Insight

2015
16 weeks
C++
5600
Live disassembly x86 PE Header x86 PE Disassembly DOS Header .rdata strings ELF Header ELF Disassembly

Insight is a static executable analyzer and x86-64 disassembler. Programmed in C++ and written from scratch. The core structure is a portable file analyzer and disassembler. On top of that is a graphical user interface which uses the Win32 API. It currently supports Windows PE and Linux ELF files, but it can be easily extended for any other type.

The analyzer display the file format structure in a dynamic tree view. It extracts all known fields of various file headers and tables and prints them in a meaningful manner. It is also able to decode the "Rich Block" which is inserted into the DOS Stub by Microsoft Visual C++ Linkers.

The disassembler can switch between Real (16-bit), Protected (32-bit), and 64-bit. The correct mode is automatically detected for loaded executable. It can also be used as a live disassembler, where the user can freely input bytes, which are immediately disassembled.

It was developed during my Reverse Engineering seminar at the Technical University of Munich.

Important: The Insight disassembler doesn't support all available x86-64 instructions, so don't rely on the disassembly output.

Download the current build!

Requirements:
+ Windows 7, 8 or 10
+ Visual C++ Redistributable which you can find here