Recon 2011: Practical C++ Decompilation

Last month I visited the Recon conference and had a great time again. I gave a talk on C++ decompilation and how to handle it in IDA and Hex-Rays decompiler. You can get the slides here, and download the recorded talk here. Edit: for some reason the streaming version does […]

ARM decompiler beta is coming

We have the beta version of the ARM decompiler almost ready! Below is a short demo of how it works now: Your browser does not support the video element. Kindly update it to latest version. If you are interested in participating in the beta testing and you have an […]

Hex-Rays Decompiler primer

The Hex-Rays Decompiler 1.0 was released more than two years ago. Since then it has improved a lot and does a great job decompiling real-life code, but sometimes there are additional things that you might wish to do with its output. For that purpose we have released the Hex-Rays Decompiler SDK and several sample plugins. However, […]

From simple to complex

The last week Elias ran a sample malware in the Bochs emulator and I was curious to see what it exactly does. So I took the unpacked version of the malware and fed it into the decompiler. It turned out to be a pretty short downloadler (different AV vendors give it different names: Lighty […]

Some functions are neater than the decompiler thinks

The decompiler makes some assumptions about the input code. Like that call instructions usually return, the memory model is flat, the function frame is set properly, etc. When these assumptions are correct, the output is good. When they are wrong, well, the output does not correspond to the input. Take, for example, the following snippet: The […]

New Hex-Rays Demo

This has been online for a while now, I just had no time to announce it properly: a new thorough demo of the decompiler by, our US distributor: This demo is not just a teaser like the previous one. It is much deeper and shows many decompiler aspects in detail: it starts […]

Easy structure types

I’m happy to tell you that a new build of the decompiler is ready! It introduces new easily accessible commands to manipulate structure pointers. First, a variable can be converted into a structure pointer with one click. Also, new the structure types can be build on the fly by the decompiler. As usual, any type […]

Better user interface for decompiler

We are glad to release a new version of the Hex-Rays decompiler! Highlights of this build: improved usability support for unusual calling conventions better handling of obfuscated code The most important improvement is […]