The upcoming version of the decompiler SDK adds some nice features. First, we created a reference manual. It is in doxygen format: cross references make it really easy to browse. Second, the SDK is compatible with both IDA v5.1 and v5.2. Third, we added functions to retrieve and modify all user-defined attributes like variable names, […]
A binary analysis tool like a decompiler is incomplete without a programming interface. Sure, decompilers tremendously facilitate binary analysis. You can concentrate of the program logic expressed in a familiar way. Just add comments, rename variables and functions to get almost the original source code, almost perfect. However, quite often there is a small ugly detail and the output […]
One of must-have features of a reverse engineering tool is the ability to add comments to the output listing. Without this feature, the output stays difficult to understand. The user copies it to a text editor to continue the analysis but this is a bad solution because the dynamic nature of the output is lost. […]
IDA Pro being and old and time-proven platform for binary analysis, many plugins grew on it. There are custom made plugins for new processors and file formats. There are deobfuscators, exporters, data visualizers, object reconstructors and other stuff.
This short entry is just to tell you that the decompiler got a name: Hex-Rays and it goes to the phase of closed beta testing. The qualified beta testers already received their copies and I have some very positive feedback. Thank you, guys! For the curious about the decompiler, I put the user manual online. It […]
If you used IDA Pro for a while, you might have noted that it contents itself with simple things. It neatly displays the disassembly listing. It allows you to improve the listing by adding names and comments. You can manually define your symbols, types, functions. IDA itself can add some types and discover some program properties, but overall the performed […]
Sometimes unexpected detours are necessary to reach the goal. Take this simple assembly code:
A decompiler is commonly viewed as a tool to recover the source code of a program, the same way as a disassembler is a tool to convert a binary executable program to an assembler text. This is true in some cases but only in some.
So far this is the absolute record for the binary size of one division/remainder/multiplication operation:
Even unobfuscated code is difficult to understand. Look at this function. Can you tell its purpose?