From simple to complex

The last week Elias ran a sample malware in the Bochs emulator and I was curious to see what it exactly does. So I took the unpacked version of the malware and fed it into the decompiler. It turned out to be a pretty short downloadler (different AV vendors give it different names: Lighty […]

Some functions are neater than the decompiler thinks

The decompiler makes some assumptions about the input code. Like that call instructions usually return, the memory model is flat, the function frame is set properly, etc. When these assumptions are correct, the output is good. When they are wrong, well, the output does not correspond to the input. Take, for example, the following snippet: The […]

New Hex-Rays Demo

This has been online for a while now, I just had no time to announce it properly: a new thorough demo of the decompiler by ccso.com, our US distributor: This demo is not just a teaser like the previous one. It is much deeper and shows many decompiler aspects in detail: it starts […]

Easy structure types

I’m happy to tell you that a new build of the decompiler is ready! It introduces new easily accessible commands to manipulate structure pointers. First, a variable can be converted into a structure pointer with one click. Also, new the structure types can be build on the fly by the decompiler. As usual, any type […]

Better user interface for decompiler

We are glad to release a new version of the Hex-Rays decompiler! Highlights of this build: improved usability support for unusual calling conventions better handling of obfuscated code The most important improvement is […]

Decompiler output ctree

The upcoming version of the decompiler SDK adds some nice features. First, we created a reference manual. It is in doxygen format: cross references make it really easy to browse. Second, the SDK is compatible with both IDA v5.1 and v5.2. Third, we added functions to retrieve and modify all user-defined attributes like variable names, […]

Hex-Rays SDK is ready!

A binary analysis tool like a decompiler is incomplete without a programming interface. Sure, decompilers tremendously facilitate binary analysis. You can concentrate of the program logic expressed in a familiar way. Just add comments, rename variables and functions to get almost the original source code, almost perfect. However, quite often there is a small ugly detail and the output […]

Coordinate system for Hex-Rays

One of must-have features of a reverse engineering tool is the ability to add comments to the output listing. Without this feature, the output stays difficult to understand. The user copies it to a text editor to continue the analysis but this is a bad solution because the dynamic nature of the output is lost. […]

Trunk, Branches, and Leaves

IDA Pro being and old and time-proven platform for binary analysis, many plugins grew on it. There are custom made plugins for new processors and file formats. There are deobfuscators, exporters, data visualizers, object reconstructors and other stuff.