L.E.V.I. V0.4 Copyright © 2006 by William Kimball (firstname.lastname@example.org)
Fixes from version 0.1
1. Added missing rel8 to rel32 opcodes for code integration.
2. Fixed 16 bit saving or registers problem.pusha/popa - pushad/popad to save registers.
3. Fixed dll runtime file name problem.Auditing a dll at runtime would create the name of the process and not the module name.
Files included are LEVI.exe, InterceptImports.dll, InterceptInlinesEPO.dll, InterceptInlinesCI.dll, ImportsDB.dat, disasm.dll, source.zip and license.txt
-s Creates a static audit of the imports (defined in ImportsDB.dat)
and inlines in the PE file. This is the default option.
-d Creates a backup of the PE file appended with _bk. Modifies
original PE file with intercept routines for imports and inlines.
This option creates a static audit of the PE file.
-b Intercepts code constructs which check the buffer size. By default,
code constructs which check the buffer are not intercepted.
-i Use code integration (CI) as the interception technique. By default,
Entry-point obscuring (EPO) is used.
-c Restores original PE file with its backup file.
Deletes PE files _IMPORTS.dat, _RUNTIME_IMPORTS.dat,
_INLINES.dat, _RUNTIME_INLINES.dat, ImportsDB.dat, ASM file,
and backup file. If cleaning directory, other than LEVI's current
directory, then InterceptImports.dll, InterceptInlinesEPO.dll and
InterceptInlinesCI.dll are deleted.
-r Restores original PE file with its backup file.
ImportDB.dat data types are ADDRESS, STRING, WIDE_STRING, DWORD, VAR_ARGS and VAR_LIST
Permission is granted to make and distribute verbatim copies of this
program provided the license and this README file are
preserved on all copies.
Compiled into disasm.dll
// Written by Sang Cho, associate professor at
// the department of computer science and engineering
// chongju university
// language used: gcc
// date of second release: August 30, 1998 (alpha version)
// many fixed after release: October 9, 1998
// you can contact me: e-mail address: email@example.com
// hitel id: chokhas
// phone number: (0431) 229-8491 +82-431-229-8491
// real address: Sang Cho
// Computer and Information Engineering
// ChongJu University
// NaeDok-Dong 36
// ChongJu 360-764
// South Korea
// Copyright © 1997,1998,1999,2001,2002,2003 by Sang Cho.
// Permission is granted to make and distribute verbatim copies of this
// program provided the copyright notice and this permission notice are
// preserved on all copies.