首页
社区
课程
招聘
[转帖]Ariadne Optimizer 0.1 (IDA) by Group-IB
发表于: 2012-5-19 15:15 1401

[转帖]Ariadne Optimizer 0.1 (IDA) by Group-IB

2012-5-19 15:15
1401
Ariadne Optimizer 0.1 (IDA) Group-IB

The Ariadne framework makes it possible for anyone who is involved in reverse engineering to save a time when reversing a code or creating new products. Using Ariadne, you can read and modify executable files, disassemble them, and even decompile a part of the code into the intermediate representation (Ariadne IR). Of course, with Ariadne you can not only read disassembled or decompiled instructions, but also modify them. Moreover, modifications can be saved into the source executable file without using any additional tools. But that's not all! Ariadne has a series of original code trace optimization strategies built-in, which can make your life a lot easier when working with obfuscated code. The Ariadne framework was initially developed for easy use in your own programs. The range of Ariadne applications is broad – from software analysis with complex obfuscation to programs that provide obfuscation and software protection.

Ariadne key features:

* PE parser
- Makes it possible PE format analyzing and modifying
- Supports modifications saving into PE-file

* Ariadne Intelligent Disassembler (AID). Based on open-source Mediana disassembler
- GP, FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, SSE4a, VMX, SMX support
- Provides good code coverage of the PE-file without debugging information (the technology is based on heuristics rather than on signatures)
- Supports MAP-files
- Recognizes switch tables and other entry points including Borland initialization and other tables during smart analysis
- Splits code into basic blocks
- Allows database saving/loading
- Supports modifications saving into PE-file

* Ariadne Intermediate Representation (AIR) language
- Supports assembler instructions translation into IR
- Allows IR instructions modifying
- Optimized to create obfuscation and deobfuscation strategies
- Contains code tracing mechanisms
- Contains built-in trace deobfuscation: (AIR Wave Deobfuscation Technology)
- Supports IR instructions emulation
- Supports IR-project (AIR database) saving and loading
- Supports translation from IR into binary code

Most of the products which disassemble and analyze PE-files require a lot of RAM. In some cases they crash due to lack of memory. In Ariadne, this problem is solved thanks to its own memory manager. When RAM becomes insufficient, the framework creates its own swap file on the computer's hard disk.


Welcome forum.forum is a home.

Please respect the copyright from the Internet.
Пожалуйста, уважайте авторское право в Интернете.
來源于互聯網, 請尊重版權.
所發資源全部來自對互聯網公共資源的收集和整理,僅供學習之用,請于下載后24小時自行刪除!
Issued by all the resources of public resources from the Internet to collect and collate, study purposes only,
please delete themselves 24 hours after downloading!
Выпущено всеми ресурсами государственных ресурсов из Интернет
а на сбор и обобщение, изучение целей, пожалуйста, удалите себя
24 часов после скачивания!
You can Google.

Программное обеспечение выпуска и Windows Crack Обучение
Нам-Dabei Guanyin Бодхисаттва Нам без митабха

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

上传的附件:
收藏
免费 1
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//