Maximize the Power of
Hex-Rays Decompiler

by Igor Kirillov

IDA Pro Hex-Rays decompiler serves as a perfect abstraction producer over assembly language.

Its main advantage is that it gives an opportunity to modify the pseudo-code, making it as transparent and clear as possible. However, the process is extremely laborious, time-consuming, and even tedious, because, as a rule, the original code is a complete mash of standard types and variables. Standard functionality IDA Pro is equipped with are not of much help either. A major stumbling block all researchers come across in the process is structure recovery. In a decompiled code, field references look like pointer dereferences with some offset. The core feature of HexRaysPyTools plugin enables its user to collect the references of the code in a semi-automatic mode. After that, the information gathered in the GUI may be corrected and transformed into a complete structure.

Also, the plugin adds cross-refs by structure fields, helping to identify the purposes they serve much easier. Along with that, the plugin is equipped with a wide range of features that simplify the process of reverse engineering:

  • Symbols and rtti information are used to create names of virtual tables and classes

  • Assert functions can be used to automatically rename functions

  • The GUI for classes and their methods

  • Makes structure graphs

  • Negative offsets handling

  • Makes recasts and changes names. Simplifies the process of changing names and types

  • Cross-references to virtual functions

  • Modifies and hides “if – then” branches. Hides switch-branches separately

Infosec in the City. Copyright © 2017-2019
IIC Productions (Pte. Ltd.). All rights reserved.

  • @infoseccity
  • @infosec_city

Contact Us  |  Join Our Mailing List   |  Follow Us :