Native Code Analysis¶
JEB is fully-equipped to perform native code analysis of binary files compiled for Windows (PE), Linux and variants (ELF), or most other platforms, including headless firmware files.
Decompilers¶
JEB Pro ships with analysis modules, including decompilers, for:
- Intel x86 32-bit (all x86 - SSE/AVX support coming in JEB 3.1)
- Intel x86 64-bit (all x86 - SSE/AVX support coming in JEB 3.1)
- ARM 32-bit (and common ISA extensions)
- ARM 64-bit (v8 / aarch64)
- MIPS 32-bit
Also provided is a disassembler for Atmel AVR, although we are not shipping an AVR decompiler at the moment.
Siglibs¶
JEB supports the creation of signature libraries (siglibs) for library code recognition. JEB Pro includes complete library signature sets for:
- Android NDK libraries. Common libraries (libc, libc++, zlib, etc.) are signed from from NDK v11 up to the latest version (v17 as of 08/18).
- Visual Studio compiled binaries. This system allows the recognition of statically linked library code in binaries compiled for x86 and x86-64 architectures.
Read more: Android NDK Library Signatures (blog); Auto-signing (blog)
Typelibs¶
JEB supports the creation of type libraries (typelibs) for common Windows and Linux subsystems, including:
- Android NDK on ARM 32-bit
- Android NDK on ARM 64-bit
- Android NDK on x86 32-bit
- Android NDK on x86 64-bit
- Windows win32 on Intel x86 32-bit
- Windows win32 on Intel x86 64-bit
- Windows win32 on ARM 32-bit
- Windows win32 on ARM 64-bit
- Windows DDK on Intel x86 32-bit
- Windows DDK on Intel x86 64-bit
- Linux glibc on Intel x86 32-bit
- Linux glibc on ARM 32-bit
- Linux glibc on MIPS 32-bit
Read more: Users can generate their own type libraries: Native Types and Typelibs (blog)
Native Code Actions¶
Common native code actions can Be found in the Native menu:
Section to be completed