/ReverseKit

x64 Dynamic Reverse Engineering Toolkit

Primary LanguageC++MIT LicenseMIT

ReverseKit - Dynamic Reverse Engineering Toolkit
ReverseKit Logo

License Stars Forks

ReverseKit is a comprehensive toolkit designed to aid reverse engineers in the process of dynamic RE. With a wide range of features and functionalities, it provides an easy-to-use interface and helps you intercept, analyze, and manipulate code and data during runtime.

FeaturesGetting StartedUsage
ContributingLicenseImages

Features

  • Imports information - along with DLL name, function name, and address.
  • Intercept all system calls via an instrumentation callback.
  • Intercept all commands executed - system(), ShellExecuteEx(), etc.
  • Intercept all thread creations - APIs like std::thread, CreateThread(), etc.
  • Intercept URLs - APIs like UrlDownloadToFileA and InternetOpenUrlA, etc.
  • Threads - lists thread ids along with cpu usage, allows you to suspend them with a button.
  • Heaps information - address, id and flags.
  • Bypass common debugger checks - CheckRemoteDebugger() and IsDebuggerPresent().
  • Anti-BSOD for common usermode BSOD methods which abuse RtlAdjustPrivilege.
  • Prevent sysmon driver from being unloaded.
  • Easy-to-use interface powered by ImGui.
  • Hook library with a normal JMP hook and trampoline hook.

Getting Started

To get started with ReverseKit, you can clone this repository and build the project. Once the build is complete, you can inject the tool using ReverseKit Loader, or any prefered injector and start using it to analyze binaries.

Usage

ReverseKit provides a user-friendly interface that enables you to easily intercept, analyze, and manipulate code and data during runtime. With the wide range of features and functionalities, you can:

  • Monitor and intercept system calls and API functions
  • Monitor CPU usage by active threads and option to suspend
  • Analyze network traffic and intercept URLs
  • Analyze and manipulate thread creations
  • Hook into binary code and redirect execution flow
  • Bypass common debugger checks

Contributing

We welcome contributions from the community. If you find a bug or have an idea for a new feature, please open an issue or submit a pull request.

License

This project is licensed under the terms of the MIT license.

Sponsor

WebSec BV logo

WebSec BV, a cybersecurity company based in Amsterdam, is recognized for their dedication to helping businesses and individuals protect themselves against online threats. As a valued sponsor, they have contributed significantly to the promotion of cybersecurity and the creation of a safer online world.

WebSec's team of professionals is committed to staying ahead of the latest threats and developing cutting-edge solutions to keep their clients protected. Their passion for cybersecurity education has made them a trusted and reliable partner in the industry.

Through their sponsorship and support, WebSec has demonstrated their commitment to promoting cybersecurity awareness and helping people stay safe online. Their contributions are greatly appreciated and have made a significant impact on the work being done in this field, such as making this project 'ReverseKit' a reality.

Overall, WebSec BV is a trusted and respected leader in the fight against cybercrime, and their sponsorship and support have been instrumental in promoting a safer online world. They are a valued partner and their contributions to this important work are truly appreciated.

Website: websec.nl
Blog: websec.nl/blog

Images

tab

Youtube

ReverseKit YouTube Demo 1
ReverseKit YouTube Demo 2