Questions tagged [decompiler]
Software used to revert the process of compilation. Decompiler takes a binary program file as input and output the same program expressed in a structured higher-level language.
86 questions
1
vote
0
answers
65
views
Is there a way to sync symbol labels in Ghidra Disassembler with its Decompiler?
I swear that in IDA Pro, when I renamed a stack var in the disassembler, that name would port over to the decompiled view, but this doesn't seem to occur in Ghidra. In fact, in Ghidra, when I try to ...
- 1,890
1
vote
1
answer
205
views
Kawai ES110 - Firmware supplied as MIDI file, what can we do?
The firmware for this digital piano is supplied as a MIDI file with an EasyPlayer.exe (not sure if Wine can run this properly) binary to upload it.
I'm wondering if there's a way to get at it's ...
- 113
0
votes
0
answers
103
views
Make a reverse engineering for dead app
Hi,there is an app (Voip Recorder & Screen Recorder)the developer stopped updating the app from 3 years, and it's the only app in the world could record the screen with internal sound likes ...
0
votes
1
answer
245
views
Ghidra decompiler does not recognize rsp being subtracted
while i'm reversing a PE binary, i got some weird decompiler output.
return address is shown on decompiler view.
I looked up on google, and i thought setting stack depth and editing a stack frame ...
- 1
0
votes
1
answer
436
views
i need software to decode this subtitle xml file, anyone know what it encodes with?
This is a subtitle file encoded by xml, is there any way to decode this xml file to srt?
Subtitle link xml
1
vote
0
answers
336
views
Ghidra: undefined4 to bytearray
I am trying to reverse a c++ program and make the decompiler represent a byte-array in a single line.
The c++ code contains the following line:
BYTE fileArray[139] = {0x50, 0x51....}
Ghidra ...
2
votes
0
answers
119
views
IDA Decompiler: How to configure Ida to correctly show "array elements left shifting proccess" when index is zero?
I have a buffer in disassembly that its elements are shifted to left (apparently with controlling the zero index), the original code is:
flag = 0;
for ( i = 0; i < 10; i++ )
{
if ( flag )
...
- 161
2
votes
1
answer
514
views
IDA decompiler: show a "for" loop instead of a "while", is it possible?
I'm reversing an embedded code, and faced with this "while" loop in while decompiling:
It's more readable for me if a "for" loop be shown instead a "while", i.e.:
while ...
- 161
3
votes
0
answers
615
views
Is there an MFC Decompiler available?
I want to know if there is already an MFC Decompiler?
So far, you have to decompile by hand - which is very tedious.
I would like a tool like DeDe Decompiler. The C++ code itself is not important. It ...
user42316
4
votes
0
answers
122
views
How can I manually figure out stack variable/buffer sizes from stripped x86-64 disassembly?
I am looking at the following CTF challenge:
0x56555779 <+0>: lea ecx,[esp+0x4]
0x5655577d <+4>: and esp,0xfffffff0
0x56555780 <+7>: push DWORD PTR [ecx-0x4]
...
- 1,890
1
vote
1
answer
398
views
Assign a constant value to an ARM register
I was reversing an libil2cpp.so and decompiled it using ghidra and as of now my assembly language knowledge is very limited and studied it long time btw I had an assembly code like this:
...
- 309
3
votes
0
answers
796
views
How to deal with this Ghidra decompile error?
I'm getting the following Ghidra decompile error on one function:
Low-level Error: Symbol $$undef00000008 extends beyond the end of the address space
I don't see anything unusual about the ...
3
votes
0
answers
121
views
In the Hex-Rays decompiler, is it possible to assign macros such as NT_SUCCESS
Suppose the decompiler came up with something like this:
if (Status >= 0)
{
// ... some other pseudo code
}
Is it possible to prettify this code with the NT_SUCCESS() macro, like this:
if (...
- 11k
2
votes
1
answer
806
views
Patch .net executable via hex editor
What I am trying to do:
I have an .exe written in C#. Ilspy shows the code. Inside it has a class DoWork with static field SomeValue:
// Program.DoWork
public static int SomeValue => 15;
In code, ...
- 185
5
votes
1
answer
11k
views
Decompile a NodeJS compiled program maybe by NEXE
I recently got idiotly scammed one of my discord account but kept the malware in case.
Curious, I would love today to break into the executable to fetch any information about the scammer.
I decompiled ...
- 51