Home

Awesome

alt text

Xori - Custom disassembly framework

License: AGPL v3

Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data.

Acknowledgements:

Xori wouldn't exist without inspiration and ideas from the open source community. We are indebted to the work of the Capstone engine and the LLVM Project.

Architectures:

File Formats

Current Features

What it doesn't do yet:

Documentation

Requirements

rustc 1.27.0

Install rust for OSX & Linux Distros

curl https://sh.rustup.rs -sSf | sh

Install rust for Windows

First get the rustup.exe (the rust toolchain installer) from here. Screenshoot about rustup installation

This tool will install the rust compiler rustc, the rust package manager cargo and other usefull tools for development in rust.

Install rust prerequisites

in case you see this output, your Windows environment is missing the Build Tools for Visual Studio so keep reading, otherwise go here Screenshoot about missing prerequisites

Screenshoot about build tools installation

choose the Visual C++ build tools & click "install", close the "Visual Studio Installer" after the installation Screenshoot about build tools installation

Install rust toolchain

run the rustup.exe & you will see the following output Screenshoot about rustup installation

after the successful installation you can see that the rust compiler rustc, rust package manager cargo and other tools were installed (under C:\Users\%username%\.cargo & C:\Users\%username%\.rustup) Screenshoot about rustup installation

Installation

1. Build Xori

This command will also create other binaries such as pesymbols ans peinfo.

git clone https://github.com/endgameinc/xori.git
cd xori
cargo build --release

2. Create xori.json config file

cp xori.json.example xori.json
[edit if desired]

3. (Optional) Build the symbols files

If you want to create your own symbol files you need to set the dll folders to where you stored your windows dlls.

"function_symbol32": "./src/analysis/symbols/generated_user_syswow64.json",
"function_symbol64": "./src/analysis/symbols/generated_user_system32.json",
"symbol_server": {
	"dll_folder32": "./dlls/32bit",
	"dll_folder64": "./dlls/64bit"

Run pesymbols to overwrite the function_symbol json

 ./target/release/pesymbols

Run

./target/release/xori -f test.exe

Run all tests

cargo test

Browser GUI

ChromeFirefoxSafariIEOpera
Latest ✔Latest ✔Latest ✔xLatest ✔

Requirements

nodejs

yarn (optional for UI dev)

Build

cd gui
npm install

Run

In one terminal

cd gui
node src/server.js

In another terminal

cd gui
npm start

It will open your default browser to http://localhost:3000/. The backend API is listening on localhost:5000.