Wednesday, January 18, 2017

New IR & exception block recovery

ISD is moving to new decompiler system. Here you can see sample with try-catch block recovered and disassembled code inserted as comments. New IR-code and transformations will come later.

Maybe it's not so obvious, but in PascalScript order of finally and except matters.

Tuesday, December 20, 2016

C# 7 Pattern Matching example

Just tried C# 7 switch-case pattern matching. Looks good.

Before

After

Wednesday, November 9, 2016

Inno Setup Decompiler

I'm happy to present Inno Setup Decompiler.

It is tool to greatly simplify analysis of PascalScript compiled byte-code. Inno Setup has this code in [Code] section of a script.

It recovers variables, types/records and Pascal code. Now there are no high-level control flow structures. But it is to be improved later. There is work in progress to significantly improve CodeAnalyzer engine which will help improve decompilation a lot.

Some resulting examples:

Saturday, June 18, 2016

Syntax highlighting and code folding for Code Analyzer

Thanks to AvalonEdit & ILSpy teams for great editor. Now we have syntax highlighting and code folding for IR-code and clickable addresses where possible in text.



Another great addition is you can click on nodes in graph and go to the code in text view.

Also from now binaries are packaged in installer (currently it's mostly to register .vdsession extension)

Sunday, May 22, 2016

Graph viewer modes

Graph viewer now has few modes.
  • Normal - just browse the graph.
  • Immediate Dominator - highlight immediate dominator for selected node.
  • Immediate Dominator Ref - highlight all nodes for which selected node is immediate dominator.
  • Dominance Frontier - highlight nodes in dominance frontier of selected node.

Red node is immediate dominator of green node


Function messages now displayed in list with columns, which is better to read.


Also machine-to-IR-code translation phase now returns status more correctly. It helps identify problems faster.

Friday, May 6, 2016

Folding If-Then-Else structures

One of the steps processing lower level code to higher level one is to detect/fold control flow structures.

Here is example showing graph before and after folding If-Then-Else and If-Else structures. New graph has fewer nodes and is cleaner.

After folding

Before folding

Thursday, April 28, 2016

Can't launch Fallout 4 on Skylake video?

Recently I've tried to launch Fallout 4 on integrated Skylake video card (Intel HD Graphics 530) and it failed.

The first thing you may think it is problem of video card. No it's not :)

The card is pretty modern as for Q1 2016 and game at least should start (Witcher 3 is just fine, with low FPS obviously).

Starting game executable in debugger pretty quickly I got exception in ... bink2w64.dll

Not doing a big research, but it's clear it fails to play video.

Simulating used bink APIs made game launch (without videos of course). There are not many APIs used, so it's not so hard and even emulation dll can be written. But best thing is to have fixed bink of course :)