Repository Overview

Libraries

• ar-extractor - library for extracting object files from archives (based on LLVM).
• bin2llvmir - library of LLVM passes for translating binaries into LLVM IR modules.
• capstone2llvmir - binary instructions to LLVM IR translation library.
• common - library implementing objects commonly used all across other modules.
• config - library for representing and managing RetDec configuration databases.
• cpdetect - library for compiler and packer detection in binaries.
• ctypes - library for representing C function data types.
• ctypesparser - library for parsing C function data types from JSON files into ctypes representation.
• debugformat - library for uniform representation of DWARF and PDB debugging information.
• demangler - demangling library capable to handle names generated by the GCC/Clang, Microsoft Visual C++, and Borland C++ compilers.
• fileformat - library for parsing and uniform representation of various object file formats. Currently supporting the following formats: COFF, ELF, Intel HEX, Mach-O, PE, raw data.
• llvmir-emul - LLVM IR emulation library used for unit testing.
• llvmir2hll - library for translating LLVM IR modules to high-level source codes (C, Python-like language).
• loader - library for uniform representation of binaries loaded to memory. Supports the same formats as fileformat.
• macho-extractor - library for extracting regular Mach-O binaries from fat Mach-O binaries (based on LLVM).
• patterngen - binary pattern extractor library.
• pdbparser - Microsoft PDB files parser library.
• pelib - Microsoft Portable Executable files manipulation library.
• retdec - the main decompilation library.
• rtti-finder - library for finding GCC/Clang and MSVC RTTI structures inside binaries.
• serdes - library for serializing and deserializing various RetDec classes.
• stacofin - static code finder library.
• unpacker - collection of unpacking functions.
• utils - general C++ utility library.
• yaracpp - C++ wrapper for YARA.

Notes:

• Library names are also RetDec component names that could be used in find_package(retdec <version> REQUIRED COMPONENTS <component> [...]).
• CMake target associated with <component> is always named retdec::<component>.
• Build and installation of an individual <component> can be enabled by setting RETDEC_ENABLE_<component>=ON at CMake configuration.
• See retdec-build-system-tests for demos on how to use these.

Tools (applications)

• ar-extractortool - frontend for the ar-extractor library (installed as retdec-ar-extractor).
• bin2pat - generates patterns from binaries (installed as retdec-bin2pat).
• capstone2llvmirtool - frontend for the capstone2llvmir library (installed as retdec-capstone2llvmir).
• demanglertool - frontend for the demangler library (installed as retdec-demangler).
• fileinfo - the main binary analysis tool. Supports the same formats as fileformat (installed as retdec-fileinfo).
• getsig - generates signatures from binary files (installed as retdec-getsig).
• idr2pat - tool for extracting patterns from IDR knowledge bases (installed as retdec-idr2pat).
• macho-extractortool - frontend for the macho-extractor library (installed as retdec-macho-extractor).
• pat2yara - tool for processing patterns to YARA signatures (installed as retdec-pat2yara).
• retdec-decompiler - the main decompilation application -- frontend for the retdec library. This is the tool to use for full binary-to-C decompilations.
• stacofintool - frontend for the stacofin library (installed as retdec-stacofin).
• unpackertool - plugin-based unpacker (installed as retdec-unpacker).

Notes:

• Tool names are also RetDec component names.
• Build and installation of an individual <component> can be enabled by setting RETDEC_ENABLE_<component>=ON at CMake configuration.

Scripts

• Support scripts:
  • retdec-archive-decompiler.py - decompiles objects in the given AR archive.
  • retdec-fileinfo.py - a Fileinfo tool wrapper.
  • retdec-signature-from-library-creator.py - extracts function signatures from the given library.
  • retdec-unpacker.py - tries to unpack the given executable file by using any of the supported unpackers.
  • retdec-utils.py - a collection of Python utilities.
• retdec-tests-runner.py - run all tests in the unit test directory.
• type_extractor - generation of type information (for internal use only)