Dynamically Reverse-Engineer Code


Convert 32 and 64-bit shellcode to a Windows executable file.

Website: Author: Ori Damari: License: Free, unknown license Notes: Use full path name to specify the input file; look for the output file in /usr/local/shellcode2exe-bat State File:


Emulate code execution, including shellcode, Windows drivers, and Windows PE files.

Website: Author: FireEye Inc, Andrew Davis License: MIT License: Notes:,, State File: remnux.python3-packages.speakeasy


Emulate code execution of PE files, shellcode, etc. for a variety of OS and hardware platforms.

Website: Author: License: GNU General Public License (GPL) v2.0: Notes: Use qltool to analyze artifacts. Before analyzing Windows artifacts, gather Windows DLLs and other components using the dllscollector.bat script. Read the tool's documentation to get started. State File: remnux.python3-packages.qiling

Bitdefender Disassembler (bddisasm)

Disassemble 32 and 64-bit assembly instructions and emulate shellcode execution.

Website: Author: Bitdefender's HVI Team: License: Apache License 2.0: Notes: disasmtool State File: remnux.packages.bddisasm

Cut out a part of a data stream.

Website: Author: Didier Stevens: License: Public Domain State File: remnux.scripts.cut-bytes


Analyze shellcode by emulating its execution.

Website: Author: David Zimmer License: Free, unknown license Notes: scdbg (GUI), scdbgc (console) State File: remnux.packages.scdbg


A library for x86 code emulation and shellcode detection

Website: Author: License: Free, unknown license State File: remnux.packages.libemu


Locate and decode strings obfuscated using common techniques.

Website: Author: Didier Stevens: License: Public Domain Notes: xorsearch State File: remnux.packages.xorsearch