GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tintinweb → Ida Batch_decompile

tintinweb / Ida Batch_decompile

Licence: gpl-3.0
*Decompile All the Things* - IDA Batch Decompile plugin and script for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file

Programming Languages

python
139335 projects - #7 most used programming language

Labels

reverse-engineeringidaida-pluginbatch-processingdecompile

Projects that are alternatives of or similar to Ida Batch decompile

Scratchabit
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Stars: ✭ 369 (+86.36%)
Mutual labels:  ida, ida-plugin, reverse-engineering
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+196.97%)
Mutual labels:  ida, ida-plugin, reverse-engineering
Polichombr
Collaborative malware analysis framework
Stars: ✭ 307 (+55.05%)
Mutual labels:  ida, ida-plugin, reverse-engineering
Jarvis
"Just Another ReVersIng Suite" or whatever other bullshit you can think of
Stars: ✭ 137 (-30.81%)
Mutual labels:  ida, ida-plugin, reverse-engineering
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+593.94%)
Mutual labels:  ida, ida-plugin, reverse-engineering
Rematch
REmatch, a complete binary diffing framework that is free and strives to be open source and community driven.
Stars: ✭ 141 (-28.79%)
Mutual labels:  ida, ida-plugin, reverse-engineering
Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-89.39%)
Mutual labels:  ida, ida-plugin
Reko
Reko is a binary decompiler.
Stars: ✭ 942 (+375.76%)
Mutual labels:  decompile, reverse-engineering
Redasm
The OpenSource Disassembler
Stars: ✭ 1,042 (+426.26%)
Mutual labels:  ida, reverse-engineering
Ida gel
A collection of IDA loaders for various game console ELF's. (PS3, PSVita, WiiU)
Stars: ✭ 76 (-61.62%)
Mutual labels:  ida-plugin, reverse-engineering
Ponce
IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
Stars: ✭ 1,066 (+438.38%)
Mutual labels:  ida, ida-plugin
Ida For Delphi
IDA Python Script to Get All function names from Event Constructor (VCL)
Stars: ✭ 92 (-53.54%)
Mutual labels:  ida, reverse-engineering
Hexrayspytools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
Stars: ✭ 873 (+340.91%)
Mutual labels:  ida, ida-plugin
Keypatch
Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
Stars: ✭ 939 (+374.24%)
Mutual labels:  ida, reverse-engineering
Ida android script
some idapython scripts for android debugging.
Stars: ✭ 38 (-80.81%)
Mutual labels:  ida-plugin, reverse-engineering
Ret Sync
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
Stars: ✭ 896 (+352.53%)
Mutual labels:  ida-plugin, reverse-engineering
Bincat
Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection
Stars: ✭ 1,078 (+444.44%)
Mutual labels:  ida-plugin, reverse-engineering
Reversing List
Reversing list
Stars: ✭ 106 (-46.46%)
Mutual labels:  ida, reverse-engineering
Stingray
IDAPython plugin for finding function strings recursively
Stars: ✭ 110 (-44.44%)
Mutual labels:  ida-plugin, reverse-engineering
Golang loader assist
Making GO reversing easier in IDA Pro
Stars: ✭ 480 (+142.42%)
Mutual labels:  ida, reverse-engineering
View All Similar Projects ➔

ida-batch_decompile

Decompile all the things!

IDA Batch Decompile is a plugin for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file

idabatchdecompile

🐤 pssst! - ida-batch_decompile is also part of project: unbox - a nobrainer commandline tool to unpack and decompile all sorts of things.

Usage

idascript (gui mode)

  1. open target, wait for analysis to finish
  2. IDA Pro -> File/Script file... -> <this_python_script>
  3. IDA Pro -> File/Produce file-> IdaDecompileBatch ...
  4. tick Annotate StackVarSize, Annotate Func XRefs
  5. click OK to decompile.

Note: File will be saved in target folder as <target_image_name.c>

idascript (cmdline batch mode)

<path_to_ida>/ida(w|w64)(.exe) -B -M -S"<path_to_this_script> \"--option1\" \"--option2\"" "<target>"

Note that options need to be quoted with \"

Available options, see --help

--output                        ... output file path
--annotate-stackvar-size        ... annotate function stack variable sizes
--annotate-xrefs                ... annotate function xrefs
--imports                       ... process imports
--recursive                     ... recursive batch decompile
--experimental-decompile-cgraph ... experimental: manually decompile function call graph

Ida Plugin

  1. Follow the IDA Pro documentation on how to add python plugins.
  2. IDA Pro -> File/Produce file -> IdaDecompileBatch ...

run

ida console: decompiling dbghelp.dll

[__main__/36908][DEBUG     ] [idabatchdecompile.PLUGIN_ENTRY  ] [+] initializing IdaDecompileBatchPlugin
[__main__/36908][DEBUG     ] [idabatchdecompile.__init__      ] [+] is_windows: True
[__main__/36908][DEBUG     ] [idabatchdecompile.__init__      ] [+] is_ida64: False
[__main__/36908][DEBUG     ] [idabatchdecompile.wait_for_analysis_to_finish] [+] waiting for analysis to finish...
[__main__/36908][DEBUG     ] [idabatchdecompile.wait_for_analysis_to_finish] [+] analysis finished.
[__main__/36908][DEBUG     ] [idabatchdecompile.load_plugin_decompiler] [+] trying to load decompiler plugins
[__main__/36908][DEBUG     ] [idabatchdecompile.load_plugin_decompiler] [+] decompiler plugins loaded.
[__main__/36908][DEBUG     ] [idabatchdecompile.PLUGIN_ENTRY  ] [+] Mode: commandline w/o args
[__main__/36908][DEBUG     ] [idabatchdecompile.set_ctrl      ] [+] IdaDecompileBatchPlugin.set_ctrl(<__main__.IdaDecompileBatchController object at 0x056FCF90>)
[__main__/36908][DEBUG     ] [idabatchdecompile.init          ] [+] IdaDecompileBatchPlugin.init()
[__main__/36908][DEBUG     ] [idabatchdecompile.init          ] [+] setting up menus
[__main__/36908][INFO      ] [idabatchdecompile.PLUGIN_ENTRY  ] [i] IdaDecompileBatch loaded, see Menu: ('File/Produce file/', 'IdaDecompileBatch ...')
...
 The application has been completely decompiled.
[__main__/36908][DEBUG     ] [idabatchdecompile.decompile_all ] [+] finished decompiling 'dbghelp.dll' as 'dbghelp.c'

annotated pseudocode: dbghelp.c

//----- (03052800) --------------------------------------------------------
// **** Variables ****
// * stack size: 20
// {"diff_size": 4, "offset_text": "[bp+0h]", "size": 4, "name": " s", "offset": 0}
// {"diff_size": 4, "offset_text": "[bp+4h]", "size": 4, "name": " r", "offset": 4}
// {"diff_size": 4, "offset_text": "[bp+8h]", "size": 4, "name": "arg_0", "offset": 8}
// {"diff_size": 4, "offset_text": "[bp+Ch]", "size": 4, "name": "dwBytes", "offset": 12}
// {"diff_size": 4, "offset_text": "[bp+10h]", "size": 4, "name": "arg_8", "offset": 16}
// *******************
// ***** XREFS *****
// * # 1
// sub_30733D0+30
// *******************
int __stdcall sub_3052800(int a1, SIZE_T dwBytes, int a3)
{
  int result; // [email protected]
  HANDLE v4; // [email protected]
...

//github.com/tintinweb

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].