Readme
FoRREST
Reverse Engineering Framework
Version 0.8
Overview
The purpose of this project is to create a vulnerability anaylsis framework that
combines existing tools into one package. It also makes it easier to create or
install tools into the framework for use.
Background
This framework is currently designed for Linux
Running
To run the program:
`
python FoRREST.py
`
Extending
To extend the program, just import forrest.
`
import FoRREST
`
Levels of Representation
The information found in a binary can be represented in many ways and on
many different levels. You start on a low-level with very simplistic information
and as you extract data, you start to get higher-level information.
Level 0 (Raw Data)
- Filename - The name of the file that you are working with.
- Extension - The name of the extension for the file you are working with
if it’s present.
- Size - The size of the file you are working with.
- inode - The physical location the file on the file system.
- Path - The path that leads to the file.
- Checksums - The digest value obtained by running a hashing algorithm on the raw data.
Level 2 (Interpreted Data)
- Opcodes - The bytes from the .text section that can be decoded into a stream of opcodes. The .text is the binary’s actual code.
- Strings - A list of strings from the .data section and other sections.
- Imports - A list of functions the program references from a linked object file.
- Exports - A list of variables and function addresses made available to outside programs.
- Header Information - Information about how the program is organized.