What is New

Want to see all news? Click here.

New Version: 2.1

5 Oct 2015

We are proud to inform you that we have made a new version of our retargetable decompiler! Among the main features of this release belong a new instruction-decoding algorithm, improved detection of C++ classes and functions, improved decompilation of programs using wide strings or functions from the Windows API, and improved annotations (comments) in the generated high-level language.

A list of changes:

  • Added a new instruction-decoding algorithm. The new algorithm is more precise and requires less memory.
  • Added basic support for decompilation of COFF binary files, e.g. Windows object files (*.o).
  • Added a new optimization of comparisons with boolean literals. This optimization simplifies code that performs comparisons to true/false.
  • Improved detection of C++ classes. Our decompiler is now able to reconstruct class hierarchies, virtual-method tables, and recognize constructors, destructors, and virtual member functions. All these pieces of information are emitted as comments in the generated high-level language.
  • Improved decompilation of ELF binary files containing segments instead of sections.
  • Improved decompilation of PE binary files containing delayed imports.
  • Improved decompilation of programs that use functions from the standard C mathematical library (math.h).
  • Improved decompilation of shared (*.so) and dynamic (*.dll) libraries.
  • Improved decompilation of programs that use wide strings.
  • Improved decompilation of programs that use functions from the Windows API.
  • Improved decompilation of UPX-packed programs. Furthermore, we newly support unpacking of several UPX modifications.
  • Improved detection of the tool used to create the input binary file (e.g. compiler and packer), including detection whether the input file contains bytecode. Keep in mind that our machine-code decompiler may produce inaccurate results when decompiling bytecode.
  • Improved annotations (comments) in the generated high-level language:
    • Functions are now divided into several categories: user-defined, statically linked, dynamically linked, system-call, and instruction-idiom functions.
    • Local variables that were created from global variables (e.g. registers) now include the name of the global variable in a comment.
    • Register names now correspond to real register names (e.g. eax or ebx on Intel x86). Previously, we emitted our internal names.
    • Goto-label addresses now correspond to addresses in the input binary file.
    • The end address of a function is now the address of the last byte of the function (previously, it was the address of the first byte of the next function).
  • Slightly improved reconstruction of for loops.
  • Selective decompilation is now less aggressive in terms of elimination of stack accesses. This change ensures that important stack accesses (such as loading of string literals) are kept in the generated source code.
  • Speeded up generation of the target high-level language when decompilation optimizations are disabled.
  • The decompiler may now produce warnings. They are shown in the decompilation log when decompiling through our decompilation web service.
  • Changes in our REST API:
    • Added a new key to decompilation phases: warnings. It represents a list of warnings (strings) that were produced by the decompiler in the given phase.
  • Many bug fixes.