{"id":392,"date":"2013-02-20T22:26:26","date_gmt":"2013-02-20T21:26:26","guid":{"rendered":"http:\/\/blog.pi3.com.pl\/?p=392"},"modified":"2013-02-20T22:36:07","modified_gmt":"2013-02-20T21:36:07","slug":"eresi-reborns","status":"publish","type":"post","link":"https:\/\/blog.pi3.com.pl\/?p=392","title":{"rendered":"ERESI Reborns!"},"content":{"rendered":"<p>As some of you know I am(was) active developer in ERESI project. ERESI stands for The ERESI Reverse Engineering Software Interface, its web page stands at: <a href=\"http:\/\/www.eresi-project.org\">www.eresi-project.org<\/a>.<\/p>\n<p><a href=\"http:\/\/blog.pi3.com.pl\/wp-content\/uploads\/2013\/02\/eresi-logo.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-393\" alt=\"eresi-logo\" src=\"http:\/\/blog.pi3.com.pl\/wp-content\/uploads\/2013\/02\/eresi-logo.png\" width=\"326\" height=\"297\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>For those who do not know the project, The ERESI Reverse Engineering Software Interface is a multi-architecture binary analysis framework with a domain-specific language tailored to reverse engineering and program manipulation.<\/p>\n<ul>\n<li>Feature both user-mode and kernel-mode support for instrumentation, debugging and program analysis<\/li>\n<li>Handle INTEL and SPARC machine programs (partial support for ARM, MIPS and ALPHA processors).<\/li>\n<li>Designed for analysis of Operating Systems based on the Executable &amp; Linking Format (ELF) in particular on the Linux OS.<\/li>\n<li>Support many features on *BSD, Solaris, HP-UX, IRIX and BeOS.<\/li>\n<li>Trace into any OS in a virtual machine or emulator using the GDB serial protocol.<\/li>\n<li>Construct and display program graphs in native code as well as Intermediate Representation (IR) code<\/li>\n<li>Does not need symbols or debug info to operate most of its features (but will use them if available in ELF\/DWARF\/STABS)<\/li>\n<li>Inject or debug code that runs without executable data segment (PaX, Openwall, etc)<\/li>\n<li>Prone modularity and reuse of code.<\/li>\n<\/ul>\n<p>Here are the main programs that compose the ERESI framework:<\/p>\n<ul>\n<li>elfsh : An interactive and scriptable static program instrumentation tool for ELF binary files.<\/li>\n<li>kernsh: An interactive and scriptable runtime kernel instrumentation tool for live code injection, modification and redirection.<\/li>\n<li>e2dbg : An interactive and scriptable high-performance process debugger that works without standard OS debug API (without ptrace).<\/li>\n<li>\u2022etrace : A scriptable runtime process tracer working at full frequency of execution without generating traps.<\/li>\n<li>kedbg: An interactive and scriptable OS-wide debugger interfaced with the GDB server, VMware, Qemu, Boches and OpenOCD (JTAG) via the GDB serial protocol.<\/li>\n<li>Evarista: A work-in-progress static binary program transformer entirely implemented in the ERESI language.<\/li>\n<\/ul>\n<p>Beside those top-level components, ERESI contains various libraries that can be used from one of the previously mentioned tools, or in a standalone third-party program:<\/p>\n<ul>\n<li>libelfsh : the binary manipulation library used by ELFsh, Kernsh, E2dbg, and Etrace.<\/li>\n<li>libe2dbg : the embedded debugger library operating within the debuggee program.<\/li>\n<li>libasm : the smart disassembling engine (x86, sparc, mips, arm) that gives both syntactic and semantic attributes to instructions and their operands.<\/li>\n<li>libmjollnir : the control flow analysis and fingerprinting library.<\/li>\n<li>librevm : the Runtime ERESI virtual machine, that contains the central runtime environment implementation of the framework.<\/li>\n<li>libstderesi : the standard ERESI library containing more than 100 built-in analysis commands.<\/li>\n<li>libaspect : the aspect library brings its API to reflect code and data structures in the ERESI language.<\/li>\n<li>libedfmt : the ERESI debug format library which can convert dwarf and stabs debug formats to the ERESI debug format.<\/li>\n<li>libetrace : the ERESI tracer library, on which Etrace is based.<\/li>\n<li>libkernsh : the Kernel shell library is the kernel accessibility library on which Kernsh is based.<\/li>\n<li>libgdbwrap : The GDB serial protocol library, for compatibility between ERESI and GDB\/VMware\/Boches\/QeMu\/OpenOCD.<\/li>\n<\/ul>\n<p>ERESI is quite famous project. Many technical articles about ERESI was published on the <a href=\"http:\/\/phrack.org\">phrack<\/a> (#61, #63). In 2007 ERESI team gave a talk at Blackhat European Conference. In 2008 we gave invited talk at the SSTIC conference.<\/p>\n<p>ERESI active development has restart as of February 2013. Most of our developers was very busy for last few years and unfortunately project wasn&#8217;t on the top of our priority. I hope now we will be able to finish our ideas and make up for lost time&#8230;<\/p>\n<p>&nbsp;<\/p>\n<p>Best regards,<\/p>\n<p>Adam<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As some of you know I am(was) active developer in ERESI project. ERESI stands for The ERESI Reverse Engineering Software Interface, its web page stands at: www.eresi-project.org. &nbsp; For those who do not know the project, The ERESI Reverse Engineering Software Interface is a multi-architecture binary analysis framework with a domain-specific language tailored to reverse [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,5,6],"tags":[],"class_list":["post-392","post","type-post","status-publish","format-standard","hentry","category-bughunt","category-exploiting","category-ideas"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=392"}],"version-history":[{"count":6,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/392\/revisions"}],"predecessor-version":[{"id":397,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/392\/revisions\/397"}],"wp:attachment":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}