IDA SDK 7.1 Hex-Rays Decompiler SDK

IDA SDK 7.1 Hex-Rays Decompiler SDK ::: https://urlin.us/2tacCS

For folks who use IDA in their malware analysis workflow, it is recommended to use the hexrays-decompiler-plugin plugin to decompile your app, which will automatically generate the app's Java classes and produce IDA-compatible disassembly. The plugin requires the standard Java SDK to decompile your app. If you use Eclipse, you can download the JDK from there, or you can use the setup provided by Oracle .

Code decompilers can be used to decompile arbitrary executable code, without the need for specific libraries and plugins. Most decompilers require a few assembly instructions to be imported into an algorithm, and some of them are quite capable of this task. For example, IDA can decompile a binary, and then it imports the instructions from the binary into its algorithm, which decompiles the entire binary without any human intervention. This is a very powerful feature, but it requires the user to decompile the binary with a genuine IDA, and not a disassembler plugin.

You can use this mechanism to replace classes or methods (such as GetProcAddress) with your own version. Hex-Rays uses this mechanism to replace the native psvm DLL, in order to make it easier to compile Android binaries. The file Tools/android/libs.d contains the library file used to replace the native psvm.dll.

$(DEPDIR)/psvm.dll: $(E_BIN_LIST) $(E_BIN_CC) $(E_BIN_CXX) $(E_BIN_LD) $(E_BIN_AR) $(E_BIN_STRIP)

$(DEPDIR)/psvm.h: $(E_H_CC) $(E_H_CXX) $(E_H_LD) $(E_H_AR)

Binary files:

$(DEPDIR)/psvm.dll

$(DEPDIR)/psvm.h:

The ASM macro E_BIN_LD takes a list of all input files and generates an output file containing the required libraries. For the native psvm.dll, Hex-Rays uses E_BIN_LD to replace the native version of psvm.dll with their own hexrays-based version. The filenames are the same, except with a .hexrays extension:

I was informed by Hex-Rays' support that this is not a feature that will ship with the next version of Hex-Rays, but that they are aware of it and will eventually address this issue. To stay up to date with the latest developments, follow the Hex-Rays blog or check out @hexrays on Twitter. 827ec27edc