and POSIX), files and text. It might be useful when you have to debug programs that use shared memory. Dumps System V (shmget, shmat API) and POSIX (shm_open…) shared memory.

• chocolatey - Command line package manager that can install applications and packages from command line. It works in a similar fashion to MacOSX's homebrew, it does not store any software, the repository just contains recipes for installing the applications.
• Scoop - Similar to chocolatey, but it stores the recipes in Github repositories.

• SysInternals - A collection of debugging tools which allows to introspect processes and get informations such as loaded DLLs, files opened by a process, network activity and so on.
  • https://docs.microsoft.com/en-us/sysinternals/
  • http://www.sysinternals.com/
  • https://docs.microsoft.com/en-us/sysinternals/downloads/process-utilities
• Sysinternals / dumpbin
  • Show informations Windows native executables and shared libraries, specifically about PE32 object code. For instance, it can show symbols exported by a DLL, DLLs used by an executable and functions imported by the executable from DLLs.
• Sysinternals / procmon
  • Process mionitor
• Sysinternals / procexp
  • Process explorer
• Sysinternals / Winobj
  • WinObj accesses and display information on the NT Object Manager's name space

Installers

Tools for creating installers for Windows applications.

• NSIS - "NSIS (Nullsoft Scriptable Install System) is a professional open source system to create Windows installers. It is designed to be as small and flexible as possible and is therefore very suitable for internet distribution. Being a user's first experience with your product, a stable and reliable installer is an important component of successful software. With NSIS you can create such installers that are capable of doing everything that is needed to setup your software. NSIS is script-based and allows you to create the logic to handle even the most complex installation tasks. Many plug-ins and scripts are already available: you can create web installers, communicate with Windows and other software components, install or update shared components and more."
• Inno Setup - "Inno Setup is a free installer for Windows programs by Jordan Russell and Martijn Laan"
  • Source: https://github.com/jrsoftware/issrc
  • Support for every Windows release since 2006, including: Windows 10, Windows 10 on ARM, Windows Server 2016, Windows 8.1, Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista. (No service packs are required.)
  • Extensive support for both administrative and non administrative installations.
  • Supports creation of a single EXE to install your program for easy online distribution. Disk spanning is also supported.

Unpackers

• innoextract - "A tool to unpack installers created by Inno Setup."
• msitools - "msitools is a set of programs to inspect and build Windows Installer (.MSI) files. It is based on libmsi, a portable library to read and write .MSI files. libmsi in turn is a port of (and a subset of) Wine's implementation of the Windows Installer."
  • https://gitlab.gnome.org/GNOME/msitools

• GNU Poke - "GNU poke is an interactive, extensible editor for binary data. Not limited to editing basic entities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them."
  • Official Web Site: http://www.jemarch.net/poke
  • Repository: https://git.savannah.gnu.org/cgit/poke.git
  • GNU Poke Presentation
• Kaitai Struct - "Reading and writing binary formats is hard, especially if it’s an interchange format that should work across a multitude of platforms and languages. Have you ever found yourself writing repetitive, error-prone and hard-to-debug code that reads binary data structures from files or network streams and somehow represents them in memory for easier access? Kaitai Struct tries to make this job easier — you only have to describe the binary format once and then everybody can use it from their programming languages — cross-language, cross-platform."
  • Official Web Site: https://kaitai.io/
  • Documentation: https://kaitai.io/
  • Android Dex File Format: https://formats.kaitai.io/dex/index.html
  • Ipv4 packet - https://formats.kaitai.io/ipv4_packet/index.html
  • IPv6 packet - https://formats.kaitai.io/ipv6_packet/index.html

Testing socket clients or servers:

• Netcat, aka nc
• socat
  • https://github.com/craSH/socat
  • Socat, Another Network Swiss Army Knife | /dev/random

Http Requests:

• curl - Can be used for testing http servers and performing http requests from command line simulating a web browser.
• ab - Apache HTTP server benchmarking tool
  • "ab is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server. It is designed to give you an impression of how your current Apache installation performs. This especially shows you how many requests per second your Apache installation is capable of serving."
  • See:
    • 7 Tips for Heavy Load Testing with Apache Bench - Polymorph Blog
    • How To Use ApacheBench To Do Load Testing on an Ubuntu 13.10 VPS | DigitalOcean
    • How to Apache Stress Test With ab Tool - Cloud Services - Xandr Documentation
• mitmproxy - mitmproxy is a free and open source interactive HTTPS proxy.
  • https://github.com/mitmproxy/mitmproxy

Websockets:

• joewalnes/websocketd
  • "Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets. http://websocketd.com/"
• wscat
  • "WebSocket cat"

Network capture and packet inspection, low level analysis:

• wireshark
  • "Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998."
• tcpdump
  • "tcpdump, a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture."
• tcpflow
  • "tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows."
  • See: TCPflow - Analyze and Debug Network Traffic in Linux

Certificates SSL/TSL:

• mkcert - "mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration."
• minica - "minica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used."
• certigo - "Certigo is a utility to examine and validate certificates to help with debugging SSL/TLS issues. Supports all common file formats: Certigo can read and dump certificates in various formats. It can automatically detect and read from X.509 (DER/PEM), JCEKS, PKCS7 and PKCS12 files. Certificates can be dumped to a human-readable format, a set of PEM blocks, or a JSON object for use in scripting."

• scout - Scout - Instruction based research debugger
  • "Scout is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios, such as: Collecting information on the address space of the debuggee - recon phase and exploit development; Exploring functionality of the original executable by accessing and executing selected code snippets; Adding and testing new functionality using custom debugger instructions; We have successfully used "Scout" as a debugger in a Linux Kernel setup, and in several embedded firmware research projects, and so we believe that it's extendable API could prove handy for other security researchers in their research projects."
• IDA - Interactive Disassemble and debugger designed for reverse engineering. In addition Linux, Windows and OSX binaries, IDA can also disassemble firmwares.
• OllyDBG (Windows-only) - Debugger designed for reverse engineering with better capabilities to operate without debugging symbols.
• x64dbg (Windows-only) - An open-source x64/x32 debugger for windows.
  • Features: "An open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive plugin system to add your own. You can find more information on the blog!"
  • Repository: https://github.com/x64dbg/x64dbg
  • Blogs:
    • https://x64dbg.com/blog/
    • http://reverseengineeringtips.blogspot.com/2015/01/an-introduction-to-x64dbg.html

• hte - "Viewer/editor/analyzer for executables"
  • Supported object file formats: common object file format (COFF/XCOFF32); executable and linkable format (ELF); linear executables (LE); standard dos executables (MZ); new executables (NE); portable executables (PE32, PE64); Mach exe/link format (MachO); … …
  • https://github.com/sebastianbiallas/ht
• pev
  • "pev the PE file analysis toolkit fast, scriptable, multiplatform, feature-rich, free and open source."
• CFF Explorer
  • PE (Portable Executable) viewer and editor with an intuitive graphical user interface.
• dwarf-ng
  • "dwarf-ng is a powerful object file manipulation tool and hex editor in the spirit of gdb. with dwarf-ng you can read and edit all the file's section headers as well as the raw data. With dwarf-ng you can create and customize new file's header and it can be used as a compiler back-end to create executables/object files. dwarf-ng also permits to inject easily new headers and pieces of code/data into the file. dwarf-ng currently handles Raw ELF (Elf32, Elf64), PE (Portable executables PE32, PE+) and Mach-O (os x executables 32&64bit)".
• dwarfutils
  • "Dump and produce DWARF debug information in ELF objects."
• patchelf
  • "PatchELF is a small utility to modify the dynamic linker and RPATH of ELF executables. Dynamically linked ELF executables always specify a dynamic linker or interpreter, which is a program that actually loads the executable along with all its dynamically linked libraries. (The kernel just loads the interpreter, not the executable.) For example, on a Linux/x86 system the ELF interpreter is typically the file /lib/ld-linux.so.2. It is sometimes necessary to use a different ELF interpreter, say, when you want to test a version of Glibc installed in a location other than /lib. And in the Nix Packages collection we build our own Glibc, which we obviously want to use. Building programs with a different interpreter is a matter of using the linker flag -dynamic-linker: … …"
• osslsigncode
  • "Platform-independent tool for Authenticode signing of PE(EXE/SYS/DLL/etc), CAB and MSI files - uses OpenSSL and libcurl. It also supports timestamping (Authenticode and RFC3161)."

• binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • "Binwalk is an open source firmware extraction tool that extracts embedded file systems from firmware images. Created in 2010 by ReFirm Lab’s own Principal Reverse Engineer Craig Heffner, Binwalk is widely recognized as the leading tool for reverse engineering firmware images."
  • See:
    • https://www.refirmlabs.com/binwalk/
    • Ubuntu Manpage: binwalk - tool for searching binary images for embedded files and executable code
    • https://github.com/ReFirmLabs/binwalk/wiki
    • A short introduction to binwalk
    • File System Analysis with Binwalk | By Alex Ocheme Ogbole - eForensics

• Dependency Walker
  • Tool which scans executable dependencies such as imported DLLs.
  • http://www.dependencywalker.com/
• Resource Hacker
  • User interface that allows to inspect, extract and modify resources of Windows executables (PE32 and PE64).
  • http://www.angusj.com/resourcehacker/
• RPC View
  • "A free and powerful tool to explore and decompile all RPCfunctionalities present on a Microsoft system."
  • http://rpcview.org/
• API Monitor
  • "Monitor is a free software that lets you monitor and control API calls made by applications and services. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications."
  • http://www.rohitab.com/apimonitor
• Winapi Override
  • "WinAPIOverride is an advanced api monitoring software for 32 and 64 bits processes. You can monitor and/or override any function of a process. This can be done for API functions or executable internal functions. It tries to fill the gap between classical API monitoring softwares and debuggers. It can break targeted application before or after a function call, allowing memory or registers changes; and it can directly call functions of the targeted application."
  • http://jacquelin.potier.free.fr/winapioverride32/
• NtTrace (Strace for Windows)
  • "NtTrace provides a simple trace facility for the Windows Native API. It is roughly equivalent to strace on Linux. The native API is the interface between the application space and the OS kernel; this API is provided by ntdll.dll. It is not very well documented, and changes between versions of Windows, but tracing execution of an application at this level can provide a clear view of its use of the operating system. NtTrace uses the debugging interface on Windows to intercept the returns from the native API and display the input arguments and return code. Return codes are translated to Window error code and error messages where possible."
  • http://www.howzatt.demon.co.uk/NtTrace/
  • https://github.com/rogerorr/NtTrace

• radare Framework - A suite of reversing enegineering tools.
  • Features:
    • Disassemble (and assemble for) many different architectures
    • Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
    • Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
    • Perform forensics on filesystems and data carving
    • Be scripted in Python, Javascript, Go and more
    • Support collaborative analysis using the embedded webserver
    • Visualize data structures of several file types
    • Patch programs to uncover new features or fix vulnerabilities
    • Use powerful analysis capabilities to speed up reversing
    • Aid in software exploitation
• radare2-docker - Dockerized version of Radare2.
• mxmssh/drltrace - Drltrace is a library calls tracer for Windows and Linux applications.
  • "Drltrace is a dynamic API calls tracer for Windows and Linux applications. Drltrace is built on top of DynamoRIO dynamic binary instrumentation framework. Drltrace was initialy implemented by Derek Bruening and distributed with DynamoRIO and DrMemory frameworks. This repository contains a standalone version of drltrace with additional scripts and materials on how to use it for malware analysis. The release build can be downloaded here."
• Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Features:
  • "Scriptable: Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts."
  • "Portable: Works on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Install the Node.js bindings from npm, grab a Python package from PyPI, or use Frida through its Swift bindings, .NET bindings, Qt/Qml bindings, or C API."

• https://godbolt.org/
  • Compiler explorer - allows to explore the assembly generated by a wide variety of compilers, including, GNU GCC, Clang, MSVC and so on.
• WinREPL - Assembly REPL - interactive shell like Python or IPython for Windows.
  • Precompile binaries: https://github.com/zerosum0x0/WinREPL/releases/
• Rappel - A linux-based assembly REPL for x86, amd64, armv7, and armv8.
  • Rappel: A REPL for x86, amd64, and armv7 | Hacker News
• Unicorn - CPU emulator Framework
  • https://github.com/unicorn-engine/unicorn