Displaying 1 to 20 from 55 results

reactos - A free Windows-compatible Operating System

  •    C

ReactOS™ is an Open Source effort to develop a quality operating system that is compatible with applications and drivers written for the Microsoft® Windows™ NT family of operating systems (NT4, 2000, XP, 2003, Vista, Seven). The ReactOS project, although currently focused on Windows Server 2003 compatibility, is always keeping an eye toward compatibility with Windows Vista and future Windows NT releases.

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode

  •    C++

McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.

v86 - x86 virtualization in JavaScript, running in your browser and NodeJS

  •    Javascript

See API. wget -P images/ https://copy.sh/v86/images/{linux.iso,linux3.iso,kolibri.img,windows101.img,os8.dsk,freedos722.img,openbsd.img}.

x64dbg - An open-source x64/x32 debugger for windows.

  •    C++

This is a community effort and we accept pull requests! See the CONTRIBUTING document for more information. If you have any questions you can always contact us or open an issue. You can take a look at the easy issues to get started. You can find an exhaustive list of GitHub contributers here.




RE-for-beginners - "Reverse Engineering for Beginners" free book

  •    TeX

Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM. Compiled versions can be found here: English, Russian, German and French.

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)

  •    C

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).


likwid - Performance monitoring and benchmarking suite

  •    C

Likwid is a simple to install and use toolsuite of command line applications for performance oriented programmers. It works for Intel and AMD processors on the Linux operating system.For further information please take a look at the Wiki.

steed - [WIP] Rust's standard library, free of C dependencies, for Linux systems

  •    Rust

It's very early days. Very little functionality has been ported over. Should work without having to install a C toolchain or cross compiled C libraries, and without having to run the command inside a Docker container / VM.

x86-assembly-cheat - x86 userland minimal examples tutorial

  •    Assembly

x86 userland minimal examples tutorial. Hundreds of runnable asserts. IO done with libc, so OS portable in theory. Tested in Ubuntu 14.04. Containers (ELF), linking, calling conventions. System land cheat at: https://github.com/cirosantilli/x86-bare-metal-examples

reverse-engineering-reference-manual - collage of reverse engineering topics that I find interesting

  •    Python

NOTE(2): beta? Yes. In the coming months I'm planning on adding more pictures and diagrams to the current content. Plans to add more sections will continue after revamping it. NOTE(3): CI? We all hate broken links. The CI is my attempt to make sure all the external links in this repository are still working. And if any of them is broken, I can easily pinpoint which one and swiftly update it with another relevant link.

Browser Gallese

  •    

Browser Gallese is a handy and reliable utility designed to enable users to surf the web from a friendly and easy-to-use GUI.

x86/x86-64 assembler/jitter written in C#

  •    

The project goal is to develop a library for generating machine code irrelatively to machine architecture. Assembler-like C# API is a bonus.

y86 - A Y86 pipeline CPU simulator in JavaScript.

  •    Javascript

y86.js.org is a JavaScript powered, Y86 pipeline CPU emulator with a sci-fi UI (Y86 is a classic project in book CS:APP3e).

WinREPL - x86 and x64 assembly "read-eval-print loop" shell for Windows

  •    C++

WinREPL is a "read-eval-print loop" shell on Windows that is useful for testing/learning x86 and x64 assembly. zerosum0x0/WinREPL is similar to yrp604/rappel (Linux) and Tyilo/asm_repl (Mac), but with a slightly different methodology that should allow for tricks such as self-modifying shellcode crypting/encoding. There is also enferex/asrepl for a Unicorn (emulated) version, but WinREPL is completely native inside a Windows process context.

arch - Better `os.arch()` for node and the browser -- detect OS architecture

  •    Javascript

This module is used by WebTorrent Desktop to determine if the user is on a 32-bit vs. 64-bit operating system to offer the right app installer.In Node.js, the os.arch() method (and process.arch property) returns a string identifying the operating system CPU architecture for which the Node.js binary was compiled.

jemul8 - An object-oriented JavaScript x86 Emulator for Node.js and the browser

  •    Javascript

An object-oriented JavaScript x86 Emulator for Node.js and the browser. jemul8 takes an object-oriented approach to emulation. Primarily an educational tool, it aims to provide a detailed description of the internal workings of an IBM-compatible PC.

xelix - An experimental monolithic x86 kernel aiming for POSIX compatibility.

  •    C

Xelix is an open source (GPL v3+ licensed) kernel, mainly for learning how things work inside of a computer. It currently only supports x86. Steps in braces don't neccessarily have to be executed every time you compile Xelix. If you're compiling the first time, run them.