Pharos Static Analysis Tools Pharos Static Analysis Tools

The malicious code team at CERT has been developing a framework for the static analysis of binary programs called "Pharos".   This framework uses the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more.

Objdigger is a tool built using the Pharos framework for the analysis and recovery of object oriented constructs.  This tool was the subject of a paper titled "Recovering C++ Objects From Binaries Using Inter-Procedural Data-Flow Analysis" which was published at the ACM SIGPLAN on Program Protection and Reverse Engineering Workshop in 2014.  The tool identifies object members and methods by tracking object pointers between functions in the program.  Those who are interested in evaluating the tool can download it.

We've also recently created a GitHub repo for Pharos, and plan to release selected components of our framework for inclusion back into ROSE.

 

Download Download

Pharos Tools

Pharos static analysis tools, including objdigger and fn2yara.