Rewind

From MultimediaWiki
Revision as of 02:14, 3 March 2006 by DonDiego (talk | contribs) (spelling)
Jump to navigation Jump to search

Rewind is the project name of my (Benjamin Larsson) collection of different tools to aid Reverse Engineering. The goal is to combine all the tools into 'the' tool for codec RE'ing work under Linux.


Elftractor

This Perl script can analyze elf binaries to extract the data tables. The produced tables look quite good and tables with 1 or 2 dimensions can be produced. The script uses a database which can be edited to adjust the different types of possibe tables. Rudimentary function skeleton generation can also be done.

Features missing:

  • >2 dimensions for table generation
  • always generate compilable tables


REbug

A set of macros and functions that can trace a selected calltree. Based partly on this code [1]. Currently the output can then be processed to produce call graphs over executed code.

Current features:

  • function call tracing
  • function argument dumping
  • function return value dumping
  • executed calltree graphing

Features missing:

  • memory tracking - lookup the use of malloc in the executed code
  • structure resolver - check all malloced memory for pointers to other malloced memory
  • argument typing - check/guess if the arguments are pointers to allocateded or stack memory, table elements or something else
  • loop detection - guess existence of loop construct by checking the amount of consecutive calls
  • code skeleton generation - generate a code template with the generated information
  • structure graphing - generate a nice looking graph over the relations in the structures

Argument resolver

This Perl script can analyse the IDA Pro produced assembly of a binary and give a fairly accurate number of arguments to a function and its return type. This script is meant to be used together with REbug output.