Features

Analyze and explore PE and ELF binaries

Relyze has extensive coverage for Portable Executable (PE) and Executable and Linking Format (ELF) binaries, letting you understand a binaries composition and leverage this rich meta data for analysis. Symbol formats such as PDB, embedded COFF, STAB, TDS and MAP files can also be loaded to further enrich the disassembly and analysis. Object files and object archives are also supported. Supported architectures include x86, x64, ARM32 (ARMv7 including Thumb mode) and ARM64 (AArch64).

Analyze and explore PE files

First look

Use the analysis overview to get a quick insight into a binary. Displaying information about the file, its associated hashes, embed file information, available security mitigations, analysis information, entropy graphs and any embedded security certificates.

  • First look
  • First look


Visualise the data

Use the entropy graph to identify packed or encrypted data and other anomalies. The entropy graph overlays corresponding file sections and is interactive so you can navigate into the structure or code views in order to learn more.

Visualise the data's entropy

Explore the structure

Drill down into a files structure in order to see exactly how it is composed. Explore the structure further with the hex editor, decoding and searching for data on the fly. You can also leverage custom decoders to manipulate portions of data.

Explore the structure

Analyze x86, x64, ARM32 and ARM64 code

Relyze lets you disassemble and analyze x86, x64, ARM32 and ARM64 code, and comes with support for the latest instruction set extensions. The plugin framework exposes full access to the disassembler so you can script it as you need.

Analyze x86, x64, ARM32 and ARM64 code

Decompiler

Our decompiler lets you quickly understand a programs behavior by emitting a high level pseudo code for a function. The decompiler is fully interactive, letting you rename and retype variables, navigate variable references and more.

Decompile x86, x64, ARM32 and ARM64 native code to pseudo code

Interactive Binary Diffing

Perform a differential analysis against two binaries and discover their differences and similarities. Learn what functions have been modified, removed or added. Perfect for patch analysis when verifying security fixes or when analyzing malware variants.

Binary Diffing

Pseudocode Binary Diffing

Leverage the decompiler and perform pseudo code diffing to quickly understand code modifications through a familiar diffing interface.

Pseudocode Binary Diffing

Multi Threaded Analysis

Relyze can perform parallel analysis and utilize all available processor cores, allowing you to blaze through large binaries and complete the analysis as fast as possible.

Parallel Analysis

Edit the code

With a built-in assembler for every supported architecture, you can edit an instruction on the fly and patch the binary. The analysis will reprocess the changed instructions in order to update the analysis. The plugin framework exposes full access to the assembler so you can script it as you need.

Edit the code

Navigate control flow graphs

Relyze visualizes functions with interactive control flow graphs, allowing you to navigate a functions code paths and interact with local variables, instructions and other properties.

Navigate control flow graphs

Navigate Call Graphs

Generate and explore interactive call graphs using multiple graph layout algorithms. Our DirectX based hardware accelerated graph rendering engine allows you to explore large complex graphs with a buttery smooth interface.

Navigate Call Graphs

Function analysis

Automatic analysis identifies functions, their parameters and other meta data such as calling conventions. A functions local variables are automatically analyzed and displayed in the functions control flow graph so you can interact with them, discovering references to locals, updating their data types and more.

Function analysis

See all the code paths

Get the complete control flow graph for a function with automatic jump table and exception handler analysis. Discover code paths that would otherwise not be visible.

See all the code paths

Resolve indirect calls

When possible analysis can resolve indirect call targets to give you the complete picture of a functions logic.

Resolve indirect calls

Find everything

Quickly search for and identify interesting parts of the analysis or browse through everything. Items such as segments, imports, exports, functions, strings, bookmarks, symbol lines and search results are consolidated in a unified location for easy traversal.

Find everything

Data type analysis

Automatic analysis discovers data and identifies suitable data types either through analysis or via assistance from symbols when available. Identify primitive types, strings, complex structures and more.

Data type analysis

Static Library Analysis

Automatically identify commonly linked in static library code, such as compiler runtimes, via static library analysis. Identified static library functions are renamed to their original functions names, speeding up your ability to analyze the code.

  • Static Library Analysis (Before)
  • Static Library Analysis (After)


Create and manage custom data types

Manage the available data types and create new types by defining them using C/C++ declarations. You can also import C/C++ header files in order to access the data types defined within them. Export the available data types as C/C++ headers for interoperability with your own tools.

Create and manage custom data types

Visualize relationships

Discover the relationships between code and data with interactive reference graphs. You can generate reference graphs either to specific targets or originating from specific targets. Interact with these reference graphs and navigate through the code and data you discover.

Visualize relationships

Find paths

Use graph path highlighting to discover all the paths between any two nodes in a graph. Identify the shortest path to an interesting code block, or all the potential paths to some data in a reference graph.

Find paths

Custom address modes

Display and navigate code based on either relative virtual addresses or virtual addresses. Instantly re-base a binary to a new virtual base address, great when you are using Relyze with your debugger and have to deal with address space layout randomization (ASLR).

Custom address modes

Expand with plugins

Leverage a rich Ruby plugin framework in order to expand Relyze with new capabilities and perform tailored analysis or research against a binary. An integrated plugin editor lets you quickly test out your ideas and everything runs as expected straight out of the box, no additional configuration or third party libraries required.

Expand with plugins

Archive everything

Use the integrated library manager to archive every file you analyze so you can build up a corpus over time. Apply your archives with custom tags and descriptions in order to easily find and categorize them.

Archive everything

Automated batch analysis

Process large amounts of files via built in batch analysis. Batch analysis runs in parallel in order to blaze through multiple files quickly, automatically tag and archive them to your library or run custom plugins.

Automated batch analysis

Multi tab design

Use the GUI's multi tab design to navigate between modules for a fluid analysis experience. Double clicking on an import from one module will navigate you to the corresponding export in another model.

Multi tab design

Custom GUI themes

The GUI is fully themeable in order to give you the best viewing experience.

  • Custom GUI themes
  • Custom GUI themes
  • Custom GUI themes


Unicode support

The GUI has full Unicode support, allowing you to use Unicode characters in all function and variable names as well as comments and any other user editable portions of the analysis.

Unicode support

Command Line support

Run plugins and analyze binaries on the command line, allowing you to integrate with your existing tool chains or build new work flows.

Command Line support

 

Download Now...