|
Pyew is a (command line) python tool like radare and *iew oriented, mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool. See some usage examples or example batch scripts. ChangeLog: Version 2.1 Beta (11-27-2011) - Added Kenshoto's VTrace.
- Initial support for integrated debugging.
- Good support for ELF file format (both 32 and 64 bits).
- Code analysis engine enhanced.
- Fixed a lot of bugs.
Version 2.0 - Code analysis system for x86 rewritten from scratch.
- Support for databases. You can analyze binaries (PE or ELF) and save/open databases.
- Added graph's based clusterization tool 'gcluster.py'.
- Added new PDF utilities:
- pdfss: Seek to one stream
- pdfobj: Show object's list
- pdfso: Seek to one object
- Added new plugins:
- binvi: Show an image representing the contents of the file. Usefull to see different sections in a binary.
- packer: Check if the PE file is packed
- cgraph: Show the callgraph of the whole program (needs PyGTK to show a GUI).
- Many bug fixes.
Version 1.1.1 - Support for ELF file formats (AMD64 and IA32) using the Kenshoto's ELF library (VTrace).
- Code analysis by recursively traversing all possible code paths from entry points.
- Added the following APIS:
- resolveName: Resolves the internal name of the given address/offset.
- NextHead: Return the next disassembly offset given an address/offset.
- GetMnem/GetMnems: Returns the mnemonic or mnemonic list given an offset and the number of mnemonics to retrieve.
Pyew is very similar in some aspects to the following tools:
|