Hex-Rays Decompiler

https://www.hex-rays.com/products/decompiler/

We are pleased to present our flagship product, the Hex-Rays Decompiler, which brings binary software analysis within reach of millions of programmers. It converts executable programs into a human readable C-like pseudocode text.

In comparison to low level assembly language, high level language representation in Hex-Rays has several advantages:

• concise: requires less time to read it
• structured: program logic is more obvious
• dynamic: variable names and types can be changed on the fly
• familiar: no need to learn the assembly language
• cool: the most advanced decompiler ever built!

The pseudocode text is generated on the fly. Our technology is fast enough to analyze 99% of functions within a couple of seconds.

Currently the decompiler supports 32bit compiled generated code for the x86 and ARM processors. We plan to port it to other platforms and add a programmatic API. This will allow our customers to implement their own analysis methods. Vulnerability search, software validation, coverage analysis are the directions that immediately come to mind.

The decompiler runs on MS Windows. The GUI and text IDA versions are supported. In the text mode, only batch operation is available.

Limitations

The decompiler comes in two different flavors:

• x86 decompiler (32-bit code)
• ARM decompiler

Currently the decompiler can handle compiler generated code. Manually crafted code may be decompiled too but the results are usually worse than for compiler code. Support for other processors and 64-bit code will eventually be added (no deadlines are available, sorry).

Below are the most important limitations of our decompilers (all processors):

• exception handling is not supported
• type recovery is not performed
• global program analysis is not performed

Limitations specific to x86:

• 16-bit programs are not analyzed

Limitations specific to ARM:

• floating point instructions are not supported
• VFP/SIMD/Neon/... instructions are not supported
• arguments passed partially on registers and partially on the stack are not supported

The Decompiler software is available for two platforms:

x86 and ARM.

IDA Starter is enough to use the decompiler.