Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/ffri/projectchameleon

Analyzing CHPEV2 ARM64EC and ARM64X

https://github.com/ffri/projectchameleon

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (6.0%) to scientific vocabulary
Last synced: 5 months ago · JSON representation

Repository

Analyzing CHPEV2 ARM64EC and ARM64X

Basic Info
Statistics
  • Stars: 45
  • Watchers: 3
  • Forks: 8
  • Open Issues: 2
  • Releases: 0
Created over 4 years ago · Last pushed over 2 years ago
Metadata Files
Readme License

README.md

Project Chameleon

About this project

CHPE stands for Compiled Hybrid PE, which contains both x86 (or x86_64) code and Arm64 code. The special PE files are distributed for reducing the amount of JIT binary translation by xtajit.dll (or xtajit64.dll). You can find the more detailed explanations at Cylance Research Team's Blog and "WoW64 internals ...re-discovering Heaven's Gate on ARM."

These PE files were previously located only at %SystemRoot%\SysChpe32. However, after the introduction of x64 emulation feature, much of the DLLs at %SystemRoot%\System32 have become a new type of CHPE called CHPEV2 ARM64EC and ARM64X.

This project collects reverse engineering results of CHPEV2.

Contents

Why "Chameleon" ?

This is because "VsDevCmd.bat" has the "-chameleon" compile flag for building CHPEV2 ARM64EC files.

chameleon compile flag in VsDevCmd.bat

Author

Koh M. Nakagawa. © FFRI Security, Inc. 2021

License

Apache version 2.0

Owner

  • Name: FFRI Security, Inc.
  • Login: FFRI
  • Kind: organization
  • Location: Tokyo, Japan

Next Generation Security

GitHub Events

Total
  • Watch event: 8
  • Fork event: 3
Last Year
  • Watch event: 8
  • Fork event: 3

Issues and Pull Requests

Last synced: 11 months ago

All Time
  • Total issues: 2
  • Total pull requests: 4
  • Average time to close issues: about 14 hours
  • Average time to close pull requests: 6 days
  • Total issue authors: 2
  • Total pull request authors: 3
  • Average comments per issue: 1.0
  • Average comments per pull request: 4.0
  • Merged pull requests: 3
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • 0xbadfca11 (1)
  • maxdm (1)
Pull Request Authors
  • DavidXanatos (2)
  • kohnakagawa (1)
  • KevinW1998 (1)
Top Labels
Issue Labels
Pull Request Labels

Dependencies

ghidra_scripts/build.gradle maven
  • org.jetbrains:annotations 20.1.0 implementation
arm64x_reloc_tools/poetry.lock pypi
  • appdirs 1.4.4 develop
  • black 21.6b0 develop
  • cfgv 3.3.0 develop
  • distlib 0.3.2 develop
  • filelock 3.0.12 develop
  • flake8 3.9.2 develop
  • flake8-black 0.2.1 develop
  • flake8-isort 4.0.0 develop
  • identify 2.2.11 develop
  • isort 5.9.2 develop
  • mccabe 0.6.1 develop
  • mypy 0.910 develop
  • mypy-extensions 0.4.3 develop
  • nodeenv 1.6.0 develop
  • pathspec 0.8.1 develop
  • pre-commit 2.13.0 develop
  • pycodestyle 2.7.0 develop
  • pyflakes 2.3.1 develop
  • pyyaml 5.4.1 develop
  • regex 2021.7.6 develop
  • six 1.16.0 develop
  • testfixtures 6.17.1 develop
  • toml 0.10.2 develop
  • typing-extensions 3.10.0.0 develop
  • virtualenv 20.4.7 develop
  • click 7.1.2
  • lief 0.11.5
  • typer 0.3.2
arm64x_reloc_tools/pyproject.toml pypi
  • black ^21.6b0 develop
  • flake8 ^3.9.2 develop
  • flake8-black ^0.2.1 develop
  • flake8-isort ^4.0.0 develop
  • isort ^5.9.1 develop
  • mypy ^0.910 develop
  • pre-commit ^2.13.0 develop
  • lief ^0.11.5
  • python ^3.8
  • typer ^0.3.2
chpe_scanner/poetry.lock pypi
  • appdirs 1.4.4 develop
  • black 21.5b0 develop
  • isort 5.8.0 develop
  • mypy-extensions 0.4.3 develop
  • pathspec 0.8.1 develop
  • regex 2021.4.4 develop
  • toml 0.10.2 develop
  • click 7.1.2
  • lief 0.11.3
  • typer 0.3.2
chpe_scanner/pyproject.toml pypi
  • black ^21.5b0 develop
  • isort ^5.8.0 develop
  • lief 0.11.3
  • python ^3.8
  • typer ^0.3.2
docs_src/poetry.lock pypi
  • click 8.0.4
  • colorama 0.4.4
  • ghp-import 2.0.2
  • importlib-metadata 4.11.3
  • jinja2 3.0.3
  • markdown 3.3.6
  • markupsafe 2.1.1
  • mergedeep 1.3.4
  • mkdocs 1.2.3
  • mkdocs-material 7.3.6
  • mkdocs-material-extensions 1.0.3
  • packaging 21.3
  • pygments 2.11.2
  • pymdown-extensions 9.3
  • pyparsing 3.0.7
  • python-dateutil 2.8.2
  • pyyaml 6.0
  • pyyaml-env-tag 0.1
  • six 1.16.0
  • watchdog 2.1.6
  • zipp 3.7.0
docs_src/pyproject.toml pypi
  • mkdocs ^1.1.2
  • mkdocs-material ^7.1.5
  • python ^3.8