2010-06-21 19:08:43 +00:00
|
|
|
Decompiler for radare2 trackline
|
|
|
|
================================
|
2010-06-20 22:48:06 +00:00
|
|
|
|
|
|
|
Objectives
|
|
|
|
==========
|
2010-06-21 19:08:43 +00:00
|
|
|
- Name local variables argments and global vars (Cv ...)
|
|
|
|
- Common construct detection (if/switch/for/while/do)
|
|
|
|
- Enum detection/support (load from .h ?) #define /enum parse only
|
2010-06-21 09:55:48 +00:00
|
|
|
- Detect sign of variables (depending on the conditionals used)
|
2010-06-21 19:08:43 +00:00
|
|
|
- Change operations to ease reading ('\n' instead of 0xa.. sub<->add)
|
|
|
|
- Detect and propagate variable types
|
|
|
|
- Symbol recognition
|
|
|
|
|
|
|
|
Core (RAnal, RMeta, RBin, ...)
|
|
|
|
==============================
|
|
|
|
* Language: C
|
|
|
|
* Analyze opcodes
|
|
|
|
* Detect numeric sign
|
|
|
|
* Detect data type and size by analyzing the accesses
|
|
|
|
* Analyze conditionals (if () goto .., labels, ...)
|
|
|
|
* Support push+ret constructions
|
|
|
|
* Analyze function calls (fast/slowcall, parameters, data types, return values..)
|
|
|
|
* Define data types (as 'pm' structs (memory format string))
|
|
|
|
* Analyze common constructions
|
2010-06-21 09:55:48 +00:00
|
|
|
|
2010-06-21 19:08:43 +00:00
|
|
|
Plugin (Radare.Decompiler class)
|
|
|
|
================================
|
|
|
|
* Language: Vala
|
|
|
|
* Using visitor paradigm
|
|
|
|
* Bidirectional sync methods for core
|
|
|
|
- Caches data and code from the core
|
|
|
|
- Comments must be syncronized too
|
|
|
|
* Independent structure compared to core
|
|
|
|
* Optimize sequences of opcodes
|
|
|
|
* Optimize AST (remove unaccessible code, join nodes, ...)
|
|
|
|
* Polimorph operations to simplify reading (shl eax, 1 => eax *= 2)
|
|
|
|
* Remove stack-related operations
|
|
|
|
* Resolve and propagate data types
|
|
|
|
* Parse .h files in order to import function signatures, defines, enums, ..
|
|
|
|
* Support to decompile single function or full program
|
|
|
|
* Each node must have a to_string() method to serialize
|
|
|
|
* Indent resulting code
|
|
|
|
* Remove trash code
|
|
|
|
|
|
|
|
UI (Gtk+)
|
|
|
|
=========
|
|
|
|
* Language: Vala
|
|
|
|
* Implemented as a Gtk.Widget
|
|
|
|
* Walk along the decompiled program code
|
|
|
|
- change variable names (read/write value)
|
2010-06-21 09:55:48 +00:00
|
|
|
- go xrefs
|
2010-06-21 19:08:43 +00:00
|
|
|
|
|
|
|
Future
|
|
|
|
======
|
|
|
|
* Floating point support
|
|
|
|
* Support high-level language constructions (objective-C, gobject, c++, ...)
|
|
|
|
|
|
|
|
External linkz
|
|
|
|
==============
|
|
|
|
* http://www.pivotaltracker.com/
|
|
|
|
|
|
|
|
|
|
|
|
-------------8<-------------------------------------------- -- - - - - -
|
|
|
|
+-------------------+
|
|
|
|
| Plugin API design |
|
|
|
|
+-------------------+
|
|
|
|
|
|
|
|
public class RadareDecompiler.AST { }
|
|
|
|
public class RadareDecompiler.Node { }
|
|
|
|
public class RadareDecompiler.Function { }
|
|
|
|
public class RadareDecompiler.Variable { }
|
|
|
|
public class RadareDecompiler.Constant { }
|
|
|
|
public class RadareDecompiler.Conditional { }
|
|
|
|
public class RadareDecompiler.Enum { }
|
|
|
|
|
|
|
|
public class Radare.Decompiler {
|
|
|
|
public class Decompiler(RCore core) {
|
|
|
|
...
|
|
|
|
}
|
|
|
|
public void sync(bool write) { ... }
|
|
|
|
}
|