Relyze - Interactive Software Analysis

[rukov]

Analyse and explore PE files

Relyze has extensive coverage for the Portable Executable (PE) file format, letting you understand a binaries composition and leverage this rich meta data for analysis. Symbol formats such as PDB, embedded COFF and MAP files can also be loaded to further enrich the disassembly and analysis.

First look

Use the analysis overview to get a quick insight into a binary. Displaying information about the file, its associated hashes, embed file information, available security mitigations, analysis information, entropy graphs and any embedded security certificates.

Visualise the data

Use the entropy graph to identify packed or encrypted data and other anomalies. The entropy graph overlays corresponding file sections and is interactive so you can navigate into the structure or code views in order to learn more.

Explore the structure

Drill down into a files structure in order to see exactly how it is composed. Explore the structure further with the hex editor, decoding and searching for data on the fly.

Analyse both x86 and x64 code

Relyze lets you disassemble and analyse both x86 and x64 native code, and comes with support for numerous instruction set extensions. The plugin framework exposes detailed instruction properties including operand access and flags modified.

Navigate control flow graphs

Relyze visualizes functions with interactive control flow graphs, allowing you to navigate a functions code paths and interact with local variables, instructions and other properties.

Function analysis

Automatic analysis identifies functions, their parameters and other meta data such as calling conventions. A functions local variables are automatically analysed and displayed in the functions control flow graph so you can interact with them, discovering references to locals, updating their data types and more.

See all the code paths

Get the complete control flow graph for a function with automatic jump table and exception handler analysis. Discover code paths that would otherwise not be visible.

Resolve indirect calls

When possible analysis can resolve indirect call targets to give you the complete picture of a functions logic.

Find everything

Quickly search for and identify interesting parts of the analysis or browse through everything. Items such as segments, imports, exports, functions, strings, bookmarks, symbol lines and search results are consolidated in a unified location for easy traversal.

Data type analysis

Automatic analysis discovers data and identifies suitable data types either through analysis or via assistance from symbols when available. Identify primitive types, strings, complex structures and more.

Create and manage custom data types

Manage the available data types and create new types by defining them using C/C++ declarations. You can also import C/C++ header files in order to access the data types defined within them. Export the available data types as C/C++ headers for interoperability with your own tools.

Visualise relationships

Discover the relationships between code and data with interactive reference graphs. You can generate reference graphs either to specific targets or originating from specific targets. Interact with these reference graphs and navigate through the code and data you discover.

Find paths

Use graph path highlighting to discover all the paths between any two nodes in a graph. Identify the shortest path to an interesting code block, or all the potential paths to some data in a reference graph.

Interactive Binary Diffing

Perform a differential analysis against two binaries and discover their differences and similarities. Learn what functions have been modified, removed or added. Perfect for patch analysis when verifying security fixes or when analysing malware variants.

Custom address modes

Display and navigate code based on either relative virtual addresses or virtual addresses. Instantly re-base a binary to a new virtual base address, great when you are using Relyze with your debugger and have to deal with address space layout randomization (ASLR).

Expand with plugins

Leverage a rich Ruby plugin framework in order to expand Relyze with new capabilities and perform tailored analysis or research against a binary. An integrated plugin editor lets you quickly test out your ideas and everything runs as expected straight out of the box, no additional configuration or third party libraries required.

Archive everything

Use the integrated library manager to archive every file you analyse so you can build up a corpus over time. Apply your archives with custom tags and descriptions in order to easily find and categorize them.

Automated batch analysis

Process large amounts of files via built in batch analysis. Batch analysis runs in parallel in order to blaze through multiple files quickly, automatically tagging and archiving them to your library.

Version 1.2.0

Plugin support for analysis diffing.

Add example plugin to copy matched names and comments after a diff.

Add right click menu support for plugin shortcuts to both code and diff views.

Add plugin method Relyze::ExecutableFileModel::BasicBlock.custom_name?

Add plugin method Relyze::FileModel.restart and helper method Relyze::Plugin::Base.restart_analysis

Add plugin method Relyze::FileModel.realloc_buffer to resize a models internal buffer

Add plugin method Relyze::FileModel.run_plugin to run a plugin against a model

Add plugin helper method Relyze::ExecutableFileModel::Instruction.disassemble_all

Add plugin helper method Relyze::ExecutableFileModel::Instruction.to_asm

Add plugin helper method Relyze::Application.getpluginguid

Add plugin support to Relyze::Application.analyzefile and Relyze::Application.analyzebuffer

Allow the headless running of plugins via the /run command line argument.

Remove the analyze/analyse spelling ambiguity in the plugin API in favour of analyze.

Bugfix, handle the PE file IMAGESCNCNT_CODE flag as expected.

Bugfix, deadlock in the Ruby plugin subsystem under certain conditions.

Bugfix, TypeError in Ruby garbage collection under certain conditions.

Bugfix, thread safe access to cached MRU segment for multi threaded diffing.

Bugfix, ensure diff algorithm produces repeatable results across multiple runs.

Download https://www.relyze.com/Relyze_1.2.0.exe