JEB x86 Decompiler / x86-64 Decompiler

JEB
ARM

JEB Intel decompilers allow reverse engineers to analyze malicious Intel x86 32-bit and 64-bit programs.

Cut down on costly reverse engineering time: use our interactive decompilers for x86 and x86-64 binaries to analyze Windows malware.

The x86 decompiler and x86-64 decompiler, as well as the Intel x86 analysis modules, provide the following features:

  • Support most code object files: Windows PE (EXE binaries, DLL libraries, SYS drivers), Linux ELF, Mach-O, headless firmware, etc.
  • Augmented disassembly including resolution of dynamic callsites, candidate values determination for registers, dynamic cross-references, etc.
  • Decompilation of x86 and x86-64 to C-like source code.
  • Advanced optimization passes to thwart protected or obfuscated code. Power users can craft their own optimizers (example)
  • Win32 type libraries, Kernel type libraries for efficient Windows file analysis. Power-users can generate their own typelibs as well (details)
  • Signature libraries of common SDK, including all versions of Microsoft Visual Studio.
  • Interactive layer allowing refactoring: type definition, stackframe building, renaming/commenting/cross-referencing, etc.
  • Full API and access to the Intermediate Representations to perform advanced and/or automated code analysis in Python or Java (details)
  • (Coming soon) Partial Class Recovery and Decompilation to C++ for programs compiled with MS VCPP (Beta access - demo video).

The Intel reverse-engineering modules ship with JEB Pro and JEB Home Edition x86