Thursday, January 08, 2009

Leaf

It's been awhile since I have posted. This blog is up to almost 500 subscribers somehow.

I posted a new project on googlecode. Leaf is an ELF reversing framework written in C. It has a built in API for developing your own analysis and output plugins. The current version (0.0.7) supports plugins written in C. The whole point of the project is flexibility in the analysis and output of the stuff your interested in. It's not just another text based disassembler, although a plugin that implements one can be easily written. In fact I released one with it and its available for download at the website. I am slowly releasing other plugins of varying quality. There are plenty of great tools for reversing on the Win32 platform, so there is no plan to support the PE format. If you want more information on it check out the googlecode link and look at the wiki.
It's still beta quality and there are definitely a few bugs. I hope you find it useful.

Update: Posted Leaf-0.0.10.tar.gz at http://leaf-re.googlecode.com It now uses udis86. Lots of work still to do, but its a start.

8 comments:

Anonymous said...

You are not interesting about eresi ?

Chris Rohlf said...

I have looked at the ERESI framework. Those guys have produced solid work for years and I hope they don't stop. But I wanted to develop something myself, something a bit more lean and flexible. The main goal of Leaf is flexible output. It should be trivial to wrap in a wxRuby GUI yet easily switched to an SQL output with minimal effort. I'm not there yet, but that's the goal.

MazeGen said...

Hello Chris, I didn't find any contact information on your blog so I post here.

I remember there have been some articles about web interface for your disassembler, but I couldn't find them. Are they still somewhere?

Chris Rohlf said...

Yes I wrote a web based front end to a disassembler awhile back. I am working on releasing a new version of Leaf with a web front-end plugin. The plugin basically connects to an SQL server and dumps the disassembled file into the database. A PHP front end comes with it that allows you to navigate the file, add comments etc... Eventually the point of it is to allow a team to navigate to one portal where they can all work on a single binary at the same time. It should be done within a month or so.

MazeGen said...

I found those articles in my Google Reader at last. They don't seem to be online anymore, nor a part of Atom feed.

I wonder why there isn't similar web service allowing such a team RE work already. Noone is really interested?

Anonymous said...

The svn is dead ?

Chris Rohlf said...

Im presenting on Leaf tomorrow at CarolinaCon. I will be posting new code shortly after. I ripped out libdasm and replaced it with udis86 so Leaf could support 64bit code in the future.

Anonymous said...

Ok interesting,

the paper will be online ?