-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdiffdecompile.bt
More file actions
106 lines (96 loc) · 2.65 KB
/
diffdecompile.bt
File metadata and controls
106 lines (96 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
//
// 010Editor template to parse diffdecompile files
//
//
//------------------------------------------------
//--- 010 Editor v4.0.3 Binary Template
//
// File: diffdecompile.bt
// Authors: bopin
// E-mail: bopin.me@gmail.com
// Website: https://bopin.me
// Version: 0.0.2.0
// Purpose: Parse DiffDecompile file which generated by idalib (headless decompile with IDA)
// Category: Executable
// File Mask: *.diffdecompile
// ID Bytes: diffdecompile
// History:
// 0.0.1.0 2025-8-7 bopin: Private release.
//
//------------------------------------------------
LittleEndian();
Printf("diffdecompile.bt Begin\n");
void error_message(string msg) {
Warning(msg);
Printf(msg + "\n");
}
typedef enum<BYTE>
{
None = 0x00,
IDAPro = 0x1,
BinaryNinja = 0x02,
Ghidra = 0x03,
Angr = 0x04,
Unknown = 0x7f,
Error = 0x80,
} DecompileSourceType;
typedef struct
{
DWORD VirtualAddress;
DWORD Size;
} DiffDataDirectory;
typedef struct(WORD Version)
{
if (Version == 2){
WORD Flag;
}
WORD Index;
FLOAT Similarity;
FLOAT Confidence;
WORD PrimaryLen;
BYTE PrimaryName[PrimaryLen];
QWORD PrimaryAddress;
DiffDataDirectory PrimaryDataDirectory;
WORD SecondaryLen;
BYTE SecondaryName[SecondaryLen];
QWORD SecondaryAddress;
DiffDataDirectory SecondaryDataDirectory;
} DiffDecompileEntry;
typedef struct (DiffDecompileEntry& Entry)
{
BYTE PrimaryCode[Entry.PrimaryDataDirectory.Size];
BYTE SecondaryCode[Entry.SecondaryDataDirectory.Size];
} RealCode;
typedef struct
{
DecompileSourceType SourceType;
BYTE Reserved;
BYTE Signature[14];
// Signature == "diffdecompile\0"
WORD Version;
WORD Number;
DWORD DataDirectoryBase;
DiffDecompileEntry Entries(Version)[Number] <optimize=false>;
BYTE Padding[metadata.DataDirectoryBase - FTell()];
// parsing code
local WORD i = 0;
for (i = 0; i < metadata.Number; i++)
{
Printf("%d %s %s %d %d %d %d\n",Entries[i].Index,
Entries[i].PrimaryName,
Entries[i].SecondaryName,
Entries[i].PrimaryDataDirectory.VirtualAddress,
Entries[i].PrimaryDataDirectory.Size,
Entries[i].SecondaryDataDirectory.VirtualAddress,
Entries[i].SecondaryDataDirectory.Size
);
RealCode Codes(Entries[i]);
}
} Metadata;
Metadata metadata;
if (metadata.Signature != "diffdecompile\0")
{
error_message("diffcompile parse failed");
return -1;
}
Printf("diffdecompile.bt finished\n");