Category Archives: Decompilation

x64 decompiler not far away

Just a short post to show you the current state of the x64 decompiler. In fact, it already mostly works but we still have to solve some minor problems. Let us consider this source code: struct color_t { short red; … Continue reading

Posted in Decompilation | 8 Comments

New features in Hex-Rays Decompiler 1.6

Last week we released IDA 6.2 and Hex-Rays Decompiler 1.6. Many of the new IDA features have been described in previous posts, but there have been notable additions in the decompiler as well. They will let you make the decompilation … Continue reading

Posted in Decompilation | Tagged | 9 Comments

Recon 2011: Practical C++ Decompilation

Last month I visited the Recon conference and had a great time again. I gave a talk on C++ decompilation and how to handle it in IDA and Hex-Rays decompiler. You can get the slides here, and download the recorded … Continue reading

Posted in Decompilation, IDA Pro, Uncategorized | 3 Comments

ARM decompiler beta is coming

We have the beta version of the ARM decompiler almost ready! Below is a short demo of how it works now: If you are interested in participating in the beta testing and you have an active x86 decompiler license, please … Continue reading

Posted in Decompilation | 5 Comments

Hex-Rays against Aurora

As everyone knows, Google and some other companies were under a targeted attack a few days ago. A vulnerability in the Internet Explorer was used to penetrate the computers. An IDA user very kindly sent us the following link http://www.avertlabs.com/research/blog/index.php/2010/01/18/an-insight-into-the-aurora-communication-protocol/

Posted in Decompilation | 2 Comments

Hex-Rays Decompiler primer

The Hex-Rays Decompiler 1.0 was released more than two years ago. Since then it has improved a lot and does a great job decompiling real-life code, but sometimes there are additional things that you might wish to do with its … Continue reading

Posted in Decompilation | Comments Off

Decompiling floating point

It is a nice feeling, when, after long debugging nights, your software finally runs and produces meaningful results. Another hallmark is when other users start to use it and obtain useful results. Usually this period is very busy: lots of … Continue reading

Posted in Decompilation | 4 Comments

From simple to complex

The last week Elias ran a sample malware in the Bochs emulator and I was curious to see what it exactly does. So I took the unpacked version of the malware and fed it into the decompiler. It turned out … Continue reading

Posted in Decompilation | 4 Comments

BITS used as a covert channel

The idea to use BITS to download files from the internet is not new. If you check the corresponding page from Wikipedia, you will find that Background Intelligent Transfer Service (BITS) is a component of modern Microsoft Windows operating systems … Continue reading

Posted in Decompilation | 1 Comment

Some functions are neater than the decompiler thinks

The decompiler makes some assumptions about the input code. Like that call instructions usually return, the memory model is flat, the function frame is set properly, etc. When these assumptions are correct, the output is good. When they are wrong, … Continue reading

Posted in Decompilation | 4 Comments