zynamics BinNavi is the leading open source binary code reverse engineering tool
based on graph visualization

BinNavi is a binary code reverse engineering tool that was built to assist vulnerability researchers who look for vulnerabilities in disassembled code.

With BinNavi you can analyze disassembled x86, ARM, PowerPC, and MIPS code using the powerful built-in static code analysis techniques. In cases where static code analysis is not enough, you can use the built-in debuggers to get a live view on the program you are analyzing.

The code is available on GitHub.
Use Cases
  • Do control flow based code analysis of disassembled x86, ARM, MIPS, and PowerPC code
  • Cut down on complexity by removing unimportant code from functions
  • Use powerful remote debuggers to debug programs on different operating systems
  • Use Differential Debugging to quickly locate relevant code
  • Create and assign user-defined tags to mark important functions and basic blocks
  • Use advanced code analysis algorithms to keep track of data and code
  • Manage all your reverse engineering projects in one central database
  • Write scripts and plugins to extend BinNavi to meet your specific goals
  • Rename and annotate variables and functions to make them self-explanatory
  • Use the REIL meta-language to write platform-independent program analysis code

To learn more about the features and use cases of BinNavi please take a look at the BinNavi manual.
BinNavi 3.0 main window

Screenshot 1: BinNavi 3.0 main window

BinNavi graph window

Screenshot 2: BinNavi graph window

Highlighting call instructions

Screenshot 3: Highlighting call instructions in disassembled code

Debug trace

Screenshot 4: Debug trace that logs registers and memory values

Debugging a Cisco router

Screenshot 5: Debugging a Cisco 2600 router (Using GDB Agent, see below)


Screenshot 6: Using scripts to access disassembly data


Screenshot 7: Using the platform-independent intermediate language REIL

Two videos are available that demonstrate the workflow with BinNavi.

The first video shows how BinNavi is used to isolate potentially interesting code in the Pidgin instant messenger client. In less than four minutes, the functions responsible for sending and receiving messages are isolated.

Video: Isolating interesting code in Pidgin (5 MB Flash Video)

The second video shows how BinNavi is used to resolve the target addresses of dynamic function calls. This is useful to get a better idea of the control flow in programs with many dynamic function calls, for example C++ programs which make use of class inheritance.

Video: Automatically resolving dynamic function calls (13 MB Flash Video)

GDB Agent
Out of the box BinNavi can debug applications on 32-bit Windows, 32-bit Linux, and Windows Mobile. To debug devices that run a GDB server, BinNavi also includes a debugger GDB Agent.

The GDB Agent can be used to debug a wide variety of devices like Cisco routers or Netscreen firewalls. If you want to learn more about the supported devices and whether the GDB Agent is useful for you, please contact the zynamics customer support.