|  fenris 1.00 beta (1/18/2002)
by 
  Michal Zalewski
               DescriptionFenris is a multipurpose tracer, stateful analyzer and partial
decompiler intended to simplify bug tracking, security audits, code,
algorithm or protocol analysis - providing a structural program trace,
general information about internal constructions, execution path,
memory operations, I/O, conditional expressions and much more. Because it
does not require sources or any particular compilation method, this
project can be very helpful for black-box tests and evaluations - but
it will also be a great tool
for open-source project audits, as an unmatched
real-time reconnaissance tool - especially when sources are too complex
or too badly written to be analyzed in a reliable way and reasonable time.
 
This project is not intended to find problems, bugs or security 
vulnerabilities automatically. It is supposed to be a reliable,
useful tool that works in real world and can deliver valuable
information which can be used to detect known problems, but also
to spot unique or not so obvious dynamic conditions.
Among many other features, fenris is able to fingerprint functions in static binaries,
automatically detect common library code; able to deliver text-based
and graphical, browsable output that documents different aspects of
program activity on different abstraction layers; able
to perform partial analysis of single structural blocks. It is designed
to make things easier, filling the gap between existing code analysis
and debugging tools - but not to replace all of them. To read more about
its functionality, approach, usage and limitations, please 
click  here.
 
 Demo and downloadTo see a brief demonstration of Fenris functionality,
 you can follow this link.
Graphics-capable browser with JavaScript enabled is recommended for
this purpose, but text-based browsers are supported as well.
 
Current Fenris code snapshot can be downloaded here.
 Project status, news, creditsThis code is distributed under terms and conditions
of  GNU Public License, version 2. It is usable, but certainly not 
finished. It lacks support  for certain calls, needs to be ported to 
platforms other than Linux/x86 and  needs to support compilers other 
than GCC framework. There are some known, but not fully diagnosed
fault conditions and a nice "to do" list. RAZOR believes that this project 
can and will benefit 
from being an open-source development, and because 
of that, we encourage 
all developers who find this code interesting to contribute and make
it better.
 
                
                  
                    | 01-18-2002 
 | initial 1.00 release 
 |                             
              Below is the list of people outside RAZOR who contributed
 to the project by providing their comments, suggestions, criticism or developing
 new code: 
  Jose Nazario <jose@thegeekempire.net>Rafal Wojtczuk <nergal@idea.avet.com.pl>
 dvorak <dvorak@xs4all.nl>
 Mariusz Woloszyn <kil3r@dione.ids.pl>
 bighawk <bighawk@kryptology.org>
 Slawomir Krawczyk <nises2@tpi.pl>
 Wojtek Kaniewski <elluin@dev.null.pl>
 Wojtek Walczak <gminick@hacker.pl>
 Bulba <bulba@intelcom.pl>
 Solar Designer <solar@openwall.com>
 
 |