2024.01

Summary

esReven version 2024.01 is a major step for esReven, as it is the first release to allow multiple architectures! This version is the result of the team's efforts over 2023, and brings:

• esReven ARM, available as a separate package to the existing esReven x64 version.
• Integration of esReven into the esReverse platform.
• Minor updates for esReven Intel as well.

Product & major changes

esReven ARM

esReven ARM represents a shift in how esReven approaches trace recording: instead of providing a single integrated environment to record, esReven ARM will aim to provide integrations will multiple tools.

Note: the esReven ARM extension requires a license, separate from that esReven Intel extension.

As of today, you can record ARM-based traces with:

• Unicorn, thanks to the provided companion library reven_unicorn that's easy to integrate in existing unicorn scripts.
• esEmu, eShard's fork of QEMU that provides facilities such as hooks and fault injection. esEmu supports recording in a single address space, without support for MMU for now.

A knowledge module is provided with the installation to guide you through the creation of your first ARM trace:

About esReverse

As esReven gets integrated into the esReverse tool suite, it will be able to interact with, leverage, and provide data for the other tools of the platform.

This documentation covers esReven even when installed standalone, so all might not be relevant to your installation.

Improvements & updates

Changes:

• Python API: user can now request the architecture of the trace's target, stored in a ServerArch object:

  >>> print(server.architecture)
  ServerArch.Amd64
  

• Python API: Transition.pc returns a VirtualAddress instead of a unsigned int.

• Axion: correctly display instructions with more than 3 operands.

Updates

• JupyterLab: Python has been updated to version 3.10 (from 3.8). Note that the downloadable Python packages (for Windows and debian) are still targetting 3.11, as was the case in the previous version.