Displaying 1 to 20 from 62 results

reactos - A free Windows-compatible Operating System

  •    C

ReactOS™ is an Open Source effort to develop a quality operating system that is compatible with applications and drivers written for the Microsoft® Windows™ NT family of operating systems (NT4, 2000, XP, 2003, Vista, Seven). The ReactOS project, although currently focused on Windows Server 2003 compatibility, is always keeping an eye toward compatibility with Windows Vista and future Windows NT releases.

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode

  •    C++

McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

v86 - x86 virtualization in JavaScript, running in your browser and NodeJS

  •    Javascript

See API. wget -P images/ https://copy.sh/v86/images/{linux.iso,linux3.iso,kolibri.img,windows101.img,os8.dsk,freedos722.img,openbsd.img}.

x64dbg - An open-source x64/x32 debugger for windows.

  •    C++

This is a community effort and we accept pull requests! See the CONTRIBUTING document for more information. If you have any questions you can always contact us or open an issue. You can take a look at the easy issues to get started. You can find an exhaustive list of GitHub contributers here.

RE-for-beginners - "Reverse Engineering for Beginners" free book

  •    TeX

Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM. Compiled versions can be found here: English, Russian, German and French.

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)

  •    C

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

plasma - Plasma is an interactive disassembler for x86/ARM/MIPS

  •    Python

The old project name was Reverse. PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax. You can write scripts with the available Python api (see an example below). The project is still in big development.

barf-project - BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

  •    Python

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated. All packages were tested on Ubuntu 16.04 (x86_64).

likwid - Performance monitoring and benchmarking suite

  •    C

Likwid is a simple to install and use toolsuite of command line applications for performance oriented programmers. It works for Intel and AMD processors on the Linux operating system.For further information please take a look at the Wiki.

steed - [WIP] Rust's standard library, free of C dependencies, for Linux systems

  •    Rust

It's very early days. Very little functionality has been ported over. Should work without having to install a C toolchain or cross compiled C libraries, and without having to run the command inside a Docker container / VM.

x86-assembly-cheat - x86 userland minimal examples tutorial

  •    Assembly

x86 userland minimal examples tutorial. Hundreds of runnable asserts. IO done with libc, so OS portable in theory. Tested in Ubuntu 14.04. Containers (ELF), linking, calling conventions. System land cheat at: https://github.com/cirosantilli/x86-bare-metal-examples

reverse-engineering-reference-manual - collage of reverse engineering topics that I find interesting

  •    Python

NOTE(2): beta? Yes. In the coming months I'm planning on adding more pictures and diagrams to the current content. Plans to add more sections will continue after revamping it. NOTE(3): CI? We all hate broken links. The CI is my attempt to make sure all the external links in this repository are still working. And if any of them is broken, I can easily pinpoint which one and swiftly update it with another relevant link.

Browser Gallese


Browser Gallese is a handy and reliable utility designed to enable users to surf the web from a friendly and easy-to-use GUI.

x86/x86-64 assembler/jitter written in C#


The project goal is to develop a library for generating machine code irrelatively to machine architecture. Assembler-like C# API is a bonus.

y86 - A Y86 pipeline CPU simulator in JavaScript.

  •    Javascript

y86.js.org is a JavaScript powered, Y86 pipeline CPU emulator with a sci-fi UI (Y86 is a classic project in book CS:APP3e).

WinREPL - x86 and x64 assembly "read-eval-print loop" shell for Windows

  •    C++

WinREPL is a "read-eval-print loop" shell on Windows that is useful for testing/learning x86 and x64 assembly. zerosum0x0/WinREPL is similar to yrp604/rappel (Linux) and Tyilo/asm_repl (Mac), but with a slightly different methodology that should allow for tricks such as self-modifying shellcode crypting/encoding. There is also enferex/asrepl for a Unicorn (emulated) version, but WinREPL is completely native inside a Windows process context.

mini-c - Dr Strangehack, or: how to write a self-hosting C compiler in 10 hours

  •    C

I set myself a challenge: write a self-hosting C compiler in 10 hours. This is the result, plus lots of cleanup (check "releases" for the 10 hour version). The general philosophy was: only include a feature if it reduces the total code size. This is taken to its extreme in the insane branch.

arch - Better `os.arch()` for node and the browser -- detect OS architecture

  •    Javascript

This module is used by WebTorrent Desktop to determine if the user is on a 32-bit vs. 64-bit operating system to offer the right app installer.In Node.js, the os.arch() method (and process.arch property) returns a string identifying the operating system CPU architecture for which the Node.js binary was compiled.