# deglyph > A terminal reverse-engineering tool for native binaries (PE, ELF, Mach-O). It > loads a compiled object, recovers its functions (even when the binary exports > nothing), and shows annotated disassembly, recursive call graphs, heuristic > pseudo-C, and pattern detectors. It includes an opt-in assistant that answers > questions about a function, and a headless `deglyph scan` for CI that reports > embedded secrets, hardening posture, risky imports, and build drift. Free and > open source under GPL-3.0-or-later. Author: Alex Spataru. Key facts: - Platforms: Windows, macOS, Linux. Requires Python 3.10 or newer. - Formats: PE32, PE32+, ELF, Mach-O, and fat binaries; architecture is detected from the file, with `--fmt` and `--arch` overrides. - It is a static analyzer: deglyph never executes the binary it analyzes. - Built on LIEF (container parsing), Capstone (disassembly), and Textual (terminal interface). - Install: `pip install deglyph`. The AI assistant and C++ symbol demangling are included in the base install. - License: GPL-3.0-or-later. There is no closed-source fork. ## Capabilities - [Function recovery](https://deglyph.dev/#features): lists exports, symbols, imports, and the entrypoint. For stripped binaries that export nothing, it scans `.text` for call targets and names them `sub_
`. - [Disassembly](https://deglyph.dev/#features): branch and call targets resolve to names and are clickable (key: `d`). - [Call graph](https://deglyph.dev/#features): a clickable node view of callers and callees, plus recursive caller/callee trees (keys: `c`, `x`). - [Pseudo-C](https://deglyph.dev/#features): a heuristic, instruction-by-instruction C-like view, x86 only (key: `p`). - [Search and strings](https://deglyph.dev/#features): byte patterns with `??` wildcards, ASCII and UTF-16 strings, and immediate constants referenced in code (key: `s`). - [Structure recovery](https://deglyph.dev/#features): detectors for immediate stores (magic values, header fields), call-argument immediates (opcodes, flags), and CRC/checksum loops with the named polynomial, over x86 operands (key: `a`). - [Assistant](https://deglyph.dev/#assistant): an opt-in agent (key: `i`) that calls read-only tools (find, disassemble, analyze, xrefs, search) to locate and explain code, citing addresses. Bring your own key or run a local model (the assistant ships with deglyph); it also speaks any OpenAI-compatible endpoint, including a local Ollama or LM Studio. Nothing is sent until you ask. - [CI scan](https://deglyph.dev/#ci): `deglyph scan` reports embedded secrets, hardening posture, risky imports, linked libraries, and drift against a baseline. Output is text, Markdown, HTML, or SARIF for GitHub code scanning; findings at or above the gate set a non-zero exit. `deglyph sbom` emits a CycloneDX or SPDX bill of materials. ## Links - [Website](https://deglyph.dev/) - [Source code (GitHub)](https://github.com/deglyph-re/cli) - [README](https://github.com/deglyph-re/cli#readme) - [PyPI package](https://pypi.org/project/deglyph/) - [Changelog](https://github.com/deglyph-re/cli/blob/main/CHANGELOG.md) - [Issues](https://github.com/deglyph-re/cli/issues) - [Security policy](https://github.com/deglyph-re/cli/blob/main/SECURITY.md) - [License (GPL-3.0)](https://www.gnu.org/licenses/gpl-3.0.html)