Jump to content
Tuts 4 You

26 files

  1. Ariadne Optimizer

    The Ariadne framework makes it possible for anyone who is involved in reverse engineering to save a time when reversing a code or creating new products. Using Ariadne, you can read and modify executable files, disassemble them, and even decompile a part of the code into the intermediate representation (Ariadne IR). Of course, with Ariadne you can not only read disassembled or decompiled instructions, but also modify them. Moreover, modifications can be saved into the source executable file without using any additional tools. But that's not all! Ariadne has a series of original code trace optimization strategies built-in, which can make your life a lot easier when working with obfuscated code. The Ariadne framework was initially developed for easy use in your own programs. The range of Ariadne applications is broadĀ from software analysis with complex obfuscation to programs that provide obfuscation and software protection.

    Ariadne key features:
    PE parser Makes it possible PE format analyzing and modifying Supports modifications saving into PE-file Ariadne Intelligent Disassembler (AID). Based on open-source Mediana disassembler GP, FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, SSE4a, VMX, SMX support Provides good code coverage of the PE-file without debugging information (the technology is based on heuristics rather than on signatures) Supports MAP-files Recognizes switch tables and other entry points including Borland initialization and other tables during smart analysis Splits code into basic blocks Allows database saving/loading Supports modifications saving into PE-file Ariadne Intermediate Representation (AIR) language Supports assembler instructions translation into IR Allows IR instructions modifying Optimized to create obfuscation and deobfuscation strategies Contains code tracing mechanisms Contains built-in trace deobfuscation: (AIR Wave Deobfuscation Technology) Supports IR instructions emulation Supports IR-project (AIR database) saving and loading Supports translation from IR into binary code
    Most of the products which disassemble and analyze PE-files require a lot of RAM. In some cases they crash due to lack of memory. In Ariadne, this problem is solved thanks to its own memory manager. When RAM becomes insufficient, the framework creates its own swap file on the computer's hard disk.

    41 downloads

    0 comments

    Updated


×
×
  • Create New...