A decompiler plugin for IDA, producing (pseudo-)C/C++ code, developed by the company of the same name (Hex-Rays).
Questions tagged [hexrays]
140 questions
1
vote
1 answer
How to make IDA stop showing a struct as an array
Sometimes when I am figuring out a struct in IDA, there will be a really big offset and IDA will decide the struct is an array.
Consider this from ALPC:
if ( (_Message[1].u1.Length & 0x200) != 0 && (PortObject->MainQueueLength & 0x2000) != 0 )
…
MrSynAckSter
- 1,258
- 1
- 10
- 24
1
vote
1 answer
IDA HexRays: signed/unsigned types and 32/64 bits dont match assembly
Here is assembly:
mov rdi, [r13+rax*8+0]
sub rdi, rcx
cvtsi2sd xmm0, rdi
movsd qword ptr [r11+rax*8], xmm0
cvtsi2sd xmm0, qword ptr [r14+rax*8]
movsd qword ptr [rsi+rax*8], xmm0
add rax, 1
And here is an output from…
pete71
- 11
- 2
1
vote
3 answers
Understanding Hex-Rays pseudo code
What is the meaning of the following pseudo-code?:
BYTE1(v2) or BYTE1(v2)
HIBYTE(v2)
Is there any explanation for those macros? How can I implement those macros in C code?
psudoCode
- 27
- 1
- 2
0
votes
1 answer
Will "Reset decompiler information"+"All caches" invalidate functions marked as decompiled?
In his answer to a question, Rolf pointed me to the Edit -> Other -> Reset decompiler information functionality, suggesting that "All caches" will force the decompiler to pick up immediately on changes I made to the disassembly.
This sounds like a…
0xC0000022L
- 10,908
- 9
- 41
- 79
0
votes
1 answer
An incomprehensible line in the output from hex rays
v5 = (*(int (__cdecl **)(int))((char *)&etext + 1))(a1);
Please explain me what does this line mean (if possible, please write from what it was compiled from (language - c))
Inc.ace
- 13
- 2
0
votes
2 answers
Re-analyzing pseudocode IDA Pro
While I was reversing a binary I noticed that IDA Pro had adjusted the pseudocode that initially was generated. This happened after I started reversing the binary and renamed functions and variables to more appropriate names. IDA Pro had then…
Nicolai Prebensen
- 125
- 6
0
votes
1 answer
How can I follow virtual function calls in IDA?
I'm trying to reverse a video game that was made with the CryEngine 5 game engine. CryEngine 5 source code is available on GitHub, so I can look at the CryEngine source code and cross reference with the game in IDA to find a lot of information.
Here…
psyfl
- 1
- 1
- 1