Sojobo v1.1 releases: A binary analysis framework

Sojobo – A binary analysis framework

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don’t need to install or compile any other external libraries (the project is self-contained).

With Sojobo you can:

• Emulate a (32 bit) PE binary
• Inspect the memory of the emulated process
• Read the process state
• Display a disassembly of the executed code
• Emulate functions in a managed language (C# || F#)

Sojobo allows to emulate PE binary (32 bit) and to interact with the emulation. It implements a Sandbox class that can be used to emulate a given binary.

Sojobo is intended to be used as a framework to create program analysis utilities. However, various sample utilities were created in order to show how to use the framework in a profitable way.

Changelog v1.1

• Added support to load external libraries
• PEB->Ldr is correctly initialized according to the loaded modules
• It is now possible to set memory hooks
• Implemented C# binding to easier the usage of Sojobo library from C# developers
• Added support to automatically load libraries (can be disabled via settings)
• Added support to make Sandbox snapshot
• Created documentation page

Download

Copyright (C) 2019 Antonio Parata – @s4tan