Integrated Assembler
The main feature addition in this release is the addition of assembler support for all our existing supported architectures (x86, x64 and ARM including Thumb and Thumb2), exposed in both the UI and plugin framework. This is a great addition for patching binaries as you work and will be valuable for anything from CTF challenges to reversing dynamic obfuscation techniques and more.
Editing an existing instruction in the UI is easy, just select the instruction you want to edit and either use the keyboard shortcut 'e' or select Block -> Edit Instruction from the right click menu. As you edit the instructions assembly you will see a live encoding of the new instruction along with any error messages. This live feedback is really useful if you are working with a syntax or architecture you are not wholly familiar with.
As instructions in an analysis model are modified, the analysis is updated to reflect the changes. This can include things like adjusting a function's control flow graph, identifying new data references and so on. A new menu option to 'Export to Raw File' when right clicking an analysis tab allows you to write the binary back to disk if you need to.
Other Changes
We have added static library packages for the newly released Visual Studio 2017. Static library analysis is our solution that allows commonly linked in static library code to be identified during analysis in order to enrich the analysis and simplify the task of reverse engineering a binary.Our PE loader has been updated to correctly parse and display the most recent additions to the IMAGE_LOAD_CONFIG_DIRECTORY structure, specifically we now parse, display and add to the analysis the new export suppression and long jump guard tables and their entries.
Another small but useful addition when loading an ELF based kernel module is the .modinfo entries are now identified and displayed in the Overview.