Analysis updated 2026-05-18
Emulate and step through suspicious Windows or Linux binaries to analyze malware safely.
Reverse engineer a program by observing its instructions, memory, and syscalls at runtime.
Debug low level code by setting breakpoints and inspecting memory in an emulated environment.
| advdebug/brovan | iammrmikeman/mt5ea-forextrading | tyrrrz/deorcify | |
|---|---|---|---|
| Stars | 51 | 50 | 53 |
| Language | C# | C# | C# |
| Last pushed | — | — | 2026-06-13 |
| Maintenance | — | — | Maintained |
| Setup difficulty | moderate | easy | easy |
| Complexity | 5/5 | 1/5 | 2/5 |
| Audience | developer | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires the .NET 8 SDK and the Unicorn engine library placed under Resources.
Brovan is a binary emulator, a tool that lets you run and inspect program files inside a controlled, simulated environment instead of executing them directly on your computer. You load a Windows or Linux program into it and watch what the program does step by step, without putting your real system at risk. The main use case is security analysis. If you receive a suspicious file or want to understand what a piece of software is actually doing, Brovan lets you load it and observe every instruction, memory access, and system interaction it makes. It supports several file formats, including the standard executable formats used by Windows called PE, the ones used by Linux called ELF, raw memory dumps, and generic files that do not match a recognized format. Once a binary is loaded, Brovan opens an interactive command shell similar to a debugger, where you can pause execution, step through code one instruction at a time, set breakpoints that stop execution at chosen points, inspect and search memory, and save snapshots of the program's state to restore later. It can also trace system calls, monitor function calls with their arguments, and control whether the emulated program can reach the network, with settings ranging from no access at all to full network access. Brovan protects the host machine by redirecting the emulated program's file writes into its own virtual filesystem rather than the real disk. File reads can still touch real host files in some cases, since a program may need genuine system libraries to run correctly, so the README recommends treating unknown samples with the same caution used in any malware lab and disabling network access by default when analyzing unfamiliar files. This tool suits security researchers analyzing malware, developers debugging low level code, and anyone doing reverse engineering, meaning the practice of understanding software by observing its behavior rather than reading source code. It is written in C sharp and requires the dotnet 8 SDK to build, along with the Unicorn emulation engine.
A binary emulator for safely running and inspecting Windows and Linux programs, built for malware analysis and reverse engineering.
Mainly C#. The stack also includes C#, .NET 8, Unicorn Engine.
No license information is stated in the README.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.