Product updates: BinCrowd, PDF Tool, MSDN parser

by

Hi everyone,

we have a few interesting updates for three of our products:

BinCrowd (Collaborative reverse engineering tool; more info here)

The login bug that plagued early testers of our free BinCrowd community server should be fixed now. If you had problems logging in to your account in the past, please try again now. Note that clicking on the confirmation link in the original confirmation email was buggy too. It is possible that your account was deleted automatically because it was not confirmed within 7 days. In that case just make a new account.

We have also improved the speed of file comparisons in the web interface a lot. Even large files like Adobe Reader’s acrord32.dll are now compared to all files in the database in just a few seconds.This is absolutely amazing if you want to compare your file to different versions of the same file, for example to figure out what changed.

Another improvement was made to the BinCrowd IDA Pro plugin which you can get from the zynamics GitHub account. It can now handle the upload of larger files more gracefully. Previous versions tended to crash when giants files (roughly >50K functions) were uploaded.

PDF Tool (Malware PDF analysis tool; more info here)

Our malware PDF analysis tool without a name still has no name. However, we would like to release the first version of it really soon and that’s why we need a name. If you know a name for the tool, please let us know through comments to this post. If we name the tool after your suggestion you will get a free life-long single-user license of the PDF tool.

MSDN Parser (IDA Pro plugin for importing MSDN documentation, more info here)

Thanks to Navtej Singh, Mario Vilas, and others it was possible to improve the IDA Pro plugin that imports MSDN information into IDA Pro. Parsing of the MSDN documentation was improved and function argument names/descriptions are now copied from MSDN into IDB files. That means you now have full documentation about the function arguments of Windows API functions in your IDB files.

19 Responses to “Product updates: BinCrowd, PDF Tool, MSDN parser”

  1. karthik Says:

    hey Sebastian,
    I still don’t see updates for http://github.com/zynamics/msdn-crawler on git?
    p.s: I do see updated ida_importer.py, but not msdn_crawler.py

    • Sebastian Porst Says:

      Hi karthik,

      that’s right. The MSDN update was strictly for the IDA plugin. The crawler update will come soon. Are you waiting for any specific update for bugfix?

      • karthik Says:

        yeah, the decompiled files did not have decscription tags of form β€œ<meta name="Description"" and so script couldn't get the data right (I used MSDN 2008, and hxcomp.exe from 2008 SDK). I was lazy to fix it myself and was hoping that you already got it fixed. πŸ˜€

    • Sebastian Porst Says:

      Ah, OK. I think I use an older version of the MSDN. I’ll see what I can do.

  2. karthik Says:

    and for the PDF tool name…
    how about calling it, “PDF Informer”, or better, “PDF RE-former” as word reformer aptly stands for ‘one who makes positive changes’ (to better reveal actual behavior in assisting analysts) + ‘RE’ could also mean “reverse engineering” πŸ˜‰

  3. Vicktor Says:

    What about “Acrobrat” or “PeDoFile”?

  4. jduck Says:

    pdheffer !

  5. dirk Says:

    Regarding the PDF tool name:

    With BinDiff, BinNavi and VxClass you have chosen CamelCase names that somehow describe the functionality of the product. It might be sensible to continue that approach.

    But for PDF analysis tools, lots of those functional names are already taken: PDF-Analyzer, PDF Inspektor, PDFspy, pdfToolbox, PDF Tools, …

    “PDF-Detective” seems to be available, but this might be too direct.

    So here are my suggestions:
    “zynamics Enspect”,
    “zynamics EnspectPDF”

    These names have a connotation of inspection, but they are quite distinguishable from the already taken names.
    The first one (“Enspect”) would leave room for inclusion of other file formats in the future.

    Some variants:
    “zynamics FileEnspect”,
    “zynamics PDFenspect”,
    “zynamics PDFenspector”

    Some useful advice on how to name products is available at
    http://www.igorinternational.com/process/name-development-product-company.php

    • Sebastian Porst Says:

      That was really insightful. Thank you very much. Naming products is really difficult for the whole team here.

  6. shineindigo Says:

    Name for the pdf tool :

    1. DigPdf
    2. ZPA (Zynamics Pdf Analyzer)

    Thx
    shineindigo

  7. Will Says:

    I like the sound of ZynPAT (Zynamics PDF Analysis Tool) πŸ˜‰

  8. Will Says:

    (Pronounced Zin-pat to rhyme with Bin*)

  9. Will Says:

    Or just ZynPDF if you prefer, though it’s too many syllables to roll off the tongue. I should stop thinking about this now πŸ˜‰

  10. Aaxon Says:

    PD-effed πŸ˜‰

  11. Napalm Says:

    How about PeeOnDevastatedFormat?

  12. pengo Says:

    Hi,

    Here are a few suggestions:

    PDF Pro
    PDF Analyzer
    PDF Inspector

    Regards,

    -p.

  13. thomas Says:

    Parse Dis File
    Parse Dat F***er

    Parserer

    \m/

  14. rfe Says:

    sth like

    ‘zynamics PDFNavi’

    or

    ‘zynamics pdfCrawler’

    cheers,
    rene πŸ˜‰

  15. Official release of PDF Dissector 1.0 « blog.zynamics.com Says:

    […] we’re at it, we’ve had a small contest for finding a name for this tool on our blog. In the end we have decided to go with the name PDF Dissector which is a name we came up with […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: