What is a decompiler? I like Wikipedia’s definition, i.e. So, what is decompilation? In general terms, decompilation is the reconstruction of a computer program in a high-level language from a computer program in a low-level language. Here is a list of publications on the subject if you are interested in learning more about the technology. This blog post is not going to go into the internals of the RetDec decompiler. The name was chosen because the tool is not limited to a single CPU architecture, operating system or executable file format. The tool is generic in that it can transform platform-specific code, such as IA32/PE binaries and ARM/ELF, into a higher form of representation, currently either C source code or a Python-like language. RetDec represents over 7 years of development work. RetDec makes extensive use of a number of interesting technologies including Capstone, Yara, LLVM and LLVM IR (Intermediate Representation.) Over the years since 2011, more than 20 BSc/MSc/PhD students from BUN have been involved in the project. Peter Matula, also of Avast, was the main developer of the RetDec decompiler. Jakub Krouste, lead at Avast Threat Labs, was the “founder” of RetDec. ![]() RetDec started life in 2011 as a joint project between AVG technologies, acquired by Avast in 2016, and Brno University of Technology (BUT) in the Czech Republic. The decompiler is named Retargetable Decompiler (AKA RetDec.) In early December 2017, Avast open-sourced their machine code decompiler for platform-independent analysis of executable code.
0 Comments
Leave a Reply. |