> Documentation > What-Is-esReven

Table of content

• What is esReven?
  • Summary
  • Get the job done
  • Timeless analysis as a first-class citizen
  • Batteries included
  • How does it work?
  • I want to learn more

What is esReven?

Summary

esReven is a Timeless Debugging and Analysis (TDnA) Platform designed to go x10 faster & x10 deeper while reverse engineering.

esReven users use it for vulnerability analysis, malware analysis, software discovery, exploration of Windows or Linux kernel mechanisms, etc.

Technically, esReven records the execution of an entire virtual machine for a duration of time, then provides access to that recording via both a GUI (named Axion) and an Python API to allow analysis.

The analyst can follow the trace of all executed CPU instructions for all processes and kernel modules, alongside memory and CPU registers.

Moreover, esReven provides unique analysis features such as the Memory history or the Taint. Finally, esReven provides high-level context with process names, binaries and symbols.

Get the job done

Below are a few examples representative of what can be achieved with esReven:

• Analyze a Chrome CVE
• Detect Interprocess Use of Uninitialized Memory
• Find uses of cryptographic functions and the data encrypted
• Compare traces
• Trace network data back to encryption
• Automate recordings and analysis
• Record non-determinist crashes

Note: these resources may still refer to the previous company name "Tetrane", which was developing the product before the release of esReven 2023.01.

Timeless analysis as a first-class citizen

esReven and its collection of features provides a unique way to reason about the execution of a system and extract answers from a recorded trace:

• Explore the recorded trace timelessly and intuitively with the Trace View, the Search, or the Call tree.
• Stay at the level of a process or dive deep into kernel and driver code if necessary.
• Follow the data flow between functions, binaries or processes with the Memory History and the Taint engine and get immediate answers.
• Automate repetitive actions or build complex heuristics with the Python API.

See the Axion Views for more screenshots of the various provided features.

Batteries included

A lot of effort went into making esReven a comprehensive and easy-to-use tool in your toolbox:

• Import Virtual Machines and record scenarios easily with the step-by-step GUI.
• Access the whole scenario's data and discover features with the Analysis GUI.
• See debug symbols thanks to automatic PDBs download and support for linux debug files.
• Combine esReven with other tools thanks to the built-in integration with third-parties: WinDbg, IDA / Ghidra / Binary Ninja, Wireshark...
• Get direct support from the development team as part of your license, to sort out questions or issues quickly.

How does it work?

esReven is built as mutiple moving parts:

• A Recorder & Replayer, to record the Virtual Machine & replay its execution later on. esReven can plug on multiple recorders (and you can build your own), by default esReven integrates with and recommends using QEMU-based PANDA.
• An analysis engine, that builds indexes and provides the high level features of trace navigation, tainting, filtering, etc.
• Multiple GUIs and Python APIs to glue this all together and provide a seamless experience.

I want to learn more

Here is a list of further resources should you want to know more about the product:

• Try esReven online (or watch videos)
• Some blog articles about esReven