Sojobo – A Binary Analysis Framework

Sojobo - A Binary Analysis Framework

The binary file is often used for injecting trojan/malware. So the hacker can inject a binary with malicious code to hijack your computer. To know how hacker inject their malicious code you need perform Reverse Engineering and analyze the source code. Sojobo is tool that can use to perform Binary Analysis to find potentially malicious files.

Overview

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don’t need to install or compile any other external libraries (the project is self contained).

With Sojobo you can:

  • Emulate a (32 bit) PE binary
  • Inspect the memory of the emulated process
  • Read the process state
  • Display a disassembly of the executed code
  • Emulate functions in a managed language (C# || F#)

Using Sojobo

Sojobo is intended to be used as a framework to create program analysis utilities. However, various sample utilities were created in order to show how to use the framework in a profitable way.

Tengu

Tengu is an utility which is based on Sojobo. It allows to emulate a given process and control the execution by providing a debugger like UI (in particular it was inspired by the windbg debugger).

Documentation

The project is fully documented in F# (cit.) 🙂 Joking apart, I plan to write some blog posts related to how to use Sojobo. Below a list of the current posts:

You can also read the API documentation.

Compile

In order to compile Sojobo you need .NET Core to be installed and Visual Studio. To compile just run build.bat.


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − 10 =