Jump to content
Tuts 4 You
Dax

REDasm Disassembler

Recommended Posts

Dax

Hi!
This is my first post on tuts4 you :D

I hope that this is the right section, if not, please delete this post!

Ok so...
Few months ago I have made public my internal project called REDasm on GitHub.
Basically it's a cross platform disassembler with an interactive listing (but it's still far, if compared to IDA's one) and it can be extended with its API in order to support new formats, assemblers and analyzers.

Currently it supports:

  • Portable Executable
    • VB5/6 decompilation .
    • It can detect Delphi executables, a decompiler is WIP.
    • .NET support is WIP.
    • Debug symbols are displayed, if available.
  • ELF Executables
    • Debug symbols are displayd, if available.
  • DEX Executables
    • Debug symbols are displayed, if available.
  • x86 and x86_64 is supported.
  • MIPS is supported and partially emulated.
  • ARM support is implemented but still WIP.
  • Dalvik assembler is supported.

Most common assemblers are implemented by using Capstone library, Dalvik assembler is written manually and even the upcoming MSIL/CIL assembler will be implemented manually.

The entire project is written in C++ and its UI is implemented with Qt5, internally, the disassembler is separated in two parts: LibREDasm and UI.
LibREDasm doesn't contains any UI related dependencies, it's just pure C++, one day I will split it in two separate projects.

Some links with source code, nightlies and wiki:

And some screenshots:

redasm_371625_full.jpeg.c45a13f241cb9abc9bc44d203ace02b6.jpegredasm_637816_full.jpeg.453781bb06d3c9f4155bd83dd19b181d.jpegredasm_670674_full.jpeg.09284c336c8b6db6f8608d06f0c6bef3.jpeg

 

  • Like 22
  • Thanks 4

Share this post


Link to post
Share on other sites
Kirbiflint

Nice job!

  • Thanks 1

Share this post


Link to post
Share on other sites
samoray

Thank you for your efforts, nice work. but is the project dead? not updated for several months...

Share this post


Link to post
Share on other sites
Dax

Yes, it's still active: I'm working on version 2.0 on the "next" branch, GitHub doesn't show branch activities.
I have posted a video preview on Twitter few days ago which shows the upgraded engine in action along with the brand new disassembly widget.

NOTE: Some parts of the UI are still disabled in that video, I have attached a screenshot with the latest enhancements here (the UI is still ugly, I'm planning to clearing up a bit).

Screenshot_20180920_173813.png

  • Like 5
  • Thanks 1

Share this post


Link to post
Share on other sites
samoray

I wish you all the best and keep up your good work

  • Like 1

Share this post


Link to post
Share on other sites
Hypnz

Nice man! Keep up the good work!!!

  • Like 1

Share this post


Link to post
Share on other sites
NotSure

pretty cool project! Good job! 👍

  • Thanks 1

Share this post


Link to post
Share on other sites
Lumusfor

Great job dude! Keep up the good work. :thumbsup:

Share this post


Link to post
Share on other sites
Dax
Posted (edited)

REDasm 2.0 is available for download at http://redasm.io, binary packages has been tested on Windows and Linux.
I have attached some screenshots to see how it looks now.

Source Code: https://github.com/REDasmOrg/REDasm

Changelog

- Brand new disassembler engine.
- Brand new disassembler widget.
- Brand new Signature Engine (SDB files).
- Brand new Hex Widget.
- Multithreaded analysis.
- QtWebEngine powererd graphs.
- Simplified LibREDasm API.
- Reimplemented Emulation APIs.
- Improved ARM/Thumb switch heuristics.
- Improved ARM listing.
- Added IDA style popup on symbols.
- Added Dark Theme.
- Added jump arrows in listing.
- Recent file support.
- Projects support (RDB files).
- Improved keyboard shortcuts.
- CMake Porting.
- UI/LibREDasm/Database split.
- MSVC RTTI Analysis.
- MSVC Demangling.
- Improved VB Decompiler.
- Implemented GBA Loader (WIP).
- Implemented N64 Loader (WIP).
- Unified loader for ELF Format (Little/Big endian, 32/64 bits).
- Unified loader for PE Format (Little/Big endian).
- Clang support on 64bit.
- UI Redesign.
- Lots of bug fixes.

 

1.png

2.png

4.png

5.png

Edited by Dax
Reduced image size (see edit history)
  • Like 3

Share this post


Link to post
Share on other sites
deepzero
Posted (edited)

Cool.

Are there even bigendian PE files though?

How does QtWebEngine power the graph?

How does Clang play into all of this?

---

On Linux I get

Quote

./REDasm: error while loading shared libraries: libQt5WebEngine.so.5: cannot open shared object file: No such file or directory

What's the expected way of installing or supplying Qt? I develop with Qt myself, so have a full Qt installation present.

Edited by deepzero (see edit history)

Share this post


Link to post
Share on other sites
Dax
Posted (edited)

Oooops, copy/paste fails 🤣
Yes you're right,  PE is a LE-only format.

About the QtWebEngine:
I'm using it with d3js and dagre-d3 in order to rendering graphs (because I'm not good to create a nice graph layout algorithm), the minimum required version is Qt 5.9 LTS, which version are you using?

About Clang:
I have used Clang 7 during the final development phase, because it generates better warnings than gcc, so it can compile REDasm.
There are some issues on 32 bit systems (there is a bug report for that).

Edited by Dax
Typo (see edit history)

Share this post


Link to post
Share on other sites
deepzero

Ah so clang support means you can compile it with clang, got it.

I'm running Ubuntu 18.04 with default Qt5.95. Should work? I will look into it in the coming days.

Share this post


Link to post
Share on other sites
Dax

Yes, it should work!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...