Fenris started as a binary code tracing utility, but since the first release, it gets more and more difficult to write a simple summary of its functionality. Fenris is... erm... a comprehensive multi-level code tracer, a bit of a C decompiler, an interactive modular debugger, a code analysis tool, an execution path visualisation tool, a function fingerprinting and symtab recovery tool - all depends on how you use it. Fenris is suitable for everything from bug tracking or protocol analysis to forensics and reverse engineering, doing all the mindless work for you and making your life a bit easier. This release comes rather shortly after 0.02, but introduces some major functionality enhancements. Fenris 0.05 now features better support for tweaked ELFs, an interactive, traditional debugging shell with some extras, such as loadable modules, or access to Fenris internals and code analysis data. An interesting observation - because the core code does not (and never did) rely on libbfd for any critical tasks, you can use it to analyze, for example, binaries protected with burneye: $ gdb ./startwu "./startwu": not in executable format: File format not recognized $ objdump -d ./startwu objdump: ./startwu: File format not recognized $ ./fenris -W /tmp/aegir-sock -X 5 ./startwu & $ ./aegir /tmp/aegir-sock ... [aegir] disas 05371035: pushl 0x5371008 0537103b: pushf 0537103c: pusha 0537103d: movl 0x5371000,%ecx 05371043: jmp $0x5371082 05371048: popl %esi 05371049: movl %esi,%edi Fenris 0.05 is available for download at its usual location, http://razor.bindview.com/tools/fenris/ . If you are not familiar with this project, I strongly suggest to you to read its documentation and view demos - all available at its homepage. -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
This archive was generated by hypermail 2b30 : Fri May 24 2002 - 10:23:52 PDT