بنقرة واحدة
general-reverse-engineering
General-purpose binary analysis — understand functionality, architecture, and behavior
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
General-purpose binary analysis — understand functionality, architecture, and behavior
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Patch binary code in Binary Ninja using natural language — read, assemble, write, verify
Patch binary code in IDA Pro using natural language — read, assemble, write, verify
Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly
Write and execute Binary Ninja Python scripts — full API reference included
Write and execute IDAPython scripts — full API reference included
Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping
| name | General Reverse Engineering |
| description | General-purpose binary analysis — understand functionality, architecture, and behavior |
| tags | ["analysis","reverse-engineering","general"] |
Task: General Reverse Engineering. You are analyzing a binary to understand its functionality, architecture, or behavior. No assumption about maliciousness.
Build a mental map of the binary's structure. Start at the entry point or user-specified function. Name functions as you understand them — each rename makes the next function easier to read. Focus on what the user is interested in, not exhaustive coverage.
get_binary_info — format, architecture, size, function countlist_imports + list_exports — understand the binary's interface (batch these)decompile_function → understand → rename_function / rename_variable → follow call chainsxrefs_to and xrefs_from to trace data and code referencesUse xref tools BEFORE decompiling for exploration — they're cheaper:
function_xrefs on entry → map top-level subsystems without decompiling everythingxrefs_to on interesting imports → find which functions use specific APIsDepth guidance:
Libraries/frameworks: Focus on exported functions and their calling conventions. Use list_exports to map the public API.
Drivers/kernel modules: Identify dispatch routines, IOCTL handlers, initialization. Consider using /driver-analysis for Windows drivers.
Proprietary formats: Trace the parsing code. Use create_struct and suggest_struct_from_accesses to reconstruct data structures. Apply with apply_struct_to_address.
Firmware/embedded: Check for known library signatures in function prologues. Map memory-mapped I/O regions via list_segments.
Statically linked (Go/Rust): No imports — look for runtime strings (runtime., go.itab, panicked at). Function count will be high; focus on entry and user code.
set_comment and set_function_comment to document non-obvious logicDeliver what the user asks for: