An Interactive Disassembler for x86/ARM/MIPS - Plasma

PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax. You can write scripts with the available Python api (see an example below). The project is still in big development.

wiki : TODO list and some documentation.

It supports :

• architectures : x86{64}, ARM, MIPS{64} (partially for ARM and MIPS)
• formats : ELF, PE, RAW

Warning: until structures and type definitions are not implemented, the database compatibility could be broken.

Requirements

• python >= 3.4
• capstone
• python-pyelftools
• pefile + python3-future
• python-msgpack >= 0.4.6
• c++filt (available in the binutils Linux package)
• terminal should support UTF8 and 256 colors (if not, use the option --nocolor)

Optional :

• python-qt4 used for the memory map
• keystone for the script asm.py

Installation

./install.sh

Or if you have already installed requirements with the previous command :

./install.sh --update

Check tests :

make
....................................................................................
84/84 tests passed successfully in 2.777975s
analyzer tests...
...

Pseudo-decompilation of functions

$ plasma -i tests/server.bin
>> v main
# you can press tab to show the pseudo decompilation
# | to split the window
# See the command help for all shortcuts

Qt memory map (memmap)
The image is actually static.

Scripting (Python API)
See more on the wiki for the API.
Some examples (these scripts are placed in plasma/scripts) :

$ plasma -i FILE
plasma> py !strings.py             # print all strings
plasma> py !xrefsto.py FUNCTION    # xdot call graph
plasma> py !crypto.py              # detect some crypto constants
plasma> py !asm.py CODE            # assemble with keystone
plasma> py !disasm.py HEX_STRING   # disassemble a buffer

Download Plasma