Chapter 7

Tools

Now that Dennis Yurichev has made this book

free (libre), it is a contribution to the world of

free knowledge and free education. However,

for our freedom’s sake, we need free (libre)

reverse engineering tools to replace the

proprietary tools described in this book.

Richard M. Stallman

7.1 Binary analysis

Tools you use when you don’t run any process.

• (Free, open-source)ent^1 : entropy analyzing tool. Read more about entropy:9.2 on page 948.


• Hiew^2 : for small modifications of code in binary files. Has assembler/disassembler.


• (Free, open-source)GHex^3 : simple hexadecimal editor for Linux.


• (Free, open-source)xxdandod: standard UNIX utilities for dumping.


• (Free, open-source)strings: *NIX tool for searching for ASCII strings in binary files, including exe-
  cutable ones. Sysinternals has alternative^4 supporting wide char strings (UTF-16, widely used in
  Windows).


• (Free, open-source)Binwalk^5 : analyzing firmware images.


• (Free, open-source)binary grep: a small utility for searching any byte sequence in a big pile of files,
  including non-executable ones:GitHub. There is also rafind2 in rada.re for the same purpose.

7.1.1 Disassemblers

• IDA. An older freeware version is available for download^6. Hot-keys cheatsheet:.6.1 on page 1044


• Binary Ninja^7


• (Free, open-source)zynamics BinNavi^8


• (Free, open-source)objdump: simple command-line utility for dumping and disassembling.


• (Free, open-source)readelf^9 : dump information about ELF file.

(^1) http://www.fourmilab.ch/random/
(^2) hiew.ru
(^3) https://wiki.gnome.org/Apps/Ghex
(^4) https://technet.microsoft.com/en-us/sysinternals/strings
(^5) http://binwalk.org/
(^6) hex-rays.com/products/ida/support/download_freeware.shtml
(^7) http://binary.ninja/
(^8) https://www.zynamics.com/binnavi.html
(^9) https://sourceware.org/binutils/docs/binutils/readelf.html