Presentation

The ERESI Reverse Engineering Software Interface is a multi-architecture binary analysis framework with a domain-specific language tailored to reverse engineering and program manipulation.

  • Feature both user-mode and kernel-mode support for instrumentation, debugging and program analysis
  • Handle INTEL and SPARC machine programs (partial support for ARM, MIPS and ALPHA processors).
  • Designed for analysis of Operating Systems based on the Executable & Linking Format (ELF) in particular on the Linux OS.
  • Support many features on *BSD, Solaris, HP-UX, IRIX and BeOS.
  • Trace into any OS in a virtual machine or emulator using the GDB serial protocol.
  • Construct and display program graphs in native code as well as Intermediate Representation (IR) code
  • Does not need symbols or debug info to operate most of its features (but will use them if available in ELF/DWARF/STABS)
  • Inject or debug code that runs without executable data segment (PaX, Openwall, etc)
  • Prone modularity and reuse of code.

BREAKING NEWS

ERESI development has restarted as of February 2013

Evarista program transformer now has a project page

Want to help? See the features in progress

Contact: team@eresi-project.org

Here are the main programs that compose the ERESI framework:

  • elfsh : An interactive and scriptable static program instrumentation tool for ELF binary files.
  • kernsh: An interactive and scriptable runtime kernel instrumentation tool for live code injection, modification and redirection.
  • e2dbg : An interactive and scriptable high-performance process debugger that works without standard OS debug API (without ptrace).
  • etrace : A scriptable runtime process tracer working at full frequency of execution without generating traps.
  • kedbg: An interactive and scriptable OS-wide debugger interfaced with the GDB server, VMware, Qemu, Boches and OpenOCD (JTAG) via the GDB serial protocol.
  • Evarista: A work-in-progress static binary program transformer entirely implemented in the ERESI language.

Beside those top-level components, ERESI contains various libraries that can be used from one of the previously mentioned tools, or in a standalone third-party program:

  • libelfsh : the binary manipulation library used by ELFsh, Kernsh, E2dbg, and Etrace.
  • libe2dbg : the embedded debugger library operating within the debuggee program.
  • libasm : the smart disassembling engine (x86, sparc, mips, arm) that gives both syntactic and semantic attributes to instructions and their operands.
  • libmjollnir : the control flow analysis and fingerprinting library.
  • librevm : the Runtime ERESI virtual machine, that contains the central runtime environment implementation of the framework.
  • libstderesi : the standard ERESI library containing more than 100 built-in analysis commands.
  • libaspect : the aspect library brings its API to reflect code and data structures in the ERESI language.
  • libedfmt : the ERESI debug format library which can convert dwarf and stabs debug formats to the ERESI debug format.
  • libetrace : the ERESI tracer library, on which Etrace is based.
  • libkernsh : the Kernel shell library is the kernel accessibility library on which Kernsh is based.
  • libgdbwrap : The GDB serial protocol library, for compatibility between ERESI and GDB/VMware/Boches/QeMu/OpenOCD.

You can take a look at our visual overview of ERESI.

Download the entire source code repository using SVN :

 $> svn checkout http://svn.eresi-project.org/svn/trunk/ eresi

Browse code online. The current ERESI version is 0.83a1.

You can read technical articles if you are interested in the internals of ERESI.

Find more resources and API reference for each component on their individual page in the top-level menu.

For older news about ERESI, consult the news page.

Share and enjoy.

The ERESI team

Attachments