Decompiler¶
The decompiler
plugin is an abstraction around the concept of decompiling
code. While it registers as a single plugin, the actual decompiler backend is
flexible and can be extended with new decompilers. When revenge
starts up,
a decompiler will be selected from those that revenge
can identify that you
have on your system.
General Usage¶
Here’s a basic example. For more examples, see the code docs under
Decompiler
.
# Attempt to decompile an address
decomp = process.decompiler.decompile_address(0x1234)
# Attempt to decompile a function
decomp = process.decompiler.decompile_function(0x1234)
See notes for each decompiler engine about possible caveats.
Engines¶
DWARF (priority 100)
Radare2-Ghidra (priority 70)
Building A Decompiler¶
To build a decompiler engine (building the decompiler is WAY beyond this little
documentation), you must extend the
DecompilerBase
class. The calls to
decompile MUST return an instance of
Decompiled
, which in turn must have 0 or
more populated DecompiledItem
instances.
On initialization of your decompiler, if it’s valid for the current configuration,
register it as an option with process.decompiler._register_decompiler
.
The priority is mostly a way to select from multiple competing decompilers. The higher the number the higher priority.