Welcome to the Hex-Rays Decompiler SDK!
---------------------------------------
We are happy to present you the programmatic API for the decompiler.
This version gives you an idea of the overall SDK structure and
provides a base to build on. Currently only the decompilation results
and the user interface are accessible, later we will add low level
stuff and make the decompiler portable. Today you can:
- decompile a function or arbitrary chunk of code and get a ctree.
A ctree is a data structure that represents the decompilation result.
- modify the ctree the way you want. You can rearrange
statements, optimize expressions, add or remove variables, etc.
- add a new item to the popup menu, react to user actions like
keyboard, mouse clicks, etc.
- hook to the decompilation events and modify the decompilation result
on the fly.
- generate microcode for a function or arbitrary chunk of code
and use the results of data flow analysis.
- install new microcode optimization rules in order to improve the output.
You will need the latest IDA SDK to compile the plugins. The
decompiler SDK consists of one single file: include\hexrays.hpp To
install the decompiler SDK, just copy this file to the include
directory of the IDA SDK.
There is no .lib file. You will compile and link plugins for the
decompiler the same way as plugins for IDA. For a quick start, please
copy the sample plugins to the plugins subdirectory of the SDK and
compile them. We tested the SDK with two compilers: Visual Studio and
Borland but other compilers should work too.
We will not guarantee backward compatibility at the early stages but
as soon as things settle down, we will switch to that mode.
There are a few sample plugins. Below are their descriptions.
Sample 1
--------
This plugin decompiles the current function and prints the result in
the message window. It is useful to learn how to initialize a
decompiler plugin. Please note that all decompiler sample plugins
have the "hexrays_" prefix in their names. This is done to make sure
that the decompiler plugins are loaded after the hexrays plugin.
Otherwise they would see that the decompiler is missing and
immediately terminate.
We recommend you to keep the same naming scheme: please use the
"hexrays_" prefix for your decompiler plugins.
N.B.: if you're writing a plugin for non-x86 version of the decompiler,
you should use another prefix. For example, the x64 decompiler is
named "hexx64", ARM is "hexarm" and so on. To be certain, check IDA's
"plugins" directory. To debug plugin loading issues, you can use -z20
switch when running IDA.
Sample 2
--------
This plugin shows how to hook to decompiler events and react to
them. It also shows how to visit all ctree elements and modify them.
This plugin waits for the decompilation result to be ready and
replaces zeroes in pointer contexts with NULLs. One might say that
this is just cosmetic change, but it makes the output more readable.
Since the plugin hooks to events, it is fully automatic. The user
can disable it by selecting it from the Edit, Plugins menu.
Sample 3
--------
This plugin shows
- how to add a new popup menu item
- how to map the cursor position to ctree element
- how to modify ctree
- how to make the changes persistent
This is a quite complex plugin but it is thoroughly commented.
Sample 4
--------
This plugin dumps all user-defined information to the message window.
Read the source code to learn how to access various user-defined
data from your plugins:
- label names
- indented comments
- number formats
- local variable names, types, comments
Sample 5
--------
This plugin generates a graph from the current pseudocode
and displays it with wingraph32.
The source code can be used to learn ctree details.
Sample 6
--------
This plugin modifies the decompilation output: removes some space characters.
The source code can be used to learn the output text.
Sample 7
--------
This plugin demonstrates how to use the cblock_t::iterator class.
It enumerates all instructions of a block statement.
Sample 8
--------
This plugin demonstrates how to use the udc_filter_t
(User-Defined Call generator) class, which allows replacing
cryptic function calls, with a simpler/more-readable counterpart.
Sample 9
--------
This plugin demonstrates how to generate microcode for a given function
and print it into the output window. It displays fully optimized microcode
but it is also possible to retrieve microcode from earlier stages of
decompilation.
Generating the microcode text should be used only for debugging purposes.
Printing microcode in production code may lead to crashes or wrong info.
Sample 10
---------
This plugin installs a custom microcode optimization rule:
call !DbgRaiseAssertionFailure <fast:>.0
=>
call !DbgRaiseAssertionFailure <fast:"char *" "assertion text">.0
See also sample19 for another example.
Sample 11
---------
This plugin installs a custom inter-block optimization rule:
goto L1 => goto L@
...
L1:
goto L2
In other words we fix a goto target if it points to a chain of gotos.
This improves the decompiler output is some cases.
Sample 12
---------
This plugin displays list of direct references to a register from the current
instruction.
Sample 13
---------
This plugin generates microcode for selection and dumps it to the output window.
Sample 14
---------
This plugin shows xrefs to the called function as the decompiler output.
All calls are displayed with the call arguments.
Sample 15
---------
This plugin shows list of possible values of a register using
the value range analysis.
Sample 16
---------
This plugin installs a custom instruction optimization rule:
mov #N, var.4 mov #N, var.4
xor var@1.1, #M, var@1.1 => mov #NM, var@1.1
where NM == (N>>8)^M
We need this rule because the decompiler cannot propagate the second
byte of VAR into the xor instruction.
The XOR opcode can be replaced by any other, we do not rely on it.
Also operand sizes can vary.
Sample 17
---------
This plugin shows how to use "Select offsets" widget (select_udt_by_offset() API).
This plugin repeats the Alt-Y functionality.
Sample 18
---------
This plugin shows how to specify a register value at a desired location.
Such a functionality may be useful when the code to decompile is
obfuscated and uses opaque predicates.
Sample 19
---------
This plugin shows how to install a custom microcode optimization rule.
Custom rules are useful to handle obfuscated code.
See also sample10 for another example.
Sample 20
---------
This plugin shows how to modify the decompiler output on the fly by
adding dynamic comments.
It is also possible to write decompiler plugins or scripts in Python.
In fact we ship most of the above plugins as examples,
see the python/examples/hexrays subdirectory of your IDA installation.
Enjoy the SDK!
Hex-Rays
------------------------------------------------------------------
Annex 1: a brief description of ctree
Ctree is a data structure that keeps the decompilation result. As the name
implies, it is a tree-like structure. At the top level, we have the cfunc_t class.
This class describes the function and gives access to its attributes: its type,
local variables, maturity level, and body.
The ctree class is not created in one transaction but built
progressively: it starts with an empty class, then a rough function
body is created, then it is modified in several steps. You can
intercept control at any intermediate stage (maturity level) but be
prepared that the ctree does not look quite normal. Only at the final
stage the ctree is syntactically correct and has non-trivial type
information.
The most interesting part of the cfunc_t class is
没有合适的资源?快使用搜索试试~ 我知道了~
ida pro 交互式反汇编器专业版
共1353个文件
dll:289个
py:253个
pyd:180个
5星 · 超过95%的资源 需积分: 5 43 下载量 48 浏览量
2022-08-31
10:26:53
上传
评论 2
收藏 398.9MB RAR 举报
温馨提示
IDA Pro是一款交互式的,可编程的,可扩展的,多处理器的,交叉Windows或Linux WinCE MacOS平台主机来分析程序, 被公认为最好的花钱可以买到的逆向工程利器。IDA Pro已经成为事实上的分析敌意代码的标准并让其自身迅速成为攻击研究领域的重要工具。它支持数十种CPU指令集其中包括Intel x86,x64,MIPS,PowerPC,ARM,Z80,68000,c8051等等。
资源详情
资源评论
资源推荐
收起资源包目录
ida pro 交互式反汇编器专业版 (1353个子文件)
SDK75.7z 39.06MB
android_server 768KB
android_server64 1.15MB
android_x64_server 1.15MB
android_x86_server 1.07MB
armlinux_server 622KB
idacolor.cf 218B
pic33.cfg 34.02MB
pic24.cfg 21.51MB
pic14.cfg 9.16MB
78k0.cfg 2.73MB
c166.cfg 1.83MB
pic30.cfg 1.58MB
78k0s.cfg 1.23MB
6812.cfg 1.2MB
6808.cfg 1.19MB
m32r.cfg 1.16MB
6811.cfg 1.01MB
6805.cfg 1.01MB
clsid.cfg 1016KB
st7.cfg 909KB
avr.cfg 783KB
st10.cfg 782KB
c166v2.cfg 732KB
tricore.cfg 694KB
r32c.cfg 595KB
i51.cfg 475KB
f2mc16lx.cfg 389KB
sh3.cfg 313KB
m7700.cfg 305KB
m7900.cfg 293KB
c166v1.cfg 194KB
f2mc16l.cfg 178KB
super10.cfg 112KB
pic12.cfg 98KB
hcs12.cfg 79KB
ida.cfg 70KB
idagui.cfg 66KB
atrap.cfg 65KB
m32c80.cfg 61KB
m16c80.cfg 48KB
hcs12x.cfg 45KB
ppc.cfg 43KB
m16c60.cfg 41KB
m65816.cfg 34KB
idatui.cfg 22KB
i960.cfg 21KB
xbe.cfg 19KB
goodname.cfg 18KB
dbg_gdb.cfg 17KB
hexrays.cfg 16KB
pic16.cfg 16KB
exceptions.cfg 16KB
hpux.cfg 15KB
h8.cfg 12KB
dbg_ios.cfg 11KB
tlcs900.cfg 11KB
dwarf.cfg 11KB
c39.cfg 11KB
fr.cfg 10KB
dbg_xnu.cfg 10KB
cr16.cfg 9KB
z180.cfg 9KB
6816.cfg 9KB
tms320c3.cfg 9KB
psx.cfg 8KB
arc.cfg 8KB
m740.cfg 6KB
gdb_arch.cfg 6KB
dsp563xx.cfg 5KB
tms320c54.cfg 5KB
alpha.cfg 4KB
z8.cfg 4KB
plugins.cfg 4KB
mn102l00.cfg 3KB
dbg_bochs.cfg 2KB
mc68kvec.cfg 2KB
noret.cfg 2KB
autoload.cfg 2KB
dsp561xx.cfg 2KB
spc700.cfg 2KB
pdb.cfg 2KB
dsp56k.cfg 2KB
dsp566xx.cfg 2KB
objc.cfg 1KB
ad218x.cfg 1KB
dbg_dalvik.cfg 1KB
bochsrc.cfg 1KB
dbg_pin.cfg 1KB
idapython.cfg 855B
swift.cfg 749B
oakdsp.cfg 571B
tms320c55.cfg 543B
tms32028.cfg 463B
autoload.cfg 405B
macho.cfg 404B
dbg_windbg.cfg 373B
kr1878.cfg 340B
autoload.cfg 302B
n64.cfg 219B
共 1353 条
- 1
- 2
- 3
- 4
- 5
- 6
- 14
薛定谔的猫喵喵
- 粉丝: 17
- 资源: 52
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- dsfdfdfefdfgfhgj
- 基于统计学的时间序列预测(AR,ARM) -洗发水销售研究、每日女性出生研究、时间序列预测的基线预测、法国香槟的月销售额
- 2023年中国数字经济规模已攀升至53.9万亿元,引领数字化服务革命
- Winform DataGridView 控件分页控件,上/下一页,跳转(附下载链接)
- 聊天交友短视频直播手机APP应用下载落地页html源码
- 计算机网络习题及参考答案
- Windows环境下的VMware Workstation虚拟机软件安装指南
- 最全交通灯检测数据集下载
- VMware虚拟机中NAT网络配置与CentOS系统安装指南实现虚拟机访问外网
- 网络安全2.0等级保护,二三级基本要求对比
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论1