katahiromz/CodeReverse2

# CodeReverse2 [](https://github.com/katahiromz/CodeReverse2/actions/workflows/cmake.yml) [](https://ci.appveyor.com/project/katahiromz/codereverse2)  CodeReverse2 是一款用于 Windows 可执行文件的命令行逆向工程工具。 它可在 Windows、Linux 和 MacOS 上运行。 ## 输出示例 ``` CodeReverse2 2.3.8 by katahiromz ## 命令行 ## C:\dev\CodeReverse2\cr2.exe shell32.dll --addr --hex --read 7CAB1C86 20 ## OS 信息 ## Windows 10.0 (x86) ## 读取内存 ## +ADDRESS +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F 0123456789ABCDEF 7CAB1C86 8B FF 56 33 F6 39 35 04 EE AE 7C 75 07 B8 05 40 ..V3.95...|u...@ 7CAB1C96 00 80 5E C3 .^. 20 (0x14) bytes read. ## IMAGE_DOS_HEADER ## e_magic: 0x5A4D e_cblp: 0x0090 ... proc Func7CAB1C86 Label_7CAB1C86 attrs [[cdecl]] # call_from : 7C90FCCE # call_to : 7CAB19E3 7CAB1A37 7CAB1C55 # jump_to : 7CAB1C9A 7CAB1CAB 7CAB1D08 Label_7CAB1C86: 7CAB1C86: 8B FF mov edi, edi 7CAB1C88: 56 push esi 7CAB1C89: 33 F6 xor esi, esi 7CAB1C8B: 39 35 04 EE AE 7C cmp [0x7caeee04], esi 7CAB1C91: 75 07 jnz Label_7CAB1C9A ... ``` ## 用法 ``` Usage: cr2 [options] [input.exe] Options: --help Show this message. --version Show version info. --add-func AVA Add an additional function AVA. --read AVA SIZE Read the module memory. --write AVA "HEX" Write the module memory. --addr Show address in disassembly code. --hex Show hexadecimals in disassembly code. --force Force reading/writing even if not readable/writable. --dump WHAT Specify what to dump (default: all). --syscall AVA win32ksvc.h Specify system call table. * AVA stands for 'absolute virtual address'. * WHAT is either all, dos, fileh, opt, datadir, sections, imports, exports, delay, or disasm. ``` 施工中...

标签：Bash脚本, C++, CMake, DAST, Findomain, meg, PE文件解析, UML, Wayback Machine, Windows可执行文件, 二进制分析, 云安全监控, 云安全运维, 云资产清单, 代码分析, 信息安全, 内存写入, 内存读取, 凭证管理, 十六进制编辑, 反汇编, 恶意软件分析, 情报收集, 数据擦除, 漏洞研究, 逆向工程, 静态分析, 高性能