From Collaborative RCE Tool Library
Linux Disassemblers
| Tool name: | Fenris |
| ||
|---|---|---|---|---|
| Author: | lcamtuf | |||
| Website: | http://lcamtuf.coredump.cx/fenris | |||
| Current version: | 0.07-m2 build 3245 | |||
| Last updated: | July 11, 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Fenris is a suite of tools suitable for code analysis, debugging, protocol analysis, reverse engineering, forensics, diagnostics, security audits, vulnerability research and many other purposes. The main logical components are: * Fenris: high-level tracer, a tool that detects the logic used in C programs to find and classify functions, logic program structure, calls, buffers, interaction with system and libraries, I/O and many other structures. Fenris is mostly a "what's inside" tracer, as opposed to ltrace or strace, tracers intended to inspect external "symptoms" of the internal program structure. Fenris does not depend on libbfd for accessing ELF structures, and thus is much more robust when dealing with "anti-debugging" code. * libfnprints and dress: fingerprinting code that can be used to detect library functions embedded inside a static application, even without symbols, to make code analysis simplier; this functionality is both embedded in other components and available as a standalone tool that adds symtab to ELF binaries and can be used with any debugger or disassembler. * Aegir: an interactive gdb-alike debugger with modular capabilities, instruction by instruction and breakpoint to breakpoint execution, and real-time access to all the goods offered by Fenris, such as high-level information about memory objects or logical code structure. * nc-aegir: a SoftICE-alike GUI for Aegir, with automatic register, memory and code views, integrated Fenris output, and automatic Fenris control (now under development). * Ragnarok: a visualisation tool for Fenris that delivers browsable information about many different aspects of program execution - code flow, function calls, memory object life, I/O, etc (to be redesigned using OpenDX or a similar data exploration interface). * ...and some other companion utilities. | |||
| Also listed in: | Reverse Engineering Frameworks, Linux Debuggers, Tracers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | IDA Pro |
| ||
|---|---|---|---|---|
| Author: | Ilfak Guilfanov | |||
| Website: | http://www.hex-rays.com/idapro | |||
| Current version: | 5.5 | |||
| Last updated: | June 15, 2009 | |||
| Direct D/L link: | N/A | |||
| License type: | Commercial | |||
| Description: | The IDA Pro Disassembler and Debugger is an interactive, programmable, extendible, multi-processor disassembler hosted on Windows or on Linux. IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and COTS validation. There is also a free (crippled) version available (IDA Pro Free). See its own entry in the library for more info. As of January 7, 2007, the official IDA Pro website moved from the old URL (http://www.datarescue.com/idabase) to the one listed above. | |||
| Also listed in: | .NET Disassemblers, Disassemblers, IPhone Tools, Linux Debuggers, Mobile Platform Debuggers, Mobile Platform Disassemblers, Ring 3 Debuggers, Symbian Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | radare |
| ||
|---|---|---|---|---|
| Author: | pancake | |||
| Website: | http://www.radare.org | |||
| Current version: | 1.4.1 | |||
| Last updated: | November 3, 2009 | |||
| Direct D/L link: | http://radare.nopcode.org/get/radare-1.4.1.tar.gz | |||
| License type: | GPL | |||
| Description: | <nowiki>The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc. The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls. The debugger and disassembler has a code analysis module for x86, mips, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary. The toolchain provides assemblers and disasemblers for x86, arm, mips (Loongson2F), sparc, CSR, m68k, powerpc, msil and java. The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so). The debugger is mainly developed on linux and {Net | |||
| Also listed in: | .NET Disassemblers, Assemblers, Binary Diff Tools, Code Injection Tools, Debuggers, Disassemblers, Hex Editors, Java Disassembler Libraries, Linux Debuggers, Linux Tools, Memory Dumpers, Memory Patchers, Process Dumpers, Reverse Engineering Frameworks, Ring 3 Debuggers, String Finders, Symbol Retrievers, SysCall Monitoring Tools, Tracers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Bastard |
| ||
|---|---|---|---|---|
| Author: | ||||
| Website: | http://bastard.sourceforge.net | |||
| Current version: | 0.16 | |||
| Last updated: | 2002 | |||
| Direct D/L link: | N/A | |||
| License type: | Free / Open Source | |||
| Description: | The Bastard is a disassembler -- or, more appropriately, a disassembly environment. The idea is that you have an interpreter, much as you would in Perl or Python, which allows you to load files, disassemble them, dump the disassembly, write/run macros, and various other operations. The x86 instruction disassembler written for this project has been packaged seperately as libdisasm, and is intended to be used in other open source projects. This interpreter can be used interactively, it can be fed commands via STDIN [just like a scripting interpreter], and it can be communicated with via a pair of FIFOs. Now, on top of this any number of UI front ends can be stacked -- ncurses console front ends, Gtk X front-ends, Tk front ends, etc. It is the reponsibility of the front-ends to display the information obtained by querying the disassembler, supplying syntax highlighting, displaying strings, xrefs, etc; however the disassembler will retain all of this information, do all of the 'brute' processing, and will provide any of the information when requested. The bastard currently runs on x86 Linux and FreeBSD [CVS version]. It can disassemble x86 ELF, a.out, and PE files as well as flat binary files [.com, .bin]. | |||
| Also listed in: | Disassemblers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | ERESI Framework |
| ||
|---|---|---|---|---|
| Author: | The ERESI Project | |||
| Website: | http://www.eresi-project.org | |||
| Current version: | 0.8a23 | |||
| Last updated: | November 30, 2007 | |||
| Direct D/L link: | N/A | |||
| License type: | Free / Open Source | |||
| Description: | The ERESI Reverse Engineering Software Interface is a unified multi-architecture binary analysis framework targeting operating systems based on the Executable & Linking Format (ELF) such as Linux, *BSD, Solaris, HP-UX, IRIX and BeOS. ERESI is a general purpose hybrid framework : it includes both static analysis and runtime analysis capabilities. These features are accessed by primitives of the ERESI reverse engineering language which makes the framework more adaptable to the precise needs of her users. It brings an environment of choice for program analysis throught instrumentation, debugging, and tracing as it also provides more than ten exclusive major built-in features . ERESI can also be used for security auditing, hooking, integrity checking or logging binary programs. The project prones modularity and reusability of code and allows users to create their own project on top of the ERESI language interpreter in just a few lines. Among other features, the base code can display program graphs on demand using its automated flow analysis primitives. Our tools are enhanced for hardened or raw systems which have no executable data segments and no native debug API or even explicit program information. The ERESI framework includes: * The ELF shell (elfsh), an interactive and scriptable ERESI interpreter dedicated to instrumentation of ELF binary files. * The Embedded ELF debugger (e2dbg), an interactive and scriptable high-performance userland debugger that works without standard debug API (namely without ptrace). * The Embedded ELF tracer (etrace), an interactive and scriptable userland tracer that works at full frequency of execution without generating traps. * The Kernel shell (kernsh), an interactive and scriptable userland ERESI interpreter to inject code and data in the OS kernel, but also infer, inspect and modify kernel structures directly in the ERESI language. * The Evarista static analyzer, a work in progress ERESI interpreter for program transformation and data-flow analysis of binary programs directly implemented in the ERESI language (no web page yet). Beside those top-level components, the ERESI framework contains various libraries that can be used from one of the previously mentioned tools, or in a standalone third-party program: * libelfsh : the binary manipulation library on which ELFsh, E2dbg, and Etrace are based. * libe2dbg : the embedded debugger library which operates from inside the debuggee program. * libasm : the disassembly engine (x86 and sparc) that gives semantic attributes to instructions and operands. * libmjollnir : the code fingerprinting and graph manipulation library. * librevm : the Reverse Engineering Vector Machine, that contains the meta-language interpretor and the standard ERESI library. * libaspect : the type system and aspect library. It can define complex data-types to be manipulated ad-hoc by ERESI programs. * libedfmt : the ERESI debug format library which can convert dwarf and stabs debug formats to the ERESI debug format by automatically generating new ERESI types. | |||
| Also listed in: | Reverse Engineering Frameworks, Linux Debuggers, Tracers, Code Injection Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | lida |
| ||
|---|---|---|---|---|
| Author: | Mario Schallner | |||
| Website: | http://lida.sourceforge.net | |||
| Current version: | 00.03.00 | |||
| Last updated: | December 5, 2004 | |||
| Direct D/L link: | N/A | |||
| License type: | Free / Open Source | |||
| Description: | lida is basically a disassembler and code analysis tool. It uses the bastards libdisasm for single opcode decoding (see http://bastard.sourceforge.net/libdisasm.html). It allows interactive control over the generated deadlisting via commands and builtin tools. Short Overview of (planned) features: * ELF, RAW file disassembly (generating stringtable, symboltable, crossreferences, ... ) * trace execution flow of binary * work with symbolic names: interactive naming of functions, labels, commenting of code * scan for known anti-debugging, anti-disassembling techniques * scan for user defined code sequences * integrated patcher * integrated cryptoanalyzer * handy ("intelligent") browsing * openssl support (customizeable "init values", apply to programs datablocks) Why lida? The project lida was initiated because of the lack of handy reverse engineering software for linux. Therefore it is designed to (and should) fit several needs of some typical reverse-engineering sessions. lida addresses people who like to work on deadlistings, and should be especially useful for people with previous experience in windows reverse engineering. lida should be a good "entry point" for examining the "new targets". A typical use is to run it while debugging your program and comment the deadlisting / name functions with the information gathered. So basically it is a disassembler. Why another one? :) Many disassemblers out there use the output of objdump - lida tries a more serious approach. The several limitations of objdump (see 3.1) are broken by using libdisasm (thx to HCUNIX!), and by tracing the execution flow of the program. Further, by having the control over the disassembly - more features can be included. Everybody who has already worked on some deadlisting will immediate feel a need to work interactive with the code - and be able to change it. Therefore lida will have an integrated patcher, resolves symbolic names, provides the ability to comment the code, serves efficient browsing methods, ... The more exotic features of lida should be on the analysis side. The code can be scanned for custom sequences, known antidebugging techniques, known encryption algorithms, ... also you will be able to directly work with the programs data and for example pass it to several customizable en-/decryption routines. This of course only makes limited sense as it is not a debugger. Tough often I really missed this functionality. | |||
| Also listed in: | Disassemblers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
