Author Topic: pyew - A Python tool like radare or *iew for malware analysis  (Read 3125 times)

0 Members and 1 Guest are viewing this topic.

July 24, 2010, 12:03:04 pm
Read 3125 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
http://code.google.com/p/pyew/w/list

Quote

Pyew is a (command line) python tool like radare and *iew oriented, mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool.

See some usage examples or example batch scripts.

ChangeLog:

Version 1.1.1

    * Support for ELF file formats (AMD64 and IA32) using the Kenshoto's ELF library (VTrace).
    * Code analysis by recursively traversing all possible code paths from entry points.
    * Added the following APIS:
          o resolveName: Resolves the internal name of the given address/offset.
          o NextHead: Return the next disassembly offset given an address/offset.
          o GetMnem/GetMnems: Returns the mnemonic or mnemonic list given an offset and the number of mnemonics to retrieve.

Pyew is very similar in some aspects to the following tools:

    * The almighty radare.
    * The open source Biew and the commercial Hiew.


Analyzing PDF exploits with Pyew
http://joxeankoret.com/blog/2010/02/21/analyzing-pdf-exploits-with-pyew/#more-95
Ruining the bad guy's day