Ida pro hex rays decompiler11/18/2023 On the other hand, Ghidra is free and Hex-Rays is the most expensive software I've ever used, which is obviously a huge deal for anyone not doing this full-time. You report a bug, include a specialized program database by means of a function in the GUI, and four hours later, you receive an email with the bug fixed. Ghidra supports decompilation for almost all targets it can disassemble! This either is huge, or doesn't matter to you at all. On the other hand, Hex-Rays only supports a few select platforms (when I started, it did 32-bit x86 only now it does x86, x86-64, arm, aarch64, ppc, ppc64, mips), and you have to pay for it separately. It recognizes a lot of compiler idioms, and every new release recognizes more. Hex-Rays' output feels much more polished to me. Both have lots of bells and whistles only advanced users will get to use. Both have strange bugs that you eventually learn to work around. IDA/Hex-Rays feels more ergonomical to me, though (for instance, highlighting happens automatically instead of having to middle-click), perhaps because it's what I started on. When you give a field a type or a name, it propagates throughout the program and gives you new understanding.īoth products are weird and have arcane UIs. Decompiling is often about figuring out data structures both will infer a lot of struct types and sometimes even names based on usage and surrounding code. There's a wonderful interactivity where the decompiler does all the boring book-keeping for you, and you keep feeding it info and it tells you stuff in return. I would estimate it speeds up reverse-engineering by 10x. Hex-Rays charges four-figure sums for single licenses, and it's because the product is utterly worth it if you do this kind of thing for a living (or at least was before Ghidra came along). Stuff like Hopper is basically just assembler code in a different syntax Hex-Rays and Ghidra are real, working, useful decompilers. I've also used Ghidra (9.1) for maybe 50 hours or so.įirst, let me say: Both are leaps and bounds above _anything_ else out there. My information is a few years out of date, but I think most of it is still current. I've used Hex-Rays (IDA Pro's decompiler) not full-time, but 100+ hours, including professionally.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |