announcing Fenris 0.05

From: Michal Zalewski (lcamtufat_private)
Date: Fri May 24 2002 - 10:12:45 PDT

Next message: Michal Zalewski: "Fenris 0.06"

Previous message: RATS Team: "ANNOUNCE: RATS 1.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fenris started as a binary code tracing utility, but since the first
release, it gets more and more difficult to write a simple summary of its
functionality.  Fenris is... erm... a comprehensive multi-level code
tracer, a bit of a C decompiler, an interactive modular debugger, a code
analysis tool, an execution path visualisation tool, a function
fingerprinting and symtab recovery tool - all depends on how you use it.
Fenris is suitable for everything from bug tracking or protocol analysis
to forensics and reverse engineering, doing all the mindless work for you
and making your life a bit easier.

This release comes rather shortly after 0.02, but introduces some major
functionality enhancements. Fenris 0.05 now features better support for
tweaked ELFs, an interactive, traditional debugging shell with some
extras, such as loadable modules, or access to Fenris internals and code
analysis data. An interesting observation - because the core code does not
(and never did) rely on libbfd for any critical tasks, you can use it to
analyze, for example, binaries protected with burneye:

  $ gdb ./startwu
  "./startwu": not in executable format: File format not recognized

  $ objdump -d ./startwu
  objdump: ./startwu: File format not recognized

  $ ./fenris -W /tmp/aegir-sock -X 5 ./startwu &
  $ ./aegir /tmp/aegir-sock
  ...
  [aegir] disas
  05371035:       pushl  0x5371008
  0537103b:       pushf
  0537103c:       pusha
  0537103d:       movl   0x5371000,%ecx
  05371043:       jmp    $0x5371082
  05371048:       popl   %esi
  05371049:       movl   %esi,%edi

Fenris 0.05 is available for download at its usual location,
http://razor.bindview.com/tools/fenris/ . If you are not familiar with
this project, I strongly suggest to you to read its documentation and view
demos - all available at its homepage.

-- 
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Next message: Michal Zalewski: "Fenris 0.06"
Previous message: RATS Team: "ANNOUNCE: RATS 1.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 24 2002 - 10:23:52 PDT