erocarrera / pefile
pefile is a Python module to read and work with PE (Portable Executable) files
☆1,855Updated 3 weeks ago
Related projects: ⓘ
- IDA Pro utilities from FLARE team☆2,197Updated 2 months ago
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,168Updated this week
- Reverse engineering framework in Python☆3,439Updated 3 weeks ago
- A static analyzer for PE executables.☆1,007Updated 8 months ago
- Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU☆1,650Updated 7 months ago
- DRAKVUF Black-box Binary Analysis☆1,044Updated this week
- IDAPython project for Hex-Ray's IDA Pro☆1,398Updated 6 months ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,034Updated last week
- Platform for Architecture-Neutral Dynamic Analysis☆2,467Updated last week
- Powerful Disassembler Library For x86/AMD64☆1,242Updated 11 months ago
- FakeNet-NG - Next Generation Dynamic Network Analysis Tool☆1,763Updated 3 months ago
- A Coverage Explorer for Reverse Engineers☆2,223Updated 2 months ago
- Diaphora, the most advanced Free and Open Source program diffing tool.☆3,604Updated this week
- rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.☆1,781Updated 4 months ago
- HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux☆2,432Updated 2 weeks ago
- Automated static analysis tools for binary programs☆1,533Updated last week
- Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software v…☆3,478Updated last week
- A list of IDA Plugins☆3,499Updated 3 months ago
- Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, A…☆1,839Updated last month
- LIEF - Library to Instrument Executable Formats☆4,396Updated this week
- A fork of AFL for fuzzing Windows binaries☆2,312Updated 5 months ago
- Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loadi…☆2,703Updated 2 years ago
- Noriben - Portable, Simple, Malware Analysis Sandbox☆1,101Updated 9 months ago
- ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja…☆1,984Updated 6 months ago
- Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)☆2,116Updated last month
- Export disassemblies into Protocol Buffers☆1,022Updated this week
- ☆928Updated 3 weeks ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,048Updated 3 weeks ago
- Windows kernel and user mode emulation.☆1,473Updated 5 months ago
- Platform for emulation and dynamic analysis of Linux-based firmware☆1,805Updated last month