Skip to content
/ decomp2gef Public
forked from mahaloz/decomp2dbg

A plugin to introduce a generic API for Decompiler support in GEF

0 stars 46 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CyberMonitor/decomp2gef

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
README.md
README.md
 
 
decomp2gef.cast
decomp2gef.cast
 
 
decomp2gef.png
decomp2gef.png
 
 
decomp2gef.py
decomp2gef.py
 
 
decomp2gef_ida.py
decomp2gef_ida.py
 
 

Repository files navigation

decomp2gef

A plugin to introduce a generic API for Decompiler support in GEF. Like, GEF, the plugin is battery-included and requires no external dependencies other than Python.

decomp2gef Demo viewable here.

Quick Start

First, install the decomp2gef plugin into gef:

cp decomp2gef.py ~/.decomp2gef.py && echo "source ~/.decomp2gef.py" >> ~/.gdbinit

Alternatively, you can load it for one-time-use inside gdb with:

source /path/to/decomp2gef.py

Now import the relevant script for you decompiler:

IDA

  • open IDA on your binary and press Alt-F7
  • popup "Run Script" will appear, load the decomp2gef_ida.py script from this repo

Now use the decompiler connect command in GDB. Note: you must be in a current session of debugging something.

Usage

In gdb, run:

decompiler connect ida

If all is well, you should see:

[+] Connected to decompiler!

Now just use GEF like normal and enjoy decompilation and decompiler symbol mapping! When you change a symbol in ida, like a function name, if will be automatically reflected in gdb after just 2 steps!

Features

  • Auto-updating decompilation context view
  • Auto-syncing function names
  • Breakable/Inspectable symbols
  • Auto-syncing stack variable names
  • Auto-syncing structs

Abstract

The reverse engineering process often involves a decompiler making it fundamental to support in a debugger since context switching knowledge between the two is hard. Decompilers have a lot in common. During the reversing process there are reverse engineering artifacts (REA). These REAs are common across all decompilers:

  • stack variables
  • global variables
  • structs
  • enums
  • function headers (name and prototype)
  • comments

Knowledge of REAs can be used to do lots of things, like sync REAs across decompilers or create a common interface for a debugger to display decompilation information. GEF is currently one of the best gdb upgrades making it a perfect place to first implement this idea. In the future, it should be easily transferable to any debugger supporting python3.

Adding your decompiler

To add your decompiler, simply make a Python XMLRPC server that implements the 4 server functions found in the decomp2gef Decompiler class. Follow the code for how to return correct types.

About

A plugin to introduce a generic API for Decompiler support in GEF

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%