一键导入
general-reverse-engineering
General-purpose binary analysis — understand functionality, architecture, and behavior
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
General-purpose binary analysis — understand functionality, architecture, and behavior
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Patch binary code in Binary Ninja using natural language — read, assemble, write, verify
Patch binary code in IDA Pro using natural language — read, assemble, write, verify
Systematic binary deobfuscation — string decryption, control flow flattening (CFF) removal, opaque predicate elimination, mixed boolean-arithmetic (MBA) simplification, bogus control flow, instruction substitution reversal, dead code removal, and anti-disassembly fixes. Trigger: deobfuscate, unobfuscate, deobfuscation, CFF, flatten, opaque predicate, MBA, obfuscated, OLLVM, Tigress, VMProtect, string decryption, junk code, bogus control flow, instruction substitution, anti-disassembly
Write and execute Binary Ninja Python scripts — full API reference included
Write and execute IDAPython scripts — full API reference included
Expert ELF malware analysis — packing, toolchain ID, kill chain, persistence, C2, rootkits, cryptominers, Go/Rust/Mirai patterns, MITRE ATT&CK mapping
| name | General Reverse Engineering |
| description | General-purpose binary analysis — understand functionality, architecture, and behavior |
| tags | ["analysis","reverse-engineering","general"] |
Task: General Reverse Engineering. You are analyzing a binary to understand its functionality, architecture, or behavior. No assumption about maliciousness.
Build a mental map of the binary's structure. Start at the entry point or user-specified function. Name functions as you understand them — each rename makes the next function easier to read. Focus on what the user is interested in, not exhaustive coverage.
get_binary_info — format, architecture, size, function countlist_imports + list_exports — understand the binary's interface (batch these)decompile_function → understand → rename_function / rename_variable → follow call chainsxrefs_to and xrefs_from to trace data and code referencesUse xref tools BEFORE decompiling for exploration — they're cheaper:
function_xrefs on entry → map top-level subsystems without decompiling everythingxrefs_to on interesting imports → find which functions use specific APIsDepth guidance:
Libraries/frameworks: Focus on exported functions and their calling conventions. Use list_exports to map the public API.
Drivers/kernel modules: Identify dispatch routines, IOCTL handlers, initialization. Consider using /driver-analysis for Windows drivers.
Proprietary formats: Trace the parsing code. Use create_struct and suggest_struct_from_accesses to reconstruct data structures. Apply with apply_struct_to_address.
Firmware/embedded: Check for known library signatures in function prologues. Map memory-mapped I/O regions via list_segments.
Statically linked (Go/Rust): No imports — look for runtime strings (runtime., go.itab, panicked at). Function count will be high; focus on entry and user code.
set_comment and set_function_comment to document non-obvious logicDeliver what the user asks for: