Making your own REVEN Axion plugin step by step

In this article we will shed light on REVEN Axion's customisation possibilities by describing step by step how to create a simple plugin.

Percent plugin screenshot.

Percent plugin in action on push edi.

We will walk you through:

  • The specification of our plugin
  • The basics of plugin API for REVEN Axion
  • The implementation …

more ...

SWF file unpacking with REVEN

Matryoshka dolls.

Source: wikimedia commons

Recently we took a look at a new flash player exploit used by the Angler exploit kit. The sample was obfuscated using the well known 'packing' technique: the dropped swf file embeds a second stage swf in the form of an encrypted blob that will be decrypted …

more ...

REVEN in your toolkit

Reven provides many analysis tools but still might lack some of your favorite tool features. To address this issue we created a Python API to allow you to create and share plugins. We also developed some ourselves to make REVEN’s interaction with external tools possible.

Universal debugging

The Gnu …

more ...

Decoding function arguments

Today I will show you a feature that is pretty useful when analysing an application. We call it the "arguments decoder", and it displays the content of a function's arguments when its prototype is known. The latter's definition can be either extracted from the msdn function and structures, or given …

more ...


Data painting

image0

http://www.cir.uc.edu/

In this post we'll present Reven dynamic data tainting capabilities and see some use cases of the tool.

Dynamic data tainting

The so called data tainting is a well known technique used to analyse the impact of data on a program. The idea is to …

more ...

Exploring text strings

A program's text strings often carry a lot of information, and are a basic although essential guide while analysing binaries. In this article we'll see how REVEN handles and presents them. We'll also see how one can automatically use this data to gain a better understanding a program's behavior.

The …

more ...