RetDec框架之bin2llvmir工具的使用

python .\retdec-decompiler.py <binary_path>

测试代码

#include<iostream>
#include<windows.h>
#include<intrin.h>

using namespace std;


int dummy_1 = 1;
int dummy_2 = 2;

int res = 0;

int cpuid[4];


int main()
{

    res = IsDebuggerPresent();

    printf("%d\n", res);

    res = dummy_1 + dummy_2;

    printf("%d\n", res);
    
    res = dummy_1 - dummy_2;

    printf("%d\n", res);

    res = dummy_1 * dummy_2;

    printf("%d\n", res);

    res = dummy_1 / dummy_2;

    printf("%d\n", res);

    res = dummy_1 << 1;

    printf("%d\n", res);

    res = dummy_1 >> 1;

    printf("%d\n", res);

    __cpuid(cpuid, 9);

    if (res == 3)
    {
        res = 0x111111;
    }
    else
        res = 0x777777;

    printf("%d\n", res);
    return 0;
}

反编译后的代码

int32_t function_401040(void) {
    struct struct1 v1; // 0x4010e7
    int32_t v2 = IsDebuggerPresent(); // 0x401042
    g42 = v2;
    printf("%d\n", v2);
    g42 = 3;
    printf("%d\n", 3);
    g42 = -1;
    printf("%d\n", -1);
    g42 = 2;
    printf("%d\n", 2);
    g42 = 0;
    printf("%d\n", 0);
    g42 = 2;
    printf("%d\n", 2);
    g42 = 0;
    printf("%d\n", 0);
    v1 = __asm_cpuid(9);
    g38 = v1.e0;
    g40 = v1.e2;
    int32_t v3 = g42 == 3 ? 0x111111 : 0x777777; // 0x401108
    g39 = v1.e1;
    g41 = v1.e3;
    g42 = v3;
    printf("%d\n", v3);
    return 0;
}

后面去github下载了新的retdec release发现,没有retdec-decompiler.py这个脚本了，但是多了retdec-decompiler.exe。之前用老的release发现反编译一些大的dll(2.69M),会出现内存不够的情况。因为老的是x86编译的，会受限制于4G的内存空间。