Relyze Desktop Version 3.2.0 - Interactive Software Reverse Engineering
Relyze Desktop Version 3.2.0 - Interactive Software Reverse Engineering
Relyze Desktop lets you reverse engineer, decompile and diff x86, x64, ARM32 and ARM64 software.
Load PE and ELF binaries
Navigate a binaries structure and discover how it is composed. Visualize the data and enrich the analysis with symbols.
Decompile low level native code into a high level pseudo code, enabling you to quickly understand program behavior.
Modify and annotate the analysis as you work. Explore the relationships between code and data with interactive control flow, call and reference graphs.
Perform a differential analysis against two binaries and explore their similarities and differences.
Relyze Desktop employs a sleek modern interface with a flat UI design ethos in order to bring the analysis to center stage.
A rich Ruby plugin framework lets you expand the capabilities of Relyze Desktop with your own plugins.
Analyze and explore PE and ELF binaries
Relyze Desktop has extensive coverage for Portable Executable (PE) and Executable and Linking Format (ELF) binaries, letting you understand a binaries composition and leverage this rich meta data for analysis. Symbol formats such as PDB, embedded COFF, STAB, TDS and MAP files can also be loaded to further enrich the disassembly and analysis. Object files and object archives are also supported. Supported architectures include x86, x64, ARM32 (ARMv7 including Thumb mode) and ARM64 (AArch64).
Use the analysis overview to get a quick insight into a binary. Displaying information about the file, its associated hashes, embed file information, available security mitigations, analysis information, entropy graphs and any embedded security certificates.
Visualise the data
Use the entropy graph to identify packed or encrypted data and other anomalies. The entropy graph overlays corresponding file sections and is interactive so you can navigate into the structure or code views in order to learn more.
Explore the structure
Drill down into a files structure in order to see exactly how it is composed. Explore the structure further with the hex editor, decoding and searching for data on the fly. You can also leverage custom decoders to manipulate portions of data.
Analyze x86, x64, ARM32 and ARM64 code
Relyze Desktop lets you disassemble and analyze x86, x64, ARM32 and ARM64 code, and comes with support for the latest instruction set extensions. The plugin framework exposes full access to the disassembler so you can script it as you need.
Our decompiler lets you quickly understand a programs behavior by emitting a high level pseudo code for a function. The decompiler is fully interactive, letting you rename and retype variables, navigate variable references and more.
Interactive Binary Diffing *
Perform a differential analysis against two binaries and discover their differences and similarities. Learn what functions have been modified, removed or added. Perfect for patch analysis when verifying security fixes or when analyzing malware variants.
Pseudocode Binary Diffing *
Leverage the decompiler and perform pseudo code diffing to quickly understand code modifications through a familiar diffing interface.
Multi Threaded Analysis
Relyze Desktop can perform parallel analysis and utilize all available processor cores, allowing you to blaze through large binaries and complete the analysis as fast as possible.
Edit the code
With a built-in assembler for every supported architecture, you can edit an instruction on the fly and patch the binary. The analysis will reprocess the changed instructions in order to update the analysis. The plugin framework exposes full access to the assembler so you can script it as you need.
Navigate control flow graphs
Relyze Desktop visualizes functions with interactive control flow graphs, allowing you to navigate a functions code paths and interact with local variables, instructions and other properties.
Navigate Call Graphs
Generate and explore interactive call graphs using multiple graph layout algorithms. Our DirectX based hardware accelerated graph rendering engine allows you to explore large complex graphs with a buttery smooth interface.
Automatic analysis identifies functions, their parameters and other meta data such as calling conventions. A functions local variables are automatically analyzed and displayed in the functions control flow graph so you can interact with them, discovering references to locals, updating their data types and more.
See all the code paths
Get the complete control flow graph for a function with automatic jump table and exception handler analysis. Discover code paths that would otherwise not be visible.
Resolve indirect calls
When possible analysis can resolve indirect call targets to give you the complete picture of a functions logic.
Quickly search for and identify interesting parts of the analysis or browse through everything. Items such as segments, imports, exports, functions, strings, bookmarks, symbol lines and search results are consolidated in a unified location for easy traversal.
Data type analysis
Automatic analysis discovers data and identifies suitable data types either through analysis or via assistance from symbols when available. Identify primitive types, strings, complex structures and more.
Static Library Analysis
Automatically identify commonly linked in static library code, such as compiler runtimes, via static library analysis. Identified static library functions are renamed to their original functions names, speeding up your ability to analyze the code.
Create and manage custom data types
Manage the available data types and create new types by defining them using C/C++ declarations. You can also import C/C++ header files in order to access the data types defined within them. Export the available data types as C/C++ headers for interoperability with your own tools.
Discover the relationships between code and data with interactive reference graphs. You can generate reference graphs either to specific targets or originating from specific targets. Interact with these reference graphs and navigate through the code and data you discover.
Use graph path highlighting to discover all the paths between any two nodes in a graph. Identify the shortest path to an interesting code block, or all the potential paths to some data in a reference graph.
Custom address modes
Display and navigate code based on either relative virtual addresses or virtual addresses. Instantly re-base a binary to a new virtual base address, great when you are using Relyze Desktop with your debugger and have to deal with address space layout randomization (ASLR).
Expand with plugins
Leverage a rich Ruby plugin framework in order to expand Relyze Desktop with new capabilities and perform tailored analysis or research against a binary. An integrated plugin editor lets you quickly test out your ideas and everything runs as expected straight out of the box, no additional configuration or third party libraries required.
Use the integrated library manager to archive every file you analyze so you can build up a corpus over time. Apply your archives with custom tags and descriptions in order to easily find and categorize them.
Automated batch analysis *
Process large amounts of files via built in batch analysis. Batch analysis runs in parallel in order to blaze through multiple files quickly, automatically tag and archive them to your library or run custom plugins.
Multi tab design
Use the GUI's multi tab design to navigate between modules for a fluid analysis experience. Double clicking on an import from one module will navigate you to the corresponding export in another model.
Custom GUI themes
The GUI is fully themeable in order to give you the best viewing experience.
The GUI has full Unicode support, allowing you to use Unicode characters in all function and variable names as well as comments and any other user editable portions of the analysis.
Command Line support *
Run plugins and analyze binaries on the command line, allowing you to integrate with your existing tool chains or build new work flows.