Designed to be useful for reverse engineering malware.
features:
- highlights strings/calls/mz-pe very useful in malware analysis.
- PE info, able to jump to sections, entry point, overlay, etc.
- disassembler + referenced strings, API calls
- "highlight all" for current text selection.
This program is licensed under GPLv2.
Binaries available for Windows AMD64, built with cx_Freeze
Install Terminus font, for Windows users download from here. For Debian/Ubuntu users: sudo apt-get install xfonts-terminus
If you have a C compiler run
pip install -r requirements.txt
Otherwise run
pip install yapsy pefile pyperclip pyaes ply pyelftools androguard PyQt5
and manually install Capstone.
If you develop in a virtualenv on Windows, you need to copy the python3.dll to your virtual env, as only python36.dll is copied automatically.
-
PE
-
bootsector
-
ELF
-
APK
-
NTFS
Powered by: Python3, Qt5, Terminus font, pefile, Capstone