{"id":13441254,"url":"https://github.com/cmu-sei/pharos","last_synced_at":"2025-05-14T10:13:33.767Z","repository":{"id":33683452,"uuid":"37336218","full_name":"cmu-sei/pharos","owner":"cmu-sei","description":"Automated static analysis tools for binary programs","archived":false,"fork":false,"pushed_at":"2025-03-27T20:13:57.000Z","size":47698,"stargazers_count":1587,"open_issues_count":49,"forks_count":197,"subscribers_count":80,"default_branch":"master","last_synced_at":"2025-04-05T00:01:37.673Z","etag":null,"topics":["binary-analysis","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cmu-sei.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-06-12T17:51:42.000Z","updated_at":"2025-03-30T01:25:45.000Z","dependencies_parsed_at":"2023-02-17T07:31:13.903Z","dependency_job_id":"5a465ef6-4927-4e9c-9d69-9d47ac6194d2","html_url":"https://github.com/cmu-sei/pharos","commit_stats":{"total_commits":158,"total_committers":21,"mean_commits":7.523809523809524,"dds":0.6329113924050633,"last_synced_commit":"186a2e4f0e380df7fb83c8ed434f5ef50fc2bce0"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmu-sei%2Fpharos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmu-sei%2Fpharos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmu-sei%2Fpharos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmu-sei%2Fpharos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cmu-sei","download_url":"https://codeload.github.com/cmu-sei/pharos/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248509963,"owners_count":21116125,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-analysis","reverse-engineering"],"created_at":"2024-07-31T03:01:31.654Z","updated_at":"2025-04-12T02:54:50.005Z","avatar_url":"https://github.com/cmu-sei.png","language":"C++","funding_links":[],"categories":["C++","Detection and Classification","Automated Reverse Engineering","Debugging and Reverse Engineering"],"sub_categories":["Other Resources"],"readme":"# Pharos Static Binary Analysis Framework\n\nThe Pharos static binary analysis framework is a project of the\nSoftware Engineering Institute at Carnegie Mellon University.  The\nframework is designed to facilitate the automated analysis of binary\nprograms.  It uses the ROSE compiler infrastructure developed by\nLawrence Livermore National Laboratory for disassembly, control flow\nanalysis, instruction semantics, and more. This software is released\nunder a BSD [license](LICENSE.md).\n\nThe current distribution is a substantial update to the previous\nversion, and adds a variety of features including improvements to the\nOOAnalyzer tool, experimental path analysis code, partitioner\nimprovements, multi-threading, and many other smaller features.\n\nThe Pharos framework is a research project, and the code is undergoing\nactive development.  No warranties of fitness for any purpose are\nprovided. While this release provides build instructions, unit tests,\nand some documentation, much work remains to be done.  We've tested a\nfew select build configurations, but we have not actively tested the\nportability of the source code. See the [installation\ninstructions](INSTALL.md) for more details.\n\nSince the primary objective for releasing this code is to provide\ntransparency into our research and stimulate conversation with other\nbinary static analysis researchers, please feel free to contact Cory\nCohen \u003ccfc@cert.org\u003e with questions you may have about this work.  I\nmay be unable to respond in a timely manner, but I will do my best.\n\n# Pharos Static Binary Analysis Tools\n\n## [APIAnalyzer](tools/apianalyzer/apianalyzer.pod)\n\nApiAnalyzer is a tool for finding sequences of API calls with the\nspecified data and control relationships.  This capability is intended\nto be used to detect common operating system interaction paradigms\nlike opening a file, writing to it, and the closing it.\n\n## [OOAnalyzer](tools/ooanalyzer/ooanalyzer.pod)\n\nOOAnalyzer is a tool for the analysis and recovery of object oriented constructs. This tool was\nthe subject of a paper titled [\"Using Logic Programming to Recover C++ Classes and Methods from\nCompiled Executables\"](https://edmcman.github.io/papers/ccs18.pdf) which was published at the\nACM Conference on Computer and Communications Security in 2018. The tool identifies object\nmembers and methods by tracking object pointers between functions in the program.  A previous\nimplementation of this tool was named \"Objdigger\", but it was renamed to reflect a substantial\nredesign using Prolog rules to recover the object attributes.  The current version of the tool\nonly supports analysis of 32-bit x86 executables compiled by Microsoft Visual C++.  For more\ndetailed instructons on how to run OOAnalyzer on very large executables, see these\n[notes](share/prolog/oorules/README.md).\n\nThe Pharos distribution used to include a plugin that imported OO\ninformation exported by OOAnalayzer into the\n[Ghidra](https://ghidra-sre.org/) reverse engineering tool set.  To get\nthat functionality now and in the future, install the\n[Kaiju](https://github.com/CERTCC/kaiju) Ghidra plugin, which includes\nthe functionality that was provided by the OOAnalayzer plugin.\n\n## [CallAnalyzer](tools/callanalyzer/callanalyzer.pod)\n\nCallAnalyzer is a tool for reporting the static parameters to API\ncalls in a binary program.  It is largely a demonstration of our\ncurrent calling convention, parameter analysis, and type detection\ncapabilities, although it also provides useful analysis of the code in\na program.\n\n## [FN2Yara](tools/fn2yara/fn2yara.pod)\n\nFN2Yara is a tool to generate YARA signatures for matching functions\nin an executable program.  Programs that share significant numbers of\nfunctions are are likely to have behavior in common.\n\n## [FN2Hash](tools/fn2hash/fn2hash.pod)\n\nFN2Hash is tool for generating a variety of hashes and other\ndescriptive properties for functions in an executable program.  Like\nFN2Yara it can be used to support binary similarity analysis, or\nprovide features for machine learning algorithms.\n\n## [DumpMASM](tools/dumpmasm/dumpmasm.pod)\n\nDumpMASM is a tool for dumping disassembly listings from an executable\nusing the Pharos framework in the same style as the other tools.  It\nhas not been actively maintained, and you should consider using ROSE's\nstandard recursiveDisassemble instead\n\u003chttp://rosecompiler.org/ROSE_HTML_Reference/rosetools.html\u003e.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmu-sei%2Fpharos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcmu-sei%2Fpharos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmu-sei%2Fpharos/lists"}