Presentation

The ERESI Reverse Engineering Software Interface is a multi-architecture binary analysis framework based on a common domain-specific language for reverse engineering. It provides extensive OS-wide support for program analysis, instrumentation, and debugging. ERESI mostly targets operating systems based on the Executable & Linking Format (ELF) such as Linux, *BSD, Solaris, HP-UX, IRIX and BeOS, on INTEL, SPARC, MIPS, ALPHA and ARM architectures.

The project prones code modularity and reusing, it allows users to create their own project on top of the ERESI language interpreter in just a few lines of code. Among a lot of other features, the base code can display program graphs on demand using its automated flow analysis primitives. Our tools were primarily designed for working on hardened or raw systems without symbols, executable data segments or native debug API.

Our projects show how ERESI brings a common ground for different goals:

• elfsh : An interactive and scriptable static program instrumentation tool for ELF binary files.
• kernsh: An interactive and scriptable runtime kernel instrumentation tool for code injection, modification and redirection.
• e2dbg : An interactive and scriptable high-performance userland debugger that works without standard OS debug API (without ptrace).
• etrace : A scriptable userland tracer that works at full frequency of execution without generating traps.
• kedbg: A ring 0 debugger with ERESI scripting capabilities interfaced with VMware and Qemu via the GDB serial protocol.

The most recent projects are the following:

• Kedbg-jtag?: An ARM/JTAG embedded systems debugger as an extension of kedbg.

This is made possible by interfacing the ERESI gdbwrap library with the OpenOCD JTAG gdb stub.

• Evarista?: A static analyzer / program transformer entirely implemented in the ERESI language.

Evarista is inspired from Chevarista, an aborted static analyzer project written in C++ as an IDA plugin.
. For more info on this research, consult our article: Automated vulnerability auditing in machine code.

Beside those top-level components, the ERESI framework contains various libraries that can be used from one of the previously mentioned tools, or in a standalone third-party program:

• libelfsh : the binary manipulation library on which ELFsh, Kernsh, E2dbg, and Etrace are based.
• libe2dbg : the embedded debugger library which operates from inside the debuggee program.
• libasm : the smart disassembling engine (x86, sparc, mips) that gives both syntactic and semantic attributes to instructions and their operands.
• libmjollnir : the control flow analysis and fingerprinting library.
• librevm : the Reverse Engineering Vector Machine, that contains the ERESI meta-language interpreter.
• libstderesi : the standard ERESI library containing more than 100 built-in analysis commands.
• libaspect : the aspect library brings its API to reflect code and data structures in the ERESI language.
• libedfmt : the ERESI debug format library which can convert dwarf and stabs debug formats to the ERESI debug format.
• libetrace : the ERESI tracer library, on which Etrace is based.
• libkernsh : the Kernel shell library is the kernel accessibility library on which Kernsh is based.
• libgdbwrap : The GDB serial protocol library, for compatibility between ERESI and GDB/VMware/Boches/QeMu.

You can take a look at our visual overview of ERESI.

Download the whole source code by accessing our SVN repository:

 $> svn checkout http://svn.eresi-project.org/svn/trunk/ eresi

or browse them using SVN trunk. The current version is 0.82b2.

You can read technical articles if you are interested in the internals of ERESI.

Find more resources and API reference on each of these components on their respective page in the top-level menu.

You want to get involved in the ERESI development ? Consult the project's Community page.

Latest News

January 28 2009 - A new coder for a new project : The JTAG ERESI debugger

We are pleased to announce that Jesus Palencia is joining the ERESI project for his Bachelor finalization project. Jesus will work on the ERESI JTAG debugger. It means that ERESI will soon be able to debug and analyze code running on embedded systems. You can consult various JTAG documentation and follow his advances on the JTAG ERESI wiki page.

December 21 2008 - Announcing Kedbg: the Kernel ERESI Debugger

Kedbg is a remote debugger based on the GDB serial protocol. You can connect to gdbserver nodes (including on already running processes) and have the pleasure of debugging directly using the ERESI language, bringing great improvements to debugging with classic gdb scripting. Additionally, you can connect to VMWare or QeMu guests and debug ring 0 software. Kedbg is based on libgdbwrap, a new component of ERESI specially crafted to bring full compatibility between ERESI and GDB. New wiki pages will appear very soon to illustrate those new tools. Such features were made possible by the work of Eric Bisolfati, greets to him!

October 13 2008 - EKOPARTY 2008 slides now available

You can now consult the presentation given at EKOPARTY'2008 about static binary analysis using program transformation and data-flow analysis. This work is entirely based on the Evarista and Chevarista static analyzers. Chevarista is an aborted project whose features are progressively reimplemented in Evarista, directly in the domain specific language of the ERESI framework. Enjoy!

For older news about ERESI, consult the news page.

Enjoy the framework & Happy Reversing

The ERESI team