Linux SoftwareProgrammingDisassemblersThe Examiner 0.5

The Examiner 0.5


The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries
Developer:   Macabre
      more software by author →
Price:  0.00
License:   GPL (GNU General Public License)
File size:   33K
Language:   
OS:   
Rating:   0 /5 (0 votes)
Your vote:  
enlarge screenshot


The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries. This app was designed to analyze static compiled binaries but works ok with others. The intention is for forensic research but could also be used in general reverse engineering.

This program can only handle basic dissassembly. If the binary has been modified to resist debugging then the Examinier probably will not be able to analyze the code. Also the Examiner will not analyze live running code. This can be a good thing but if you need to look at code when it runs or deal with complicated disassembly you should probably use Fenris.

Here are some key features of "The Examiner":
  • Automates objdump usage
  • Can generate cross-reference files of functions, interrupts and other useful things
  • Locates functions within the binary
  • Understands the stack and comments on its state
  • Can parse and understand the contents of the .rodata section
  • Cross references .rodata calls and comments on them
  • Locates .data pointer references to .rodata
  • Provides an easy to read CALL syntax for comments
  • Understands and looks up interrupts calls
  • Utilizes Linux source headers to determine function names based on what interrupt is called
  • Can differentiate all of the socketcall functions
  • Can comment on some C like constants for function calls
  • Separates functions based on ret calls
  • Can recognize and attempts to decode UPX compressed binaries
  • Works with TCT and Fenris dress utility
  • Can detect crippled ELF executables and burneye executables
  • Recognizes symbols and will cross-reference dynamic libraries


    What's New in This Release:
  • Has rudementary detection of burneye via 7350 sig.
  • Can detect crippled ELF header files (optionally uncripple)
  • Added a TUTORIAL file
  • Modified default working dir to $HOMEexaminer-data
  • Can cross-reference .data pointers to .rodata sections
  • Now records pushl calls
  • Fixed '-H' to dump headers instead of -R
  • Added '-o' to specify an output file or STDOUT with '-'
  • Added '-c' to specify a comment character
  • Added a new util 'xhierarchy' to print function call hierarchy
    tags the examiner  cross reference  detect crippled  crippled elf  can detect  and comments  the binary  will not  

    Download The Examiner 0.5


     http://academicunderground.org/examiner/examiner-0.5.tar.gz


    Authors software

    The Examiner 0.5 (by Macabre)
    The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries


    Similar software

    The Examiner 0.5 (by Macabre)
    The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries

    calltree 2.3 (by J?rg Schilling)
    The calltree command parses a collection of input files (assuming C syntax) and builds a graph that represents the static call s

    pts-elfdisasm 0.14 (by Peter Szabo)
    pts-elfdisasm is command-line ELF disassembler for the i386 architecture, based on elfdisasm-0.11, which is in turn based on ndisasm

    YAPHPO 1.0 (by Lincoln Maskey)
    YAPHPO is "Yet Another PHP Obfuscator"

    vsound 0.6 (by Peter Clay)
    Vsound is a Linux/Unix application which allows you to digitally record the output of another program such as RealPlayer

    mpatrol 1.4.8 (by Graeme Roy)
    The mpatrol library is a powerful debugging tool that attempts to diagnose run-time errors that are caused by the wrong use of dynami

    Template::Tutorial 2.15 (by Andy Wardley)
    Template::Tutorial are template toolkit tutorials.

    This section includes tutorials on using the Template Toolkit

    ggcov 0.8 (by Greg Banks)
    ggcov project is a GTK+ GUI for exploring test coverage data produced by C and C++ programs compiled with gcc -fprofile-arcs -ftest-c

    Comment 0.99.1 (by Paul L Daniels)
    Comment is a command line directory context note taker.

    Here are some key features of "Comment":

    Comment stores comments on a p

    Pas2Dox 0.50 RC1 (by Darren Bowles)
    Pas2Dox is a pre-processor addon for the Doxygen documentation generator.

    Pascal To Doxygen allows the production of advanced docu


    Other software in this category

    Linice 2.6 (by Goran Devic)
    Linice is a source-level kernel debugger for x86 systems with the look and feel of SoftIce for MS Windows.

    It is designed for peop

    The bastard disassembler 0.17 (by mammon_)
    The bastard disassembler is a disassembler written for x86 ELF targets on Linux

    The Examiner 0.5 (by Macabre)
    The Examiner is an application that utilizes the objdump command to disassemble and comment foreign executable binaries

    K Executable Viewer 0.1 (by Russell Miller)
    Kbview - also known as the K Executable viewer - is a program that is designed to allow you to browse most executable formats

    PyReverse 0.5.1 (by ornicar)
    PyReverse is a set of tools for reverse engineering Python code

    •     search


    Featured Software

    jEdit 4.3 pre8
    jEdit is an Open Source text editor written in Java

    Opera 9.02
    Surf the Internet in a safer, faster, and easier way with Opera browser

    GNU Aspell 0.60.4
    GNU Aspell is a Free and Open Source spell checker designed to eventually replace Ispell


    Subscribe in Rojo
    Google Reader
    Add to My Yahoo!

    Add to My AOL
    Subscribe with Bloglines
    Subscribe in NewsGator Online
    Add 'nixbit linux software' to Newsburst from CNET News.com
    del.icio.us nixbit linux software


    Top tags