Why Did I Build This?
"Firing up heavyweight disassemblers like IDA Pro or Ghidra just to peek at a binary's strings, grab an MD5, or patch a single `jz` to `jmp` is massive overkill. I engineered this tool to serve as an immediate, first-line triage and patching workbench. It allows me to safely inspect potentially malicious executables, isolate network indicators, and inject compiled assembly instructions directly into raw hex offsets without leaving the interface."
Architecture & Decisions
The application is built on a responsive Tkinter frontend decoupled from the heavy processing logic via a strict producer-consumer threading model and `queue.Queue` polling. This prevents UI lockups during intensive I/O operations. It natively integrates the Capstone framework for x86-64 disassembly and the Keystone framework to compile human-readable assembly back into raw machine code bytes for live patching. To ensure absolute memory stability, I implemented a safety threshold: binaries over 20MB are fully processed and dumped directly to Markdown artifacts, while the GUI strictly caps its visualization buffer to the first 1,000 instructions to prevent Tkinter text widget memory exhaustion.
Key Features
- 01.Non-blocking Tkinter GUI utilizing asynchronous thread queues
- 02.Live binary patching via Keystone engine (Assembly to Hex compilation)
- 03.Real-time x86-64 disassembly via Capstone engine
- 04.Heuristic Regex engine for automated IoC categorization (IPv4, URLs, Paths)
- 05.Memory-safe Markdown artifact generation for massive payloads
- 06.Built-in hex offset calculator and targeted search engine