Relyze has extensive coverage for Portable Executable (PE) and Executable and Linking Format (ELF) binaries, letting you understand a binaries composition and leverage this rich meta data for analysis. Symbol formats such as PDB, embedded COFF, STAB, TDS and MAP files can also be loaded to further enrich the disassembly and analysis. Object files and object archives are also supported. Supported architectures include x86, x64, ARM32 (ARMv7 including Thumb mode) and ARM64 (AArch64).
Use the analysis overview to get a quick insight into a binary. Displaying information about the file, its associated hashes, embed file information, available security mitigations, analysis information, entropy graphs and any embedded security certificates.
Use the entropy graph to identify packed or encrypted data and other anomalies. The entropy graph overlays corresponding file sections and is interactive so you can navigate into the structure or code views in order to learn more.
Drill down into a files structure in order to see exactly how it is composed. Explore the structure further with the hex editor, decoding and searching for data on the fly. You can also leverage custom decoders to manipulate portions of data.
Relyze lets you disassemble and analyze x86, x64, ARM32 and ARM64 code, and comes with support for the latest instruction set extensions. The plugin framework exposes full access to the disassembler so you can script it as you need.
Our decompiler lets you quickly understand a programs behavior by emitting a high level pseudo code for a function. The decompiler is fully interactive, letting you rename and retype variables, navigate variable references and more.
Perform a differential analysis against two binaries and discover their differences and similarities. Learn what functions have been modified, removed or added. Perfect for patch analysis when verifying security fixes or when analyzing malware variants.
Leverage the decompiler and perform pseudo code diffing to quickly understand code modifications through a familiar diffing interface.
Relyze can perform parallel analysis and utilize all available processor cores, allowing you to blaze through large binaries and complete the analysis as fast as possible.
With a built-in assembler for every supported architecture, you can edit an instruction on the fly and patch the binary. The analysis will reprocess the changed instructions in order to update the analysis. The plugin framework exposes full access to the assembler so you can script it as you need.
Relyze visualizes functions with interactive control flow graphs, allowing you to navigate a functions code paths and interact with local variables, instructions and other properties.
Generate and explore interactive call graphs using multiple graph layout algorithms. Our DirectX based hardware accelerated graph rendering engine allows you to explore large complex graphs with a buttery smooth interface.
Automatic analysis identifies functions, their parameters and other meta data such as calling conventions. A functions local variables are automatically analyzed and displayed in the functions control flow graph so you can interact with them, discovering references to locals, updating their data types and more.
Get the complete control flow graph for a function with automatic jump table and exception handler analysis. Discover code paths that would otherwise not be visible.
When possible analysis can resolve indirect call targets to give you the complete picture of a functions logic.
Quickly search for and identify interesting parts of the analysis or browse through everything. Items such as segments, imports, exports, functions, strings, bookmarks, symbol lines and search results are consolidated in a unified location for easy traversal.
Automatic analysis discovers data and identifies suitable data types either through analysis or via assistance from symbols when available. Identify primitive types, strings, complex structures and more.
Automatically identify commonly linked in static library code, such as compiler runtimes, via static library analysis. Identified static library functions are renamed to their original functions names, speeding up your ability to analyze the code.
Manage the available data types and create new types by defining them using C/C++ declarations. You can also import C/C++ header files in order to access the data types defined within them. Export the available data types as C/C++ headers for interoperability with your own tools.
Discover the relationships between code and data with interactive reference graphs. You can generate reference graphs either to specific targets or originating from specific targets. Interact with these reference graphs and navigate through the code and data you discover.
Use graph path highlighting to discover all the paths between any two nodes in a graph. Identify the shortest path to an interesting code block, or all the potential paths to some data in a reference graph.
Display and navigate code based on either relative virtual addresses or virtual addresses. Instantly re-base a binary to a new virtual base address, great when you are using Relyze with your debugger and have to deal with address space layout randomization (ASLR).
Leverage a rich Ruby plugin framework in order to expand Relyze with new capabilities and perform tailored analysis or research against a binary. An integrated plugin editor lets you quickly test out your ideas and everything runs as expected straight out of the box, no additional configuration or third party libraries required.
Use the integrated library manager to archive every file you analyze so you can build up a corpus over time. Apply your archives with custom tags and descriptions in order to easily find and categorize them.
Process large amounts of files via built in batch analysis. Batch analysis runs in parallel in order to blaze through multiple files quickly, automatically tag and archive them to your library or run custom plugins.
Use the GUI's multi tab design to navigate between modules for a fluid analysis experience. Double clicking on an import from one module will navigate you to the corresponding export in another model.
The GUI is fully themeable in order to give you the best viewing experience.
The GUI has full Unicode support, allowing you to use Unicode characters in all function and variable names as well as comments and any other user editable portions of the analysis.
Run plugins and analyze binaries on the command line, allowing you to integrate with your existing tool chains or build new work flows.