What is Fenris?
Fenris is a suite of tools suitable for code analysis,
debugging, protocol analysis,
reverse engineering, forensics, diagnostics,
security audits, vulnerability research and many other purposes.
The main logical components are:
- Fenris: high-level tracer, a tool that detects the logic used in C
programs to find and classify functions, logic program structure,
calls, buffers, interaction with system and libraries, I/O
and many other structures. Fenris is mostly a "what's inside"
tracer, as opposed to ltrace or strace, tracers intended to
inspect external "symptoms" of the internal program structure.
Fenris does not depend on libbfd for
accessing ELF structures, and thus is much more robust when
dealing with "anti-debugging" code.
- libfnprints and dress: fingerprinting code that can be used to detect library functions
embedded inside a static application, even without symbols, to make
code analysis simplier; this functionality is both embedded in other
components and available as a standalone tool that adds symtab to
ELF binaries and can be used with any debugger or disassembler.
- Aegir: an interactive gdb-alike debugger with modular capabilities,
instruction by instruction and breakpoint to breakpoint execution, and
real-time access to all the goods offered by Fenris, such as high-level
information about memory objects or logical code structure.
- nc-aegir: a SoftICE-alike GUI for Aegir, with automatic register,
memory and code views, integrated Fenris output, and automatic
Fenris control (now under development).
- Ragnarok: a visualisation tool for Fenris that delivers browsable
information about many different aspects of program execution -
code flow, function calls, memory object life, I/O, etc (to be
redesigned using OpenDX or a similar data exploration interface).
- ...and some other companion utilities.
To read more about Fenris, please click here.
- by lcamtuf, best viewed with html browser -
188.8.131.52, you are a visitior number