JEB x86 Decompiler / x86-64 Decompiler

JEB
ARM

JEB Intel decompilers allow reverse engineers to analyze malicious Intel x86 32-bit and 64-bit programs.

Cut down on costly reverse engineering time: use our interactive decompilers for x86 and x86-64 binaries to analyze Windows malware.

The x86 decompiler and x86-64 decompiler, as well as the Intel x86 analysis modules, provide the following features:

  • Support most code object files: Windows PE (EXE binaries, DLL libraries, SYS drivers), Linux ELF, Mach-O, headless firmware, etc.
  • Augmented disassembly including resolution of dynamic callsites, candidate values determination for registers, dynamic cross-references, etc.
  • Decompilation of x86 and x86-64 to C-like source code.
  • Advanced optimization passes to thwart protected or obfuscated code. Power users can craft their own IR optimizers (example)
  • Type libraries for efficient file analysis. JEB ships with typelibs for win32, winddk, linux glibc, android-linux, etc. Power-users can generate their own typelibs as well (details)
  • Traditional signature libraries of common SDK, including all versions of Microsoft Visual Studio runtimes, the Android NDK, etc.
  • Codeless signature libraries for common libraries used in malicious and clean applications alike, such as openssl, libssh2, libcurl, etc.
  • Interactive layer offered by the GUI client, allowing refactoring: type definition, stackframe building, renaming/commenting/cross-referencing, etc.
  • Full API and access to the Intermediate Representations to perform advanced and/or automated code analysis in Python or Java (details)
  • Safe emulation for in-place decryption of obfuscated code.
  • Partial Class Recovery and Decompilation to C++ for programs compiled with MS VCPP (demo video).

The Intel reverse-engineering modules ship with JEB Pro and JEB Community Edition