RetDec v5.0 releases: retargetable machine-code decompiler

RetDec is a retargetable machine-code decompiler based on LLVM.

The decompiler is not limited to any particular target architecture, operating system, or executable file format:

• Supported file formats: ELF, PE, Mach-O, COFF, AR (archive), Intel HEX, and raw machine code.
• Supported architectures (32b only): Intel x86, ARM, MIPS, PIC32, and PowerPC.

Features:

• Static analysis of executable files with detailed information.
• Compiler and packer detection.
• Loading and instruction decoding.
• Signature-based removal of statically linked library code.
• Extraction and utilization of debugging information (DWARF, PDB).
• Reconstruction of instruction idioms.
• Detection and reconstruction of C++ class hierarchies (RTTI, vtables).
• Demangling of symbols from C++ binaries (GCC, MSVC, Borland).
• Reconstruction of functions, types, and high-level constructs.
• Integrated disassembler.
• Output in two high-level languages: C and a Python-like language.
• Generation of call graphs, control-flow graphs, and various statistics.

Changelog v5.0

The one major change:

• RetDec is now a library (#779.
  • Related changes are the removal of retdec-decompiler.py (it is now a binary, e.g. retdec-decompiler.exe on Windows), retdec-bin2llvmir, retdec-llvmir2hll, and some other supportive functionality.
  • See an example in src/retdectool, or an actual implementation of RetDec executable in src/retdec-decompiler, to find out how to use RetDec library.

Repository Overview

This repository contains the following libraries:

• bin2llvmir — library of LLVM passes for translating binaries into LLVM IR modules.
• debugformat — library for uniform representation of DWARF and PDB debugging information.
• dwarfparser — library for high-level representation of DWARF debugging information.
• llvm-support — set of LLVM related utility functions.
• llvmir2hll — library for translating LLVM IR modules to high-level source codes (C, Python-like language).

This repository contains the following tools:

• bin2llvmirtool — frontend for the bin2llvmir library.
• llvm2hlltool — frontend for the llvmir2hll library.

This repository contains the following scripts:

• decompile.sh — the main decompilation script binding it all together. This is the tool to use for full binary-to-C decompilations.
• Support scripts used by decompile.sh:
  • color-c.py — decorates output C sources with IDA color tags — syntax highlighting for IDA.
  • config.sh — decompiler’s configuration file.
  • decompile-archive.sh — decompiles objects in the given AR archive.
  • fileinfo.sh — a Fileinfo tool wrapper.
  • signature-from-library.sh — extracts function signatures from the given library.
  • unpack.sh — tries to unpack the given executable file by using any of the supported unpackers.
• Other utility scripts:
  • decompile-all.sh — decompiles all executables in the given directory and subdirectories.
  • run-unit-test.sh — run all tests in the unit test directory.
  • utils.sh — a collection of bash utilities.

Build and Installation

Copyright (c) 2017 Avast Software