Native Code Analysis
JEB is fully-equipped to perform native code analysis of binary files compiled for Windows (PE), Linux and variants (ELF), or most other platforms, including headless firmware files.
This section is a work-in-progress and being actively worked on. In the meantime, find additional documentation about JEB's native analysis pipeline (code analysis and decompilation) on our blog: List of posts tagged Native Code.
JEB Pro ships with analysis modules, including decompilers, for:
- Intel x86 32-bit (all x86 - SSE/AVX support coming in JEB 4)
- Intel x86 64-bit (all x86 - SSE/AVX support coming in JEB 4)
- ARM 32-bit (and common ISA extensions)
- ARM 64-bit (v8 / aarch64)
- MIPS 32-bit
Also provided is a disassembler for Atmel AVR, although we are not shipping an AVR decompiler at the moment.
JEB supports the creation of signature libraries (siglibs) for library code recognition. JEB Pro includes complete library signature sets for:
- Android NDK libraries (ARM/ARM64). Common libraries (libc, libc++, zlib, etc.) are signed from NDK v11 up to the latest version (v20 as of 11/19).
- Microsoft Visual Studio libraries (x86/x86-64). C runtime libraries and standard C++ libraries are signed from Visual Studio 2003 up to Visual Studio 2019.
JEB supports the creation of type libraries (typelibs) for common Windows and Linux subsystems, including:
- Android NDK on ARM 32-bit
- Android NDK on ARM 64-bit
- Android NDK on x86 32-bit
- Android NDK on x86 64-bit
- Windows win32 on Intel x86 32-bit
- Windows win32 on Intel x86 64-bit
- Windows win32 on ARM 32-bit
- Windows win32 on ARM 64-bit
- Windows DDK on Intel x86 32-bit
- Windows DDK on Intel x86 64-bit
- Linux glibc on Intel x86 32-bit
- Linux glibc on ARM 32-bit
- Linux glibc on MIPS 32-bit
Users can generate their own type libraries: Native Types and Typelibs (blog)
Native Code Actions#
Common native code actions can Be found in the Native menu:
Section to be completed