ida batch_decompile
0.1
Dekompilasi semua hal!
IDA Batch Decompile adalah plugin untuk IDA Pro Hex-Ray yang menambahkan kemampuan untuk mendekompilasi banyak file secara batch dan mengimpornya dengan anotasi tambahan (xref, ukuran stack var) ke file pseudocode .c
ssst! - ida-batch_decompile juga merupakan bagian dari proyek: unbox - alat baris perintah yang lebih mudah untuk membongkar dan mendekompilasi segala macam hal.
buka target, tunggu analisis selesai
IDA Pro -> File/Script file... -> <this_python_script>
IDA Pro -> File/Produce file-> IdaDecompileBatch ...
centang Annotate StackVarSize , Annotate Func XRefs
klik OK untuk mendekompilasi.
Catatan: File akan disimpan di folder target sebagai <target_image_name.c>
<path_to_ida>/ida(w|w64)(.exe) -B -M -S"<path_to_this_script> "--option1" "--option2"" "<target>"
Perhatikan bahwa opsi perlu dikutip dengan "
Opsi yang tersedia, lihat --help
--output ... output file path --annotate-stackvar-size ... annotate function stack variable sizes --annotate-xrefs ... annotate function xrefs --imports ... process imports --recursive ... recursive batch decompile --experimental-decompile-cgraph ... experimental: manually decompile function call graph
Ikuti dokumentasi IDA Pro tentang cara menambahkan plugin python.
IDA Pro -> File/Produce file -> IdaDecompileBatch ...
[__main__/36908][DEBUG ] [idabatchdecompile.PLUGIN_ENTRY ] [+] menginisialisasi IdaDecompileBatchPlugin[__main__/36908][DEBUG ] [idabatchdecompile.__init__ ] [+] is_windows: True[__main__/36908][DEBUG ] [idabatchdecompile.__init__ ] [+] is_ida64: Salah[__main__/36908][DEBUG ] [idabatchdecompile.wait_for_lysis_to_finish] [+] menunggu analisis selesai...
[__main__/36908][DEBUG ] [idabatchdecompile.wait_for_lysis_to_finish] [+] analisis selesai.
[__main__/36908][DEBUG ] [idabatchdecompile.load_plugin_decompiler] [+] mencoba memuat plugin decompiler[__main__/36908][DEBUG ] [idabatchdecompile.load_plugin_decompiler] [+] plugin decompiler dimuat.
[__main__/36908][DEBUG ] [idabatchdecompile.PLUGIN_ENTRY ] [+] Mode: baris perintah tanpa args[__main__/36908][DEBUG ] [idabatchdecompile.set_ctrl ] [+] IdaDecompileBatchPlugin.set_ctrl(<__main__.IdaDecompileBatchController objek di 0x056FCF90>)
[__main__/36908][DEBUG ] [idabatchdecompile.init ] [+] IdaDecompileBatchPlugin.init()
[__main__/36908][DEBUG ] [idabatchdecompile.init ] [+] menyiapkan menu[__main__/36908][INFO ] [idabatchdecompile.PLUGIN_ENTRY ] [i] IdaDecompileBatch dimuat, lihat Menu: ('File/Produce file/', 'IdaDecompileBatch...')
... Aplikasi telah didekompilasi sepenuhnya.
[__main__/36908][DEBUG ] [idabatchdecompile.decompile_all ] [+] selesai mendekompilasi 'dbghelp.dll' sebagai 'dbghelp.c' //----- (03052800) ---------------------------------------- ----------------// **** Variabel ****// * ukuran tumpukan: 20// {"diff_size": 4, "offset_text": "[bp +0h]", "ukuran": 4, "nama": " s", "offset": 0}// {"diff_size": 4, "offset_text": "[bp+4h]", "ukuran": 4, "nama": " r", "offset": 4}// {"diff_size": 4, "offset_text": "[bp+8h]", "ukuran": 4, "nama": "arg_0" , "offset": 8}// {"diff_size": 4, "offset_text": "[bp+Ch]", "size": 4, "name": "dwBytes", "offset": 12}// {"diff_size": 4, "offset_text": "[bp+10j]", "ukuran": 4, "nama": "arg_8", "offset": 16}// ********* **********// ***** XREFS *****// * # 1// sub_30733D0+30// *************** ****int __stdcall sub_3052800(int a1, SIZE_T dwBytes, int a3)
{ int hasil; // eax@17
MENANGANI v4; // eax@21...//github.com/tintinweb
