« Decompiler output ctree | Main | Jump tables »

Better user interface for decompiler

We are glad to release a new version of the Hex-Rays decompiler! Highlights of this build:
  • improved usability
  • support for unusual calling conventions
  • better handling of obfuscated code

The most important improvement is the user interface. Now the decompiler is at your fingertips at all times, the same way as the graph view. Remember that you can toggle graph-text views in IDA with one keyboard hit? For the decompiler you can use the Tab key: it toggles between the disassembly and pseudocode views.

For those of you who prefer to see both the decompiler output and disassembler output in the same window, we added the "copy to disassembly" command. It just does what its names says: copies the pseudocode text to the disassembly window. You can see both outputs simultaneously: mapping of low level assembly idioms to high level constructs is made as transparent as possible.

With this build, you will be able to open multiple pseudocode windows. This will be especially useful for long functions: just open a separate window for each called function by Ctrl-double clicking on function names. The long function will stay intact in its own window and you won't lose time by reanalyzing it upon each return.

One more command to handle code complexity: ability to hide parts of code. The new hide/unhide command allows you to collapse a multiline statement into just one line. Collapsing unimportant sub-statements reveals the global structure of the decompiled function.

We also added other things to make the life easier: the command to jump to xrefs, better status line information, support for the __spoiled keyword, and more heuristic rules to the analyzer.

Here's a short video:

The detailed list of changes can be accessed here

Nice analysis!

Posted by Ilfak Guilfanov on January 2, 2008 04:24 PM |

Comments

Now that is an elegant design.

Posted by: Aaron E. | January 2, 2008 09:16 PM

Very creative and useful additions, keep the good work.

Posted by: lallous | January 3, 2008 09:16 AM

Great improvements -- I can't wait to get the update! We swear you must be listening in on us here -- half the features you added were things we talked about but hadn't (yet) requested of you. ;-)

Posted by: Joe B. | January 3, 2008 03:09 PM

Why the code following is failed when I press "F5":

text:0040223A ; sub_40207C:loc_402156j
.text:0040223A add esi, 0FFFFFFF2h ; switch 5 cases
.text:0040223D cmp esi, 4
.text:00402240 ja short loc_402288 ; default
.text:00402240
.text:00402242 jmp ds:off_402249[esi*4] ; switch jump
.text:00402242
.text:00402242 ; ---------------------------------------------------------------------------
.text:00402249 off_402249 dd offset loc_40225D ; DATA XREF: sub_40207C+1C6r
.text:00402249 dd offset loc_402266 ; jump table for switch statement
.text:00402249 dd offset loc_40226F
.text:00402249 dd offset loc_402278
.text:00402249 dd offset loc_402281
.text:0040225D ; ---------------------------------------------------------------------------

Posted by: Jack | January 21, 2008 10:54 AM

Jack, this is not the right place to get technical support.

Posted by: Ilfak Guilfanov [TypeKey Profile Page] | January 21, 2008 11:03 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Latest news: Hex-Rays decompiler has been released!