Execution snapshots
VMill
Snapshot-based process emulator for executing lifted binaries and instrumenting them in LLVM form.
View on GitHub
lifting-bits/vmill
Best for
Reproducing binary behavior from captured process state.
Surface
Execution snapshots
Catalog group
Analyze binaries and reverse engineer behavior
Repository
lifting-bits/vmill
From the README
VMill is a snapshot-based process emulator. It just-in-time lifts machine code to LLVM bitcode, and enables that bitcodet to be instrumented. That bitcode is then compiled to machine code and executed. If you are experiencing undocumented problems with Remill then ask for help in the #binary-lifting channel of the Empire Hacking Slack. Remill is supported on Linux platforms and has been tested on debian testing.Read the full README on GitHub ↗
Related tools · Analyze binaries and reverse engineer behavior
- Remill Machine-code lifter that translates instructions into LLVM bitcode for later analysis and transformation.
- Anvill Lifting primitives that aim for Clang-like bitcode quality so decompiled output is easier to reason about.
- Manticore Symbolic execution engine for binaries, smart contracts, and WebAssembly programs.
- Maat Dynamic symbolic execution and binary-analysis framework with taint analysis, environment simulation, and constraint solving.
- Codex Decompiler Ghidra plugin that uses language models to improve decompilation and reverse-engineering workflows.