Other analysis tools available:

This is a list of more or less known open-source projects useful for all kinds of reverse engineering, code behavior analysis, binary forensics, debugging and so on. I wanted to create a comprehensive list that includes very basic tools, but also some unique, not very popular, yet promising and interesting one-of-the-kind projects. I found it pretty annoying there is no good refernce list like this, and pretty often we have to reinvent the wheel every time we want to complete some obscure task. Unlike some other "rev-eng" lists (e.g. the one at PacketStorm), this one avoids listing many almost completely similar tools - twenty fuzz tools, fifty gdb GUIs, one million malloc tracers. I am also not going to put tools like source browsing utilities or source analyzers, because they are of very little value in such work, unless you want to find obvious bugs in someone else's sources, which is a whole different issue - plus, there are some good places to look for them.

Please mail me with any submissions or corrections at lcamtuf@coredump.cx.

• Name: strace
  The most basic syscall tracer
  Click here for homepage.

• Name: ltrace
  A popular library call tracer
  Click here for homepage.

• Name: gdb
  The GNU debugger
  Click here for homepage.

• Name: objdump, strings, readelf, nm, objcopy
  GNU binutils - standard tools for dealing with executables
  Click here for homepage.

• Name: the dude
  A nice non-ptrace debugger, our savior!
  Click here for homepage.

• Name: bastard
  Very extensive debugging environment
  Click here for homepage.

• Name: PICE
  Kernel-level symbolic debugger, "SoftICE for Linux"
  Also see kdb.
  Click here for homepage.

• Name: elfsh
  ELF accessibility library; not BFD based!
  Click here for homepage.

• Name: biev
  The binary viewer.
  Click here for homepage.

• Name: sourcery
  A nice cross-platform disassembler
  Click here for homepage.

• Name: LDAsm
  GUI debugger
  Many alternatives: KIDAsm, DDD, xgdb, kdbg...
  Click here for homepage.

• Name: reap
  Disassembler, assembly code editor
  Click here for homepage.

• Name: reqt
  Binary information extractor
  Click here for homepage.

• Name: xtrace
  C code tracer (for debugging with sources only)
  

• Name: fenris, ragnarok, aegir, nc-aegir
  application tracer, its "GUI", and an interactive debugger / GUI
  Click here for homepage.

• Name: dress
  symtab recovery for stripped static binaries
  Click here for homepage.

• Name: ElectricFence
  dynamic memory debugger
  Many alternatives: ccmalloc, debauch...
  

• Name: stan
  binary stream analyzer (good for data analysis)
  Click here for homepage.

• Name: dprobes
  dynamic probes - debugging facility
  Click here for homepage.

• Name: ExecTrace
  execution path logger
  Click here for homepage.

• Name: hex
  Hex editor
  Click here for homepage.

• Name: sdebug
  segment debugger for ELF
  Click here for homepage.

• Name: objdump output beautifier
  self explanatory :-)
  Click here for homepage.

• Name: kgdb
  remote kernel debugging
  Click here for homepage.

• Name: Linux Kernel Crash Dumps
  self explanatory
  Click here for homepage.

• Name: ELFIO
  ELF reader / writer
  Click here for homepage.

• Name: SPIKE
  protocol rev eng tool
  Click here for homepage.

• Name: DCC
  C decompiler
  Click here for homepage.

• Name: REC
  partial C decompiler (assembly language annotator?)
  Click here for homepage.

• Name: HT Editor
  Executable editor / analyzer
  Click here for homepage.

• Name: syscalltrack
  a nice syscall tracker utility
  Click here for homepage.