3

In the case of static function discovery based on disassembled code, IDA is the best tool I know. What open source tools or frameworks are also able to perform function detection/analysis?

I know radare2 does have some code for that, but it isn't similar to IDA's detection. The architecture is mainly x86/x86_64, but also ARM.

trenchc0de
  • 31
  • 1
  • 1
    Try this thesis by Cristina Cifuentes before reaching for tools http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.105.6048&rep=rep1&type=pdf – Vitaly Osipov Aug 27 '15 at 17:20

3 Answers3

1

There are several free disassemblers availables:

  • radare2, which is also a framework. If you don't like its internal analysis capabilities, you can always use its shell to conduct your analysis by hand with it; it's released under LGPL, and written in C.
  • x64dbg, the spiritual successor of ollydbg, but as a free software; it's Windows only, and written in C++/Qt.
  • HTE, which seems to be a bit like radare2.
jvoisin
  • 2,516
  • 16
  • 23
isa
  • 21
  • 1
  • There's some tools designed for specific purposes as well. For example, mcsema includes bin_descend which is designed to recover a cfg. Unfortunately, that's a task ida is probably the best at. – broadway Aug 27 '15 at 17:38
  • Another one: pyew https://github.com/joxeankoret/pyew – joxeankoret Sep 28 '15 at 07:47
0

From your question is not clear if you mean known functions or arbitrary ones (a way more complicated problem).

For the first case you could take a look at Sybil (https://github.com/cea-sec/Sibyl)

Carlos Garcia
  • 1,041
  • 1
  • 7
  • 15
0

If you are used to using Ollydbg a lot, there is a plugin called Godup. I used it on a daily basis when analyzing Delphi binaries since it contains IDA signatures that can be applied to a file being analyzed in Ollydbg. I believe it is not limited on only Delphi binaries, but based on my work so far that is the area where I used it the most. It saves me quite a lot of time with its function discovery functionality.

ubnix
  • 1,073
  • 7
  • 15