Every reverse engineer, malware analyst or really a windows 10 activator researcher in the end collects a hard and fast of software software that they use on a every day basis to investigate, unpack, and crack different software. This article will cowl mine. It might be useful to everyone who has not yet accumulated their personal toolset and is just beginning to look at the situation. However, an skilled reverse engineer ought to additionally be curious approximately what other crackers are using. WARNING This article is for facts functions handiest. Neither the editorial crew nor the author assumes any responsibility for feasible harm that could get up from the use of these substances. Debuggers Debugging an software is an crucial part of studying it, so every reverse engineer needs a debugger on the geared up. A modern-day debugger ought to guide each Intel architectures (x64 and x86), so this is the first prerequisite. We have to also be capable of debug kernel-mode code. You will want this each from time to time, specially in case you need to search for zero-day vulnerabilities in OS kernels or reverse engineer malware in drivers. The main candidates are x64dbg and WinDbg. The first debugger works in person mode, at the same time as the second one can debug kernel-mode code. X64dbg x64dbg.Com This is a modern debugger with a terrific consumer interface, a worth successor of OllyDbg. It supports both architectures (x64 and x86), and there are lots of beneficial plugins. X64dbg Built-in decompiler Granted, it has its downsides as there are a number of annoying insects. But it is actively evolved and supported. Since the debugger works in person mode, it's miles of route at risk of a extensive variety of anti-debugging techniques. This is, however, in element offset through the supply of many distinctive debugger hiding plugins. X64dbg has a integrated decompiler and imports reconstructor (each x64 and x86), supports code graph visualization and examine/write/execute/get right of entry to breakpoints. This debugger has enabled some hackers to interrupt down the infamous Denuvo DRM machine! Why now not OllyDbg We haven’t covered OllyDbg here because it's far very previous. It does no longer help the modern running systems or x64. The app’s official internet site announced a x64 version or even pronounced a few development development, but the website itself has not been up to date in view that 2014. OllyDbg is absolutely a milestone piece of software, however now it appears that evidently its time has handed. There have additionally been fewer kernel mode debuggers since Syser Kernel Debugger, a successor to SoftICE, turned into deserted. WinDbg Official homepage WinDbg is one of the satisfactory kernel or motive force debugging equipment. This debugger is supported by Microsoft and covered within the Windows Driver Kit (WDK). This is currently the maximum up-to-date and effective kernel code debugger. It does now not characteristic the user-friendly interface of x64dbg, however there are not many other alternatives, as different debuggers don’t assist kernel-mode code. WinDbg helps remote debugging and might down load debug symbols without delay from Microsoft servers. The VirtualKD booster exists to hurry up the WinDbg setup for debugging kernel-mode code in a VM. WinDbg is virtually now not for novices, however as you benefit enjoy in reverse engineering and start checking out various interesting options, you received’t be able to avoid it. WinDbg permits you to view numerous system structures and without difficulty disassemble NTAPI features. Of route it could also be used to debug “ordinary” programs, but I prefer to unleash this effective weapon handiest while it's miles in reality wished! Disassemblers Reverse engineering can not exist with out static code analysis equipment. The cutting-edge choice of disassemblers isn't a whole lot higher than that of debuggers, but there we still have a few favorites. The IDA Pro disassembler is a de facto general in antivirus labs. Next is the Radare2 opposite engineering framework (many reckon that Radare2 is on par with IDA). IDA Disassembler hex-rays.Com/products/ida There are two variations of IDA, a paid Pro model and a unfastened Starter model. The loose version is constrained to x86 and does no longer guide plugins. The Pro model offers complete functionality with a big range of supported processor architectures and plugin guide. IDA does have a built-in debugger with as an alternative basic functionality, however its unconventional interface takes some time to get used to. IDA can also be augmented with the Hex-Rays addon, a decompiler of utility source code into C code. This may be very useful because it without a doubt speeds up program analysis. Overall, IDA is a totally powerful and polished tool with a protracted improvement history. Unfortunately, the Pro version prices approximately $500-a thousand (relying on the license kind) and they do no longer promote it to just absolutely everyone. So we should make do with different alternatives. Radare2 rada.Re Radare2 became to start with conceived as a simple hex editor however grew right into a full framework able to debug and disassemble all sorts of code which includes firmware, viruses and cracks.