Category Archives: Decompilation

New features in Hex-Rays Decompiler 1.6

Posted on October 10, 2011 by Igor Skochinsky

Last week we released IDA 6.2 and Hex-Rays Decompiler 1.6. Many of the new IDA features have been described in previous posts, but there have been notable additions in the decompiler as well. They will let you make the decompilation … Continue reading

Posted in Decompilation | Tagged | 9 Comments

Recon 2011: Practical C++ Decompilation

Posted on August 2, 2011 by Igor Skochinsky

Last month I visited the Recon conference and had a great time again. I gave a talk on C++ decompilation and how to handle it in IDA and Hex-Rays decompiler. You can get the slides here, and download the recorded … Continue reading

Posted in Decompilation, IDA Pro, Uncategorized | 3 Comments

ARM decompiler beta is coming

Posted on May 12, 2010 by Ilfak Guilfanov

We have the beta version of the ARM decompiler almost ready! Below is a short demo of how it works now: If you are interested in participating in the beta testing and you have an active x86 decompiler license, please … Continue reading

Posted in Decompilation | 5 Comments

Hex-Rays against Aurora

Posted on January 20, 2010 by Ilfak Guilfanov

As everyone knows, Google and some other companies were under a targeted attack a few days ago. A vulnerability in the Internet Explorer was used to penetrate the computers. An IDA user very kindly sent us the following link http://www.avertlabs.com/research/blog/index.php/2010/01/18/an-insight-into-the-aurora-communication-protocol/

Posted in Decompilation | 2 Comments

Hex-Rays Decompiler primer

Posted on October 15, 2009 by Elias Bachaalany

The Hex-Rays Decompiler 1.0 was released more than two years ago. Since then it has improved a lot and does a great job decompiling real-life code, but sometimes there are additional things that you might wish to do with its … Continue reading

Posted in Decompilation | Comments Off

Decompiling floating point

Posted on May 5, 2009 by Ilfak Guilfanov

It is a nice feeling, when, after long debugging nights, your software finally runs and produces meaningful results. Another hallmark is when other users start to use it and obtain useful results. Usually this period is very busy: lots of … Continue reading

Posted in Decompilation | 4 Comments

From simple to complex

Posted on October 10, 2008 by Ilfak Guilfanov

The last week Elias ran a sample malware in the Bochs emulator and I was curious to see what it exactly does. So I took the unpacked version of the malware and fed it into the decompiler. It turned out … Continue reading

Posted in Decompilation | 4 Comments

BITS used as a covert channel

Posted on September 25, 2008 by Ilfak Guilfanov

The idea to use BITS to download files from the internet is not new. If you check the corresponding page from Wikipedia, you will find that Background Intelligent Transfer Service (BITS) is a component of modern Microsoft Windows operating systems … Continue reading

Posted in Decompilation | 1 Comment

Some functions are neater than the decompiler thinks

Posted on April 9, 2008 by Ilfak Guilfanov

The decompiler makes some assumptions about the input code. Like that call instructions usually return, the memory model is flat, the function frame is set properly, etc. When these assumptions are correct, the output is good. When they are wrong, … Continue reading

Posted in Decompilation | 4 Comments

New Hex-Rays Demo

Posted on March 12, 2008 by Ilfak Guilfanov

This has been online for a while now, I just had no time to announce it properly: a new thorough demo of the decompiler by ccso.com, our US distributor: This demo is not just a teaser like the previous one. … Continue reading

Posted in Decompilation | Comments Off