Decompiler¶

Note

The decompiler should be called as a plugin from process.decompiler.

DecompilerBase¶

class revenge.plugins.decompiler.DecompilerBase(process)[source]¶

Bases: object

Use this to decompile things.

Examples

# Attempt to get corresponding source code from address 0x12345
process.decompiler[0x12345]

# Decompile a function
decomp = process.decompiler.decompile_function(0x12345)
# Or alternatively, specify it as a string to getitem
decomp = process.decompiler["my_func"]

# Programmatically iterate through it
for item in decomp:
    x = decomp[item]
    # stuff

# Or print it out to the screen
print(decomp)

# See decomp.highlight() as well.

decompile_address(address)[source]¶

Lookup the corresponding decompiled code for a given address.

Parameters: address (int) – The address to look up decompiled code.
Returns: Decompiled output or None if no corresponding decompile was found.
Return type: revenge.plugins.decompiler.decompiled.Decompiled

decompile_function(address)[source]¶

Lookup the corresponding decompiled code for a given function.

Parameters: address (int) – The start of the function to decompile.
Returns: Decompiled output or None if no corresponding decompile was found.
Return type: revenge.plugins.decompiler.decompiled.Decompiled

Decompiler¶

class revenge.plugins.decompiler.Decompiler(process)[source]¶

Bases: revenge.plugins.Plugin

Use this to decompile things.

Examples

# Attempt to get corresponding source code from address 0x12345
process.decompiler[0x12345]

# Decompile a function
decomp = process.decompiler.decompile_function(0x12345)
# Or alternatively, specify it as a string to getitem
decomp = process.decompiler["my_func"]

# Programmatically iterate through it
for item in decomp:
    x = decomp[item]
    # stuff

# Or print it out to the screen
print(decomp)

# See decomp.highlight() as well.

decompile_address(address)[source]¶

Lookup the corresponding decompiled code for a given address.

Parameters: address (int) – The address to look up decompiled code.
Returns: Decompiled output or None if no corresponding decompile was found.
Return type: revenge.plugins.decompiler.decompiled.Decompiled

decompile_function(address)[source]¶

Lookup the corresponding decompiled code for a given function.

Parameters: address (int) – The start of the function to decompile.
Returns: Decompiled output or None if no corresponding decompile was found.
Return type: revenge.plugins.decompiler.decompiled.Decompiled

property imp¶

The underlying implementation.

This will be guessed automatically based on what decompilers are discovered. You can also instantiate your own and assign it directly to imp.

Type: revenge.plugins.decompiler.DecompilerBase

Decompiled¶

class revenge.plugins.decompiler.Decompiled(process, file_name=None)[source]¶

Bases: object

highlight(thing, color=None)[source]¶

Highlight everything in thing with color.

Parameters

thing (int, list, tuple, trace) – Addresses of things to highlight
color (str, optional) – Color to use (see DecopmiledItem.highlight) default: green

Examples

# Create a timeless trace
timeless = process.techniques.NativeTimelessTracer()
timeless.apply()
t = list(timeless)[0]

# Decompile your function, this can be done at any time
decomp = process.decompiler.decompile_function(0x12345)

# Let your program run to grab the trace
process.memory[process.entrypoint].breakpoint = False

# Apply the trace to your decomp
decomp.highlight(t)

# You can keep the same decomp and apply traces from different timeless runs as well
# For instance, if you had a second trace called t2, this would overlay that trace
decomp.highlight(t2)

The things to highlight here must be valid in the current instance of revenge. This means, if your binary has ASLR, these must be the CURRENT addresses, with ASLR applied. Highlight will adjust the locations as needed.

DecompiledItem¶

class revenge.plugins.decompiler.DecompiledItem(process, file_name=None, address=None, src=None, highlight=None)[source]¶

Bases: object

property address¶

Address of this decompiled instruction.

Type: int

property highlight¶

Color to highlight this instruction (or None).

Valid options are: [‘BLACK’, ‘BLUE’, ‘CYAN’, ‘GREEN’, ‘LIGHTBLACK_EX’, ‘LIGHTBLUE_EX’, ‘LIGHTCYAN_EX’, ‘LIGHTGREEN_EX’, ‘LIGHTMAGENTA_EX’, ‘LIGHTRED_EX’, ‘LIGHTWHITE_EX’, ‘LIGHTYELLOW_EX’, ‘MAGENTA’, ‘RED’, ‘WHITE’, ‘YELLOW’]

Type: str

property src¶

Pseudo source for this instruction.

Type: str