JEB Community Edition

JEB

JEB Community Edition is a free software. It is ideal to reverse engineers Intel x86 32 and 64-bit programs. (Download)

JEB Community Edition (JEB CE) ships with a majority of disassemblers and file analyzers offered by JEB, as well as the x86 (32-bit, 64-bit) decompiler modules. It is the ideal tool for researchers, students, hobbyists, and generally reverse-engineers working for nonprofit organizations.




What's in JEB CE:

  • Support most code object files: Windows PE (EXE binaries, DLL libraries, SYS drivers), Linux ELF, Mach-O, headless firmware, etc.
  • Augmented disassembly including resolution of dynamic callsites, candidate values determination for registers, dynamic cross-references, etc.
  • Decompilation of x86 and x86-64 to C-like source code.
  • Advanced optimization passes to thwart protected or obfuscated code. Power users can craft their own IR optimizers (example)
  • Type libraries for efficient file analysis. JEB ships with typelibs for win32, winddk, linux glibc, android-linux, etc. Power-users can generate their own typelibs as well (details)
  • Traditional signature libraries of common SDK, including all versions of Microsoft Visual Studio runtimes, the Android NDK, etc.
  • Codeless signature libraries for common libraries used in malicious and clean applications alike, such as openssl, libssh2, libcurl, etc.
  • Interactive layer offered by the GUI client, allowing refactoring: type definition, stackframe building, renaming/commenting/cross-referencing, etc.
  • Full API and access to the Intermediate Representations to perform advanced and/or automated code analysis in Python or Java (details)
  • Safe emulation for in-place decryption of obfuscated code.
  • Partial Class Recovery and Decompilation to C++ for programs compiled with MS VCPP (demo video).

How does JEB CE compare to GHIDRA? Browse the Native Decompiler Comparisons page