Pharos – Automated static analysis tools for binary programs

  • 0

Pharos – Automated static analysis tools for binary programs

Category : Blog

Pharos

Pharos is a open source, static binary analysis framework that uses the ROSE compiler, developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics. These features help you automate common reverse engineering tasks with a focus on malicious code analysis. The Pharos framework is made up of the following static binary analysis tools.

 

Pharos

 

Pharos Static Binary Analysis Framework

The Pharos framework is a research project, and the code is undergoing active development. No warranties of fitness for any purpose are provided. While this release provides build instructions, unit tests, and some documentation, much work remains to be done. We’ve tested a few select build configurations, but have not actively tested the portability of the source code. See the installation instructions for more details.

Framework

 

Pharos Static Binary Analysis Tools

APIAnalyzer: The APIAnalyzer is a signature driven tool for finding sequences of API calls with the specified data and control relationships. This capability is intended to be used to detect common operating system interaction parameters such as opening a file, writing to it, and the closing it.

APIAnalyzer

 

OOAnalyzer: OOAnalyzer is a tool for the analysis and recovery of object oriented constructs. It helps you identify object members and methods by tracking object pointers between functions in the program. This tool was previously named “Objdigger” and is being redesigned to use XSB Prolog rules to recover the object attributes. Earlier, ObjDigger used definition-use analysis to identify object pointers, known as this pointers. It accumulates context-free facts that are exported to Prolog for higher-level semantic analysis. When a line of reasoning doesn’t work out, Prolog backtracks and searches for a different solution.

OOAnalyzer

 

CallAnalyzer: Callanalyzer is a tool for reporting the static parameters to API calls in a binary program. It is largely a demonstration of our current calling convention, parameter analysis, and type detection capabilities, although it also provides useful analysis of the code in a program.

CallAnalyzer

 

FN2Yara: FN2Yara is a tool to generate YARA signatures for matching functions in an executable program. Programs that share significant numbers of functions are are likely to have behavior in common.

FN2Yara

 

FN2Hash: FN2Hash is tool for generating a variety of hashes and other descriptive properties for functions in an executable program. Like FN2Yara it can be used to support binary similarity analysis, or provide features for machine learning algorithm.

FN2Hash

 

DumpMASM: DumpMASM is a tool for dumping dis-assembly listings from an executable using the Pharos framework in the same style as the other tools. It has not been actively maintained, and you should consider using ROSE’s standard recursiveDisassemble instead.

DumpMASM

 

PyObjDigger: PyObjDigger is included as a plugin for the IDA Pro Dis-assembler (located at tools/objdigger/ida) to allow you to ingest, view, and modify ObjDigger results directly into IDA Pro. One of the most useful PyObjdigger features is its ability to annotate virtual function calls with clickable labels.

PyObjDigger

 

 

 

 

Highest Selling  Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bangalore

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bangalore

Summer Training for CSE, IT, BCA & MCA Students 

Certified Ethical Hacker Certification – C|EH v10 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

 

 

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bangalore

Bhubaneswar


Leave a Reply

Show Buttons
Hide Buttons