Presentation

The ERESI Reverse Engineering Software Interface is a multi-architecture binary analysis framework with a tailored domain specific language for reverse engineering and program manipulation. ERESI features both process-specific and OS-wide support for instrumentation, debugging and analysis of INTEL and SPARC machine programs (with features also available for ARM, MIPS and ALPHA processors). ERESI is enhanced for operating systems based on the Executable & Linking Format (ELF) in particular on the Linux OS. We also support for *BSD, Solaris, HP-UX, IRIX and BeOS platforms to some extent. Finally, ERESI can trace into any OS in a virtual machine or emulator using the GDB serial protocol.

We prone modularity and reuse of code. You can create your own project on top of ERESI in just a few hours. Among a lot of many features, you can access and display program graphs without the need for symbols, executable data segments or native debug API (ERESI is also capable of using this information when available in the DWARF or STABS debug formats).

Here are the projects that were developed on top of the ERESI framework:

• elfsh : An interactive and scriptable static program instrumentation tool for ELF binary files.
• kernsh: An interactive and scriptable runtime kernel instrumentation tool for live code injection, modification and redirection.
• e2dbg : An interactive and scriptable high-performance process debugger that works without standard OS debug API (without ptrace).
• etrace : A scriptable runtime process tracer working at full frequency of execution without generating traps.
• kedbg: An interactive and scriptable OS-wide debugger interfaced with the GDB server, VMware, Qemu, Boches and OpenOCD (JTAG) via the GDB serial protocol.
• Evarista?: A work-in-progress static binary program transformer entirely implemented in the ERESI language.

Beside those top-level components, ERESI contains various libraries that can be used from one of the previously mentioned tools, or in a standalone third-party program:

• libelfsh : the binary manipulation library used by ELFsh, Kernsh, E2dbg, and Etrace.
• libe2dbg : the embedded debugger library operating within the debuggee program.
• libasm : the smart disassembling engine (x86, sparc, mips, arm) that gives both syntactic and semantic attributes to instructions and their operands.
• libmjollnir : the control flow analysis and fingerprinting library.
• librevm : the Runtime ERESI virtual machine, that contains the central runtime environment implementation of the framework.
• libstderesi : the standard ERESI library containing more than 100 built-in analysis commands.
• libaspect : the aspect library brings its API to reflect code and data structures in the ERESI language.
• libedfmt : the ERESI debug format library which can convert dwarf and stabs debug formats to the ERESI debug format.
• libetrace : the ERESI tracer library, on which Etrace is based.
• libkernsh : the Kernel shell library is the kernel accessibility library on which Kernsh is based.
• libgdbwrap : The GDB serial protocol library, for compatibility between ERESI and GDB/VMware/Boches/QeMu/OpenOCD.

You can take a look at our visual overview of ERESI.

Download the whole source code by accessing our SVN repository:

 $> svn checkout http://svn.eresi-project.org/svn/trunk/ eresi

or browse them using SVN trunk. The current version is 0.82b2.

You can read technical articles if you are interested in the internals of ERESI.

Find more resources and API reference on each of these components on their respective page in the top-level menu.

The ERESI project needs your support! The core ERESI authors have accepted full-time security research positions in privately funded companies that are not supporting the ERESI project. As a result, the ERESI development is now stopped. Further fixes requests or submissions are likely to be integrated with big delay. We still encourage you to get in touch via the ERESI mailing list if you are interested in taking over or maintaining parts of ERESI. The source repository remains free software for security research students and professionals but is not likely to integrate new core features in the near future. We apologize for any inconvenience as we are looking for other ways to maintain the project alive and well. You want to help develop ERESI? See the Most wanted features You want to sponsor the development of ERESI? Contact the ERESI team!

For older news about ERESI, consult the news page.

Share and enjoy the framework.

The ERESI team