动态分析
========================================

动态插桩
----------------------------------------
- `DynamoRIO <https://github.com/DynamoRIO/dynamorio>`_ Dynamic Instrumentation Tool Platform
- `pintools <https://github.com/jonathansalwan/pintools>`_ Pintool example and PoC for dynamic binary analysis
- `frida <https://github.com/frida/frida>`_
- `QBDI <https://github.com/QBDI/QBDI>`_ A Dynamic Binary Instrumentation framework based on LLVM
- `TinyInst <https://github.com/googleprojectzero/TinyInst>`_ A lightweight dynamic instrumentation library

符号执行
----------------------------------------
- `Z3 <https://github.com/Z3Prover/z3>`_
- `manticore <https://github.com/trailofbits/manticore>`_  Symbolic execution tool

gdb插件
----------------------------------------
- `peda <https://github.com/longld/peda>`_
- `pwndbg <https://github.com/pwndbg/pwndbg>`_ Exploit Development and Reverse Engineering with GDB Made Easy
- `GEF <https://github.com/hugsy/gef>`_ GDB Enhanced Features for exploit devs & reversers

调试工具
----------------------------------------
- `bcc <https://github.com/iovisor/bcc>`_
- `openresty systemtap toolkit <https://github.com/openresty/openresty-systemtap-toolkit>`_
- `dtrace <https://github.com/dtrace4linux/linux>`_
- `uftrace <https://github.com/namhyung/uftrace>`_
- `qira <https://github.com/geohot/qira>`_ QEMU Interactive Runtime Analyse

模拟执行
----------------------------------------
- `qemu <https://github.com/qemu/>`_
- `unicorn <https://github.com/unicorn-engine/unicorn>`_
- `OpenEmu <https://github.com/OpenEmu/OpenEmu>`_
- `panda <https://github.com/panda-re/panda>`_ Platform for Architecture-Neutral Dynamic Analysis
- `avatar2 <https://github.com/avatartwo/avatar2>`_

进程分析
----------------------------------------
- `Process Explorer <https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer>`_
- `PeDoll <https://github.com/matrixcascade/PeDoll>`_ Application behavior monitor based on inline hook
- `libunwind <https://github.com/libunwind/libunwind>`_

hook
----------------------------------------
- `plthook <https://github.com/kubo/plthook>`_ Hook function calls by replacing PLT(Procedure Linkage Table) entries.
- `funchook <https://github.com/kubo/funchook>`_ Hook function calls by inserting jump instructions at runtime

污点分析
----------------------------------------
- `Triton <https://github.com/JonathanSalwan/Triton>`_
- `bap <https://github.com/BinaryAnalysisPlatform/bap>`_ Binary Analysis BinaryAnalysisPlatform