31 Repos
Software for analyzing the internal logic and structure of compiled applications.
Distinguishing note: Focuses on the broad field of reverse engineering rather than specific debugging.
Explore 31 awesome GitHub repositories matching operating systems & systems programming · Reverse Engineering Tools. Refine with filters or upvote what's useful.
RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow
Applies low-level modifications to compiled application files to change execution logic or bypass restrictions.
LeakCanary is a diagnostic tool designed to identify memory leaks by monitoring object lifecycles and analyzing heap snapshots. It automatically detects objects that fail to be garbage collected after their expected lifespan, providing developers with actionable insights to prevent performance degradation and application crashes. The project distinguishes itself by offloading memory-intensive heap parsing to a separate background process, which minimizes performance impact on the main application during runtime. It includes sophisticated deobfuscation capabilities that map obfuscated stack tr
Automatically maps obfuscated stack traces back to original source names to simplify debugging.
dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s
Examines internal structure and logic of compiled software to understand functionality.
ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.
Analyzes the internal structure and metadata of binary files to uncover software functionality.
radare2 is a reverse engineering framework and binary analysis toolset. It functions as a multi-architecture disassembler, low-level binary debugger, and hexadecimal editor for inspecting executable structures and interpreting machine code when original source files are unavailable. The framework provides capabilities for decompiling machine instructions, performing symbolic analysis, and diffing binary files to identify structural changes across versions. It also includes a digital forensic analyzer and disk analyzer for browsing filesystem formats in userland. The toolset supports binary p
Provides a comprehensive environment for analyzing the internal logic and structure of compiled applications.
Cutter is a binary analysis platform and graphical user interface for the Rizin reverse engineering framework. It provides an environment for analyzing the internal logic and data structures of compiled binaries through integrated disassembly and visualization. The platform supports a containerized deployment model to provide isolated environments for binary analysis, which is used to examine suspicious binaries without risking the host system. It is an extensible security tool that allows for the addition of custom analysis capabilities and visualizers via native plugins and scripts. The to
Serves as a specialized tool for analyzing the internal logic and structure of compiled applications.
This project is a comprehensive, community-curated directory of cybersecurity resources, tools, and educational materials. It functions as a centralized index for researchers and students to discover frameworks and utilities across the entire security lifecycle, ranging from initial vulnerability assessment to post-exploitation analysis. The repository distinguishes itself through a hierarchical taxonomy that organizes diverse security disciplines into a searchable, version-controlled knowledge base. Rather than hosting software directly, it utilizes a decentralized aggregation model that lin
Provides specialized resources for binary reverse engineering and software analysis.
Logstash is a JVM-based event processor and extract, transform, load system designed for log data processing pipelines. It functions as a plugin-based data ingestor that collects, transforms, and delivers logs and event data from multiple sources to various destinations. The system utilizes a modular architecture of interchangeable input, filter, and output components to handle real-time data ingestion and enterprise log aggregation. Users can extend the pipeline's functionality by developing custom plugins to support unique data sources or specific transformation logic. The platform covers
Allows users to build custom input, filter, and output plugins to support unique data sources and transformation logic.
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
Provides comprehensive utilities for disassembling, analyzing, and reverse engineering compiled binary executables.
dex2jar is an Android dex decompiler and reverse engineering tool designed to convert Dalvik executable bytecode into Java class files. It functions as a bytecode converter that transforms compiled Android binaries into a format compatible with standard Java analysis tools. The project facilitates Android app decompilation and Java bytecode recovery by translating executable files into readable structures. This allows for the analysis of application logic and the identification of security vulnerabilities or malicious behavior during Android malware analysis. The tool performs static bytecod
Analyzes Android application logic by translating compiled binaries into readable Java code.
The Mobile Application Security Testing Guide is a comprehensive framework and technical resource designed for the assessment of mobile software security. It provides a structured collection of requirements and methodologies to identify vulnerabilities and security flaws in mobile applications prior to their deployment. The project distinguishes itself by integrating reverse engineering techniques with standardized testing procedures to evaluate application logic and binary structures. It supports both Android and iOS platforms, utilizing threat-model-driven methodologies to ensure that secur
Provides techniques for decompiling and disassembling mobile binaries to reconstruct logic and identify hidden vulnerabilities.
This project is an integrated software suite and graphical workbench designed for capturing, visualizing, and reverse engineering wireless communication protocols and digital waveforms. It functions as a platform for software-defined radio analysis, enabling the recording of raw radio frequency data from hardware devices to facilitate the investigation of unknown or proprietary communication logic. The software distinguishes itself through a protocol-agnostic data modeling approach that represents radio transmissions as abstract bitstreams, decoupling analysis tools from specific modulation o
Analyzes digital waveforms and identifies modulation schemes to extract data from proprietary radio transmissions.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Provides a comprehensive framework for analyzing the internal logic and structure of compiled binaries.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Analyzes the internal logic and structure of compiled applications to understand behavior without source code.
Capstone is a multi-architecture disassembly framework and binary translation system. It converts binary machine code into human-readable assembly instructions for a wide variety of hardware instruction set architectures and virtual machines. The framework supports a diverse range of targets, including x86, ARM, RISC-V, and MIPS, as well as virtual machine environments like WebAssembly and the Ethereum Virtual Machine. It functions as an instruction analysis tool capable of extracting granular decomposition data and semantic information from disassembled code. The engine is designed for low-
Analyzes binary files across multiple CPU architectures to understand software behavior and instruction-level logic.
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Provides comprehensive tools for analyzing the internal logic and structure of compiled binaries.
This project is an Android RPA framework designed for automating user interfaces and system tasks on rooted Android devices using Python and ADB. It provides a suite of tools for rooted device management, allowing for programmatic control of system settings, application lifecycles, and shell command execution via a remote API. The framework distinguishes itself through a combination of dynamic instrumentation and AI integration. It can inject scripts into running processes to hook Java interfaces and modifies application behavior in real time. Additionally, it supports large language model in
Ships a pre-installed suite for analyzing compiled application logic, including dynamic instrumentation and system call tracing.
GhidraMCP is a Model Context Protocol server that exposes Ghidra binary analysis and decompilation functions to external intelligence models. It acts as a bridge that connects the Ghidra reverse engineering suite to external tools through a standardized communication protocol, facilitating automated reverse engineering and software auditing. The project enables the extraction of decompiled code and program structural data to populate the context windows of language models. It features a binary symbol management tool capable of dynamic symbol resolution, allowing method and data names to be up
Exposes standardized interfaces for analyzing the internal logic and structure of compiled applications.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Provides a workflow to analyze internal binary logic by removing anti-debugging protections and decrypting strings.
Dieses Projekt ist ein strukturierter Kurs und eine Anleitung für x64-Windows-Reverse-Engineering. Es bietet einen Lehrplan für die Analyse und Dekompilierung von Windows-Binärdateien durch das Studium von Assemblersprache und Betriebssysteminterna. Das Material deckt die Analyse von Windows-Binärdateien und Malware-Analyse ab, mit einem spezifischen Fokus auf die Interpretation von x64-Maschinencode, um die ursprüngliche Programmlogik wiederherzustellen. Es führt den Nutzer durch den Prozess der Verfolgung von Programmverhalten und der Protokollierung von Funktionsaufrufen, um die Funktionsweise von Binärdateien zu verstehen. Der technische Umfang umfasst Dekompilierung auf Assemblerebene, Debugger-gestützte Zustandsinspektion und dynamisches Call-Tracing. Es behandelt zudem befehlsbasierte Analyse, Windows-API-Hooking und x64-Register-Mapping, um zu überwachen, wie Software mit dem System interagiert.
Offers a structured curriculum for analyzing and decompiling binaries through assembly and OS internals.