dynStruct Logo

dynStruct

0
Free
Visit Website

dynStruct is a tool using dynamoRio to monitor memory accesses of an ELF binary via a data gatherer, and use this data to recover structures of the original code. dynStruct can also be used to quickly find where and by which function a member of a structure is write or read. Papers: dynStruct was the subject of a master thesis and a publication. Requirements: Data gatherer, CMake >= 2.8, DynamoRIO (avoid the last release, recommended version at DynamoRIO cronbuild or build 7.91.18109). Structure recovery and web interface: Python3, Capstone, Bottle. Setup: - Data Gatherer: Set the environment variable DYNAMORIO_HOME to the absolute path of your DynamoRIO installation. Execute build.sh. To compile dynStruct for a 32bits target on a 64bits os, execute build.sh 32. - Structure recovery and web interface: Install dependencies for dynStruct.py using 'pip3 install -r requirements.txt'. Data gatherer Usage: drrun -opt_cleancall 3 -c <dynStruct_path> <dynStruct_args> -- <prog>

FEATURES

ALTERNATIVES

TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.

A native Python cross-version decompiler and fragment decompiler.

Microservice for scanning files with Yara

YARA rules for ProcFilter to detect malware and threats

Collection of Python scripts for automating tasks and enhancing IDA Pro functionality

A powerful tool for detecting and identifying malware using a rule-based system.

Parse YARA rules into a dictionary representation.

Binwalk is a tool for analyzing, reverse engineering, and extracting firmware images with security and Python 2.7 deprecation notices.

PINNED