The Examiner is a tool to analyze foreign binary executables. Its goal is to provide a commented, disassembled version of the code without running the program. It analyzes possibly hostile executables that an intruder may have placed on a system. It was designed for forensic purposes but could be used for basic reverse-engineering goals as well.
|Tags||Software Development Disassemblers|
Release Notes: This release cross-references .data with .rodata, adds a tutorial, has some burneye support, adds a new util (xhierarchy), and has some bugfixes and code cleanups.
Release Notes: This release uses symbols if compiled in, looks up function names from dynamically linked libraries, uses the fenris tool dress(1) to assist in function name resolution, and has a man page. The Makefile and a few other functions have been improved.
Release Notes: This release adds UPX decoding support, now detects and works with The Coroner's Toolkit (TCT), supports separate header hash libraries, and includes many code cleanups.
No changes have been submitted for this release.