Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tintinweb/ida-batch_decompile

*Decompile All the Things* - IDA Batch Decompile plugin and script for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file
https://github.com/tintinweb/ida-batch_decompile

batch-processing decompile ida ida-batch-decompile ida-plugin reverse-engineering

Last synced: about 1 month ago
JSON representation

Host: GitHub
URL: https://github.com/tintinweb/ida-batch_decompile
Owner: tintinweb
License: gpl-3.0
Created: 2016-09-29T22:57:36.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2020-05-14T12:36:23.000Z (over 4 years ago)
Last Synced: 2024-05-02T01:33:16.514Z (5 months ago)
Topics: batch-processing, decompile, ida, ida-batch-decompile, ida-plugin, reverse-engineering
Language: Python
Homepage: https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler
Size: 43 KB
Stars: 271
Watchers: 18
Forks: 61
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # ida-batch_decompile

*Decompile all the things!*

IDA Batch Decompile is a plugin for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file

![idabatchdecompile](https://cloud.githubusercontent.com/assets/2865694/19421079/a88707d6-93f8-11e6-86b2-483b923f5574.gif)

:baby_chick: pssst! *- *ida-batch_decompile* is also part of project: [unbox](https://github.com/tintinweb/unbox) - a nobrainer commandline tool to unpack and decompile all sorts of things.*

# Usage

## idascript (gui mode)

1. open target, wait for analysis to finish

2. `IDA Pro -> File/Script file... -> `

3. `IDA Pro -> File/Produce file-> IdaDecompileBatch ...`

3. tick `Annotate StackVarSize`, `Annotate Func XRefs`

4. click `OK` to decompile.

Note: File will be saved in target folder as ``

## idascript (cmdline batch mode)

    /ida(w|w64)(.exe) -B -M -S" \"--option1\" \"--option2\"" ""

Note that options need to be quoted with `\"`

Available options, see `--help`

    --output                        ... output file path

    --annotate-stackvar-size        ... annotate function stack variable sizes

    --annotate-xrefs                ... annotate function xrefs

    --imports                       ... process imports

    --recursive                     ... recursive batch decompile

    --experimental-decompile-cgraph ... experimental: manually decompile function call graph

## Ida Plugin

1. Follow the IDA Pro documentation on how to add python plugins.

2. `IDA Pro -> File/Produce file -> IdaDecompileBatch ...`

# run

### ida console: decompiling dbghelp.dll

```python

[__main__/36908][DEBUG     ] [idabatchdecompile.PLUGIN_ENTRY  ] [+] initializing IdaDecompileBatchPlugin

[__main__/36908][DEBUG     ] [idabatchdecompile.__init__      ] [+] is_windows: True

[__main__/36908][DEBUG     ] [idabatchdecompile.__init__      ] [+] is_ida64: False

[__main__/36908][DEBUG     ] [idabatchdecompile.wait_for_analysis_to_finish] [+] waiting for analysis to finish...

[__main__/36908][DEBUG     ] [idabatchdecompile.wait_for_analysis_to_finish] [+] analysis finished.

[__main__/36908][DEBUG     ] [idabatchdecompile.load_plugin_decompiler] [+] trying to load decompiler plugins

[__main__/36908][DEBUG     ] [idabatchdecompile.load_plugin_decompiler] [+] decompiler plugins loaded.

[__main__/36908][DEBUG     ] [idabatchdecompile.PLUGIN_ENTRY  ] [+] Mode: commandline w/o args

[__main__/36908][DEBUG     ] [idabatchdecompile.set_ctrl      ] [+] IdaDecompileBatchPlugin.set_ctrl(<__main__.IdaDecompileBatchController object at 0x056FCF90>)

[__main__/36908][DEBUG     ] [idabatchdecompile.init          ] [+] IdaDecompileBatchPlugin.init()

[__main__/36908][DEBUG     ] [idabatchdecompile.init          ] [+] setting up menus

[__main__/36908][INFO      ] [idabatchdecompile.PLUGIN_ENTRY  ] [i] IdaDecompileBatch loaded, see Menu: ('File/Produce file/', 'IdaDecompileBatch ...')

...

 The application has been completely decompiled.

[__main__/36908][DEBUG     ] [idabatchdecompile.decompile_all ] [+] finished decompiling 'dbghelp.dll' as 'dbghelp.c'

```

### annotated pseudocode: dbghelp.c

```c

//----- (03052800) --------------------------------------------------------

// **** Variables ****

// * stack size: 20

// {"diff_size": 4, "offset_text": "[bp+0h]", "size": 4, "name": " s", "offset": 0}

// {"diff_size": 4, "offset_text": "[bp+4h]", "size": 4, "name": " r", "offset": 4}

// {"diff_size": 4, "offset_text": "[bp+8h]", "size": 4, "name": "arg_0", "offset": 8}

// {"diff_size": 4, "offset_text": "[bp+Ch]", "size": 4, "name": "dwBytes", "offset": 12}

// {"diff_size": 4, "offset_text": "[bp+10h]", "size": 4, "name": "arg_8", "offset": 16}

// *******************

// ***** XREFS *****

// * # 1

// sub_30733D0+30

// *******************

int __stdcall sub_3052800(int a1, SIZE_T dwBytes, int a3)

{

  int result; // eax@17

  HANDLE v4; // eax@21

...

```

//github.com/tintinweb