Projects / The Examiner

The Examiner

The Examiner is a tool to analyze foreign binary executables. Its goal is to provide a commented, disassembled version of the code without running the program. It analyzes possibly hostile executables that an intruder may have placed on a system. It was designed for forensic purposes but could be used for basic reverse-engineering goals as well.

Operating Systems

Recent releases

  •  06 Aug 2002 20:55

    Release Notes: This release cross-references .data with .rodata, adds a tutorial, has some burneye support, adds a new util (xhierarchy), and has some bugfixes and code cleanups.

    •  01 Jul 2002 18:24

      Release Notes: This release uses symbols if compiled in, looks up function names from dynamically linked libraries, uses the fenris tool dress(1) to assist in function name resolution, and has a man page. The Makefile and a few other functions have been improved.

      •  27 Jun 2002 06:25

        Release Notes: This release adds UPX decoding support, now detects and works with The Coroner's Toolkit (TCT), supports separate header hash libraries, and includes many code cleanups.

        •  02 Jun 2002 21:41

          No changes have been submitted for this release.


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.