ida batch_decompile
0.1
Decompile all the things!
IDA Batch Decompile is a plugin for Hex-Ray's IDA Pro that adds the ability to batch decompile multiple files and their imports with additional annotations (xref, stack var size) to the pseudocode .c file
pssst! - ida-batch_decompile is also part of project: unbox - a nobrainer commandline tool to unpack and decompile all sorts of things.
open target, wait for analysis to finish
IDA Pro -> File/Script file... -> <this_python_script>
IDA Pro -> File/Produce file-> IdaDecompileBatch ...
tick Annotate StackVarSize, Annotate Func XRefs
click OK to decompile.
Note: File will be saved in target folder as <target_image_name.c>
<path_to_ida>/ida(w|w64)(.exe) -B -M -S"<path_to_this_script> "--option1" "--option2"" "<target>"
Note that options need to be quoted with "
Available options, see --help
--output ... output file path --annotate-stackvar-size ... annotate function stack variable sizes --annotate-xrefs ... annotate function xrefs --imports ... process imports --recursive ... recursive batch decompile --experimental-decompile-cgraph ... experimental: manually decompile function call graph
Follow the IDA Pro documentation on how to add python plugins.
IDA Pro -> File/Produce file -> IdaDecompileBatch ...
[__main__/36908][DEBUG ] [idabatchdecompile.PLUGIN_ENTRY ] [+] initializing IdaDecompileBatchPlugin[__main__/36908][DEBUG ] [idabatchdecompile.__init__ ] [+] is_windows: True[__main__/36908][DEBUG ] [idabatchdecompile.__init__ ] [+] is_ida64: False[__main__/36908][DEBUG ] [idabatchdecompile.wait_for_analysis_to_finish] [+] waiting for analysis to finish...
[__main__/36908][DEBUG ] [idabatchdecompile.wait_for_analysis_to_finish] [+] analysis finished.
[__main__/36908][DEBUG ] [idabatchdecompile.load_plugin_decompiler] [+] trying to load decompiler plugins[__main__/36908][DEBUG ] [idabatchdecompile.load_plugin_decompiler] [+] decompiler plugins loaded.
[__main__/36908][DEBUG ] [idabatchdecompile.PLUGIN_ENTRY ] [+] Mode: commandline w/o args[__main__/36908][DEBUG ] [idabatchdecompile.set_ctrl ] [+] IdaDecompileBatchPlugin.set_ctrl(<__main__.IdaDecompileBatchController object at 0x056FCF90>)
[__main__/36908][DEBUG ] [idabatchdecompile.init ] [+] IdaDecompileBatchPlugin.init()
[__main__/36908][DEBUG ] [idabatchdecompile.init ] [+] setting up menus[__main__/36908][INFO ] [idabatchdecompile.PLUGIN_ENTRY ] [i] IdaDecompileBatch loaded, see Menu: ('File/Produce file/', 'IdaDecompileBatch ...')
... The application has been completely decompiled.
[__main__/36908][DEBUG ] [idabatchdecompile.decompile_all ] [+] finished decompiling 'dbghelp.dll' as 'dbghelp.c'//----- (03052800) --------------------------------------------------------// **** Variables ****// * stack size: 20// {"diff_size": 4, "offset_text": "[bp+0h]", "size": 4, "name": " s", "offset": 0}// {"diff_size": 4, "offset_text": "[bp+4h]", "size": 4, "name": " r", "offset": 4}// {"diff_size": 4, "offset_text": "[bp+8h]", "size": 4, "name": "arg_0", "offset": 8}// {"diff_size": 4, "offset_text": "[bp+Ch]", "size": 4, "name": "dwBytes", "offset": 12}// {"diff_size": 4, "offset_text": "[bp+10h]", "size": 4, "name": "arg_8", "offset": 16}// *******************// ***** XREFS *****// * # 1// sub_30733D0+30// *******************int __stdcall sub_3052800(int a1, SIZE_T dwBytes, int a3)
{ int result; // eax@17
HANDLE v4; // eax@21...//github.com/tintinweb
