#Decompiler

My decompiler reached a milestone - I can now lift every instruction in this sample function I've been using, which includes rep.movsd instructions.... though no floating point yet. The rest has been a lot of "internal" updates for how I handle going from basic blocks to abstract syntax trees. Hopefully this will speed up the process later.

I've also added basic symbol resolving logic that tracks scope of the high-level variables.... Of course nothing is creating them yet so that's why you see a lot of the "unresolved" symbols.

The rest of updates include some quality of life updates like being able to click on keywords, assignment operators, and function calls and that will take the assembly view to the instruction responsible for that operation. I've also added the little block offset drop down lines, which was easy to implement but surprisingly useful.

It's also open source on github

@pliant ivy I got my output structure to match Ghidra!

nice, awesome!

New screenshot

very cool :)

https://cdn.discordapp.com/attachments/1409997134211584050/1417950007541239838/ouroboros2.mp4?ex=68cc585a&is=68cb06da&hm=892fe1ade2f17bb34582c34c5acd5c4c80b5e6bf6ef696f4e8eba0645fa3a161&

@brazen iron Were you ever able to finish bypassing obfuscation in this video? https://www.youtube.com/watch?v=PKlOCMjaGdc
I suspect this symbolic execution engine might be able to do a better job there.

I didn't end up doing any more afterthe video was done

Was it the GOG version that had the crazy obfuscation?

oh it's not even on gog

Yeah it was one from abandonware site

I’ve spoken to someone at GoG about this, apparently the question of who owns the IP is complex

I’m not even joking, the IP might be owned by the King of England

Your project is really cool by the way 🙂

Thanks! I’m curious to try it on some obfuscation when I get it working enough

Good news! Ouroboros now takes pcode as an input. That means it can decompile any CPU machine code that ghidra can

adding ACPI AML might be nice too

That’ll be for if it ever gets off of a workbench

New update: file loading support!

A coworker shared this with me, awesome work.

I’m hoping to get it to actually useful state 😅

I had some free time to tinker with this, and I am currently trying to implement sign extend.

It’s going to be mostly no operation for the main expression since it’s 64bits already. And pcode should take care of all the flag register changes

I may be missing an edge case though

This project is great, BTW I have experience with Ghidra Sleigh and Rust, if you need help with PCode or similar, let me know.

I’ve implemented only a subset of pcode ops in the emulated CPU. If you’re interested you’re more than welcome to extend the match block in src/ir/mod.rs

Thanks for contribution!

I tried to implement a few PCode instructions but I could no figure out how to handle the Flat Expression Tree API.

Next time I'll try to fix the ARM Thumb instruction address fetching problem.

@iron lagoon is this project still going?

it looks like a very cool project

Technically - no in a sense that I haven’t had time to contribute, but I’m hoping to start again eventually

has it changed since your last update?

There’s was a small pull request but nothing major

I've used Ghidra for a long time and its limitations drive me up the wall, so if there's a way I can help out with a project that ends up better than it I'd love that

The problem isn’t really expertise - it’s breadth. There’s just a lot of formats to support and assumptions to break.

You’re welcome to try though

wydm by formats? are you talking SLEIGH related stuff or just binaries?