View Code? Open in Web Editor
NEW
Decompiler written in rust inspired by snowman (WIP)
Home Page: https://fireman.zulipchat.com/
fireman's Introduction
I'm @Eveheeero
- Reverse engineering
- Malware analysis
- Hacking
- Reversing - x64dbg, ghidra, windbg main radare2 sub, until online game hacking, not tried themida
- Hacking - award winning
- C/C++ - until linkage process, compiler options for custom building
- Rust - learned all specified in reference doc, cargo docs, however not rustc doc
- Python - until native modules, cpython internals, cython
- Java - until JVM invokation, JNI, JVM Reflection, JDB
- Go - until cgo
- CSharp - not good at it, but I can do it, and I love it
- Windows - kernel structures, winapi(a little), windbg(little), kernel debugging(little)
- hookings
- hiding processes
- heavens gate
- segment registers
- services and drivers
- PEB, TEB, TIB ...
- anti debugging
- Linux - kernel structures, kernel debugging (a little), dump debugging
- Network - principles, sockets
poor at js, ts, db
fireman's People
Contributors
Stargazers
Watchers
fireman's Issues
Because
Where to apply Improved Docs
- .github/workflows/rust.yml - test runs after build success
- .github/PULL_REQUEST_TEMPLATE.md - PULL RQ template
- README.md - delete old development progress (moved to wiki)
Feature Plan Type
- Change analyse register block to base on IR likes snowman
Feature Plan Type
Note
This issues may contains many pull request of small jobs of x64 instruction
Feature Plan Type
- Existing features doesn't work well
Description of feature
move pe::parse_block to x86_64::parse_block
Note
parse_block about os is invalid, need to rename
Feature Plan Type
Description of feature
add log crate to Cargo.toml and add debug logs
Because
- Docs are too old
- Docs improvement
Where to apply Improved Docs
Note
Anything in core modules are important, so docs in core files should always be up-to-date.
Feature Plan Type
- Existing features doesn't work well
Description of feature
Now, Find address value are depend on register's bit.
example, "finding rax register" never find eax's work
Feature Plan Type
- Add miri workflow file for leak detection
Feature Plan Type
- apply x64 instruction to ir function to routine
Feature Plan Type
- Features needed during development
Description of feature
Improve parsing about connected address with unimplemented pattern
Feature Plan Type
- Features needed during development
Description of feature
currently, "op_str to Address of jumping" feature is written to correctly only when it is operated based on ip (rip, eip).
the goal is to figure out the address of the jump target by corresponding address value based on the instruction history.
Synopsis
- fireball/src/pe/fire/parse_block.rs::insn_to_opu64
- Result type must be
Result
Feature Plan Type
- Add Metadata in Pe structure for instruction analysis
Description of feature
in instruction analysis process, some metadata needed (such as architecture, endians, etc...) so add datas in Pe structure
Synopsis
- fireball/src/pe/mod.rs::PE
Feature Plan Type
- add Error statements for saves error about undefined, compile error, permission error, page fault, simd errors...
Feature Plan Type
- data flow analysis
- argument detection from unchanged memory (idea)
- control flow analysis
- loop detection from stepping same address (idea)
- function generation from call statement (idea)
- block parsing from jump statements (idea) (to analysis if ~ else easily)
- live variable analysis
- unneeded variable may means switch-case or brace, or function of optimized/obfuscated binary
- variable size detection from padding or giving arguments (idea)
Note
this issue may include some issues and mount of pull requests
after all these jobs, code generation need
Feature Plan Type
Description of feature
Github workflow rewrite to efficiency code analysis
Synopsis
- .github/workflows/rust.yml
- After Build Success, then Run Test
- Seperate Debug build and Release build
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent