Skip to content
Self-hosting binary instrumentation framework for security research
C++ C Makefile Shell Perl Assembly Other
Branch: master
Clone or download


Egalito is a binary recompiler, designed for implementing security hardening.
It uses a low-level intermediate representation (EIR or Chunk) that accurately
reflects all aspects of a program binary. Egalito uses metadata present in
modern position-independent binaries to turn all cross-references into EIR
Links, allowing code to be arbitrarily rearranged without additional overhead.
Output generation in the form of ELFs or union ELFs is supported, and Egalito
provides a custom loader that allows it to bootstrap into a fully self-hosted
environment (parsing and transforming

Egalito supports x86_64 and aarch64, with experimental support for RISC-V.

For more information, please visit .

To build:
$ sudo apt-get install make g++ libreadline-dev gdb lsb-release
$ sudo apt-get install libc6-dbg libstdc++6-7-dbg  # names may differ
$ git submodule update --init --recursive
$ make -j 8

To test, try:
$ cd test/codegen && make && cd -
$ cd app && ./etelf -m ../src/ex/hello hello && ./hello && cd -
$ cd src && ./loader ex/hello && cd -
$ cd app && ./etshell

Other extensions:
- Python bindings and Python shell: see app/README-python
- Docker: see test/docker/
You can’t perform that action at this time.