Milan’s useful functions for Hex-Rays decompiler
New hexrays features:
Assist in creation of new structure definitions / virtual calls detection
1) use “Reset pointer type” on all variables that you want to scan.
2) Select one of these variables and choose “Scan variable (S)”
Plugin deals with simple assignments “v1 = this;” automatically.
3) Again right click on such variable and choose open structure builder.
Ajdust the structure to your likings.
In Structure builder you can open a list of functions you scanned so far and
functions that were added from virtual function tables.
Open some of the functions and scan other variables that are of the same
type. Be carefull there is no undo yet.
As you gather more evidence structure builder will show you guessed substructure sizes
and guessed types.
Colliding types have yellow background. Use delete to solve the ambiguity.
With red colour is marked current master offset into structure being created.
Use “*” to change master offset. But you should not need this too often,
because basic situations are detected automatically.
CrowdStrike CrowdDetox Plugin for Hex-Rays
CrowdDetox version 1.0.2 Beta
by Jason Geffner (email@example.com)
The CrowdDetox plugin for Hex-Rays automatically removes junk code and variables from Hex-Rays function decompilations.
原创文章，转载请注明： 转载自 火星信息安全研究院