/README.md

https://github.com/BeaEngine/beaengine · Markdown · 70 lines · 46 code · 24 blank · 0 comment · 0 complexity · 5328e0d8e01525d513ac93c620788e5f MD5 · raw file 

    

  1. ![beaengine](./doc/beaengine-logo.png)
    2. 

  2. # BeaEngine 5
    3. 

  3. 

  4. BeaEngine is a library coded in C respecting ISO C99 norm. It has been designed to decode instructions from 16 bits, 32 bits and 64 bits intel architectures. Actually, the main function available is called Disasm. It includes standard instruction set and instruction set from FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, VMX, CLMUL, AES, MPX, AVX, AVX2, AVX512 (VEX & EVEX prefixes), CET, BMI1, BMI2, SGX technologies. For those who like analyzing malicious codes and more generally obfuscated codes, BeaEngine even decodes undocumented instructions called "alias" on the web site sandpile. In all scenarios, it sends back a complex structure that describes precisely the analyzed instructions.
    5. 

  5. 

  6. You can use it in C/C++ (usable and compilable with Visual Studio, GCC, MinGW, DigitalMars, BorlandC, WatcomC, SunForte, Pelles C, LCC), in assembler (usable with masm32 and masm64, nasm, fasm, GoAsm) in C#, in Python, in Delphi, in PureBasic and in WinDev. You can use it in user mode and kernel mode. It has been thought to do a lot of tasks.
    7. 

  7. 

  8. First, you can retrieve mnemonic and operands according to the specified syntax : intel syntax for Nasm, masm32 and masm64, GoAsm32 and GoAsm64, fasm (no AT&T syntax actually).
    9. 

  9. Next, you can realize accurate analysis on data-flow and control-flow to generate slices or obfuscation patterns.
    10. 

  10. 

  11. Its source code is under LGPL3 license with a "Makefile builder" and headers for following languages : C/C++, C#, Python, Delphi, PureBasic, masm32, masm64, nasm(x86 and x64), fasm(x86 and x64), GoAsm(x86 and x64).
    12. 

  12. 

  13. BeaEngine has been implemented using opcode tables from the intel documentation and tables from Christian Ludloff website [www.sandpile.org](http://www.sandpile.org)
    14. 

  14. 

  15. ## LICENSE
    16. 

  16. 

  17. This software is distributed under the LGPL license.
    18. 

  18. See the COPYING and COPYING.LESSER files for more details.
    19. 

  19. 

  20. 

  21. ## quick start
    22. 

  22. 

  23. ### 1. How to use it with Python :
    24. 

  24. ```
    25. 

  25. from BeaEnginePython import *
    26. 

  26. buffer = '6202054000443322'.decode('hex')
    27. 

  27. target = Disasm(buffer)
    28. 

  28. target.read()
    29. 

  29. print(target.repr())
    30. 

  30. ```
    31. 

  31. Output is :
    32. 

  32. 

  33. ```
    34. 

  34. vpshufb zmm24, zmm31, zmmword ptr [r11+r14+0880h]
    35. 

  35. ```
    36. 

  36. 

  37. ### 2. Releases
    38. 

  38. 

  39. https://github.com/BeaEngine/beaengine/releases
    40. 

  40. 

  41. ### 3. How to Compile :
    42. 

  42. 

  43. ```
    44. 

  44. apt install cmake
    45. 

  45. git clone https://github.com/BeaEngine/beaengine.git
    46. 

  46. cmake beaengine
    47. 

  47. make
    48. 

  48. ```
    49. 

  49. 

  50. ### 4. Compile shared library :
    51. 

  51. ```
    52. 

  52. cmake -DoptBUILD_DLL=ON beaengine
    53. 

  53. make
    54. 

    55. 

  55. ```
    56. 

  56. 

  57. ### 5. Documentation
    58. 

  58. 

  59. Current documentation [HERE](./doc/beaengine.md) explains how are working structures from BeaEngine.
    60. 

  60. 

  61. *old documentation can be read here :* http://beatrix2004.free.fr/BeaEngine/index1.php
    62. 

  62. 

  63. ### 6. Examples
    64. 

  64. 

  65. Some basic examples to show how BeaEngine is working [HERE](./doc/examples.md)
    66. 

  66. 

  67. ### 7. Dev corner
    68. 

  68. 

  69. If you want to improve BeaEngine or just add some private features, here are some links :
    70. 

  70.  - [Adding new instructions](./doc/dev_corner.md)
    71.