14 个仓库
Analyzing compiled binaries without execution to determine program structure and behavior.
Distinct from Static Analysis: Shortlist candidates focused on compilers or source-level analysis; this is specifically for binary-level static analysis.
Explore 14 awesome GitHub repositories matching operating systems & systems programming · Static Binary Analysis. Refine with filters or upvote what's useful.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
Performs static analysis on compiled binaries to determine intended behavior and internal structure without execution.
RetDec is a reverse engineering framework and static binary analysis tool. Its primary purpose is to function as an LLVM-based machine code decompiler that translates binary machine code from multiple architectures into high-level C source code. The system employs a multi-stage lifting pipeline to recover program logic, using an intermediate representation to apply optimizations before emitting source code. It distinguishes itself through the ability to identify compilers and packers, perform executable unpacking, and reconstruct class hierarchies and original program structures. The framewo
Analyzes compiled binaries without execution to detect compilers, identify packers, and extract structural metadata.
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Analyzes compiled binaries without execution to extract debugging information and determine program structure.
Android Classyshark is a binary analysis toolset designed to extract structural data from Android executable files. It functions as a bytecode viewer and binary XML parser to analyze compiled Java and Android binaries. The project converts binary XML files into readable formats for the inspection of application manifests, layouts, and resource files. It also provides the ability to analyze class interfaces, members, and dependency counts without requiring access to the original source code. The toolset supports static analysis and the export of binary information into plain text formats for
Analyzes compiled binaries at rest to determine dependency counts and interface memberships without execution.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Reveals original constants and embedded files by analyzing the binary without execution.
XenonRecomp is a static binary translator and Xbox 360 game recompiler. It functions as a binary analysis tool and native code generator that converts machine instructions from Xbox 360 game executables into C++ source code for recompilation on different hardware platforms. The tool features specialized capabilities for translating compiled binaries, including the conversion of assembly jump tables into native switch cases and the detection of function boundaries using stack space data and branch link instructions. It optimizes translated code by converting non-volatile and non-argument regis
Performs static analysis on legacy binaries to identify function boundaries and jump tables without executing the code.
Apkleaks is a static analysis tool and security auditor designed to extract hardcoded secrets, API endpoints, and sensitive data from Android application packages. It operates as a secret scanner that analyzes compiled binaries without executing them to identify potential information leaks and insecure endpoints. The tool utilizes a regex-based data extraction engine to identify sensitive strings within decompiled code. It supports customization through JSON-defined search patterns and provides configuration flags to tune the behavior of the underlying disassembler. The analysis pipeline enc
Performs static analysis on compiled binaries to determine program structure and identify leaked credentials without execution.
这是一个针对 iOS 应用程序逆向工程的综合技术指南和课程。它作为一本手册,用于通过反汇编和调试工具剖析移动二进制文件,以分析内部应用程序逻辑和行为。 该材料作为 ARM 汇编和 Objective-C 理论的参考,提供了将底层机器代码转换为人类可读逻辑的必要框架。它将理论研究与实践练习相结合,以验证逆向工程工具在现实世界二进制文件上的使用。 范围涵盖静态二进制分析、动态运行时调试以及 iOS 系统架构的研究。这包括映射文件系统层级和数据组织,以定位应用程序资源和配置文件。
Offers detailed methodologies for examining iOS binaries without execution to identify structural patterns and function calls.
Qira 是一个二进制分析平台和执行跟踪器,记录程序执行期间的每一条指令和数据访问,以进行交互式回放和调试。它作为一个运行时分析环境,使用 QEMU 来跟踪执行并检查内存和寄存器状态。 该系统提供了一个二进制静态分析工具,用于映射程序结构并根据捕获的运行时数据注释指令。它包括一个用于监视对特定地址的读取和写入的运行时内存分析器,以及一个用于导航执行时间线的交互式调试器。 该平台涵盖了二进制跟踪可视化和逆向工程工作流,结合了内存状态快照和指令级事件日志记录。它进一步支持数据访问分析和维护用于记录二进制代码的地址映射注释数据库。
Maps program structure and annotates instructions based on captured runtime execution data.
该项目是一个二进制静态分析工具,旨在从编译后的二进制文件中恢复隐藏和非标准编码的字符串。它作为一个恶意软件分析工具和字符串解密器,提取混淆文本以在不执行代码的情况下揭示隐藏的程序行为。 该工具通过模拟指令执行和抽象语法树评估的组合,自动化恢复嵌入式字符串。它利用基于模式的启发式检测来识别混淆例程,并采用跨平台二进制解析来处理多种可执行格式。 该系统涵盖了广泛的取证能力,包括特定语言的字符串提取,以及将恢复的数据序列化为与外部安全分析平台兼容的格式。
Analyzes compiled binaries without execution to identify code patterns and hidden data structures.
This project is a cybersecurity educational resource and courseware designed for malware analysis and reverse engineering. It provides a structured curriculum of lessons, labs, and guided projects focused on detecting and understanding the behavior of malicious software. The resource includes a lab guide for building isolated virtual machine environments to safely execute and study malware. It covers the setup of a specialized toolchain consisting of disassemblers and debuggers used to analyze compiled machine code. The training material covers both static analysis, which examines binary cod
Provides workflows for analyzing compiled binaries without execution to identify malicious functions.
Binsider is a collection of specialized toolsets for hexadecimal editing, ELF structural analysis, system call tracing, and execution performance profiling. It provides a suite of utilities designed for binary reverse engineering, encompassing both static structural analysis and dynamic runtime monitoring of compiled binaries. The project distinguishes itself by combining low-level binary manipulation, such as a hex editor for raw byte modification, with an ELF binary analysis tool for inspecting file structures and metadata. It also includes a Linux system call tracer for observing dynamic b
Examines internal structure, headers, and strings of binaries without executing the code.
This project is a diagnostic toolset used to scan CPU hardware and Linux kernel images to assess susceptibility to Spectre, Meltdown, and other transient execution vulnerabilities. It functions as a vulnerability scanner and security auditor designed to identify side-channel attack risks and verify the status of hardware-level security patches. The tool provides capabilities for both active system assessment and standalone kernel image security analysis. It evaluates the presence of security mitigations by analyzing CPU hardware and kernel configurations without requiring a running kernel or
Parses compiled kernel images to identify security flags and mitigation patches without executing the code.
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Analyzes compiled binaries without execution to extract and decode obfuscated strings.