Skip to content

Native Code Analysis

JEB is fully-equipped to perform native code analysis of binary files compiled for Windows (PE), Linux and variants (ELF), or most other platforms, including headless firmware files.

Info

Find additional documentation about JEB's native analysis pipeline (code analysis and decompilation) on our blog: List of posts tagged Native Code.

Decompilers#

JEB Pro ships with analysis modules, including gendec decompilers for Intel x86, ARM, MIPS, Ethereum, WebAssembly, and more.

Siglibs#

JEB supports the creation of signature libraries (siglibs) for library code recognition. JEB Pro includes complete library signature sets for:

  • Android NDK libraries (ARM/ARM64). Common libraries (libc, libc++, zlib, etc.) are signed from NDK v11 up to the latest version (v20 as of 11/19).
  • Microsoft Visual Studio libraries (x86/x86-64). C runtime libraries and standard C++ libraries are signed from Visual Studio 2003 up to Visual Studio 2019.

Note

Users can generate their own signature libraries: Native Signatures Generation (blog); Android NDK signatures presentation Android NDK Library Signatures (blog)

Typelibs#

JEB supports the creation of type libraries (typelibs) for common Windows and Linux subsystems, including:

  • Android NDK on ARM 32-bit
  • Android NDK on ARM 64-bit
  • Android NDK on x86 32-bit
  • Android NDK on x86 64-bit
  • Windows win32 on Intel x86 32-bit
  • Windows win32 on Intel x86 64-bit
  • Windows win32 on ARM 32-bit
  • Windows win32 on ARM 64-bit
  • Windows DDK on Intel x86 32-bit
  • Windows DDK on Intel x86 64-bit
  • Linux glibc on Intel x86 32-bit
  • Linux glibc on ARM 32-bit
  • Linux glibc on MIPS 32-bit

Note

Users can generate their own type libraries: Native Types and Typelibs (blog)

Native Code Actions#

Common native code actions can Be found in the Native menu:


Section to be completed