Author Topic: pyew - A Python tool like radare or *iew for malware analysis  (Read 4194 times)

0 Members and 1 Guest are viewing this topic.

July 24, 2010, 12:03:04 pm
Read 4194 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335


Pyew is a (command line) python tool like radare and *iew oriented, mainly, to analyze malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it does code analysis the right way), following direct call/jmp instructions, OLE2 format, PDF format (limited) and more. It also supports plugins to add more features to the tool.

See some usage examples or example batch scripts.


Version 1.1.1

    * Support for ELF file formats (AMD64 and IA32) using the Kenshoto's ELF library (VTrace).
    * Code analysis by recursively traversing all possible code paths from entry points.
    * Added the following APIS:
          o resolveName: Resolves the internal name of the given address/offset.
          o NextHead: Return the next disassembly offset given an address/offset.
          o GetMnem/GetMnems: Returns the mnemonic or mnemonic list given an offset and the number of mnemonics to retrieve.

Pyew is very similar in some aspects to the following tools:

    * The almighty radare.
    * The open source Biew and the commercial Hiew.

Analyzing PDF exploits with Pyew
Ruining the bad guy's day