The decompiler makes some assumptions about the input code. Like that call instructions usually return, the memory model is flat, the function frame is set properly, etc. When these assumptions are correct, the output is good. When they are wrong, well, the output does not correspond to the input. Take, for example, the following snippet:

The decompiler produces the following pseudocode:

Apparently, the v3 variable (it corresponds to edx) is not initialized at all. Why?

Continue reading "Some functions are neater than the decompiler thinks" »

Posted by Ilfak Guilfanov at 10:22 PM | Link | Comments (2)

It works! There are lots of limitations but it is alive, handles breakpoints, exceptions, and even some limited tracing is available. It is possible to launch processes and attach to them. Here is just one screenshot:

Expect many limitations in the first version (no hardware bpts, limited multithread support, etc). One of the most annoying shortcomings is that the memory layout is not determined automatically - we had to introduce 'manual memory regions' window to overcome this.

Since it is a new beast and many aspects need polishing, beta testers are welcome!

Posted by Ilfak Guilfanov at 07:02 PM | Link | Comments (2)

Things are quite easy with the Symbian TRK! Today I decided to write a small program to interact with it and everything worked extremely smoothly. My driver program can download a SIS file to the phone, automatically install and run it. It reacts to debugging events and gracefully closes the connection when the application terminates. Below are just a few pictures for the curious.

Continue reading "Symbian AppTRK" »

Posted by Ilfak Guilfanov at 02:06 AM | Link | Comments (3)

Yesterday I created my first Symbian program :) Sure enough, it was a "hello world" and to tell the truth I did not write it myself. But it still took me 3 (three) hours to get it running on Nokia E51. The good side is that I learned a lot about possible failures with Symbian applications (there are quite many of them, some of them with cryptic error messages like "install failed").

Continue reading "Hello Symbian!" »

Posted by Ilfak Guilfanov at 11:30 AM | Link | Comments (0)

This demo is not just a teaser like the previous one. It is much deeper and shows many decompiler aspects in detail: it starts with the plugin configuration, shows a couple of simple decompilation cases, and then moves on to more complex functions. If you wondered how to improve the resulting pseudocode and handle typical cases, this video is for you!

Posted by Ilfak Guilfanov at 06:36 PM | Link | Comments (0)

A brilliant blog post by Ero Carrera: IDAPython in action:

http://blog.dkbza.org/2008/03/digging-up-system-call-ordinals.html

Just note how concise and powerful is the script!

Posted by Ilfak Guilfanov at 12:22 AM | Link | Comments (0)

Just a quick post to announce that we have published a small plugin to specify jump table information. When IDA misses them, the flow charts are virtually useless - they fall apart into several loosely connected components and the logic is completely hidden. This plugin is especially useful for rarely used processors with unusual switch idioms.

The plugin and its source code can be found on our forum.

Posted by Ilfak Guilfanov at 04:25 PM | Link | Comments (0)