Ранг: 1045.7 (!!!!)
|Создано: 25 февраля 2009 06:01 New!
Цитата · Личное сообщение · #1
This area is dedicated to code disassembly on intel and AMD processors. This project is a package with a disassembler library (BeaEngine.lib) for windows plateforms (tested under windows XP 32 bits,windows XP 64 bits,windows vista 32 bits, windows 7 32 bits), tools using this library (LookInside, plugin OllyDbg and ImmDbg), a Length Disassembler Engine (LDE64) and a french documentation about x86 and x86-64 instructions encoding.
BeaEngine.lib is a library coded in C (thanks to the IDE Code::Blocks and the compiler Pelles C ) created to decode instructions from 32 bits and 64 bits intel architectures. Actually, the only function available is called Disasm. It includes standard instruction set and instruction set from FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, VMX technologies. For those who like analyzing malicious codes and more generally obfuscated codes, BeaEngine decodes undocumented instructions called "alias" on the web site sandpile. In all scenarios, it sends back a complex structure that describes precisely the analyzed instructions.
You can use it in C (usable with Visual Studio, Pelles C , LCC or MingW), in assembler (usable with masm32, nasm, fasm, GoAsm) and in Python. You can use it in ring3 and in ring0 because it does not use windows API. It had been thought to do a lot of tasks. First, you can retrieve mnemonic and operands according to the specified syntax : intel syntax for Nasm, masm32 et masm64, GoAsm32 and GoAsm64, fasm and AT&T syntax. Next, you can realize accurate analysis on data-flow and control-flow to generate slices or obfuscation patterns. This pack contains the library compiled in 32 bits and 64 bits, its source code under LGPL3 license, numerous examples more or less complex including headers for following langages : C, Python, masm32, nasm, fasm ,GoAsm.
BeaEngine has been implemented using opcode tables seen in the intel documentation completed by tables proposed by Christian Ludloff on his web site www.sandpile.org
Length Disassembler Engine 1.6
This Length Disassembler Engine is relocatable and uses _fastcall convention. Features are same as the previous LDE64-x86.(FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2 et VMX). Thanks to Av0id , cyberbob and lena151 for their advices and remarks.
LDE64 x64: beatrix2004.free.fr/LDE64/LDE64-x64.rar
LDE64 x86: beatrix2004.free.fr/LDE64/LDE64-x86.rar