Igor’s tip of the week #108: Raw memory accesses in pseudocode

Sometimes in pseudocode you may encounter strange-looking code: The code seems to dereference an array calledMEMORY and is highlighted in red. However, this variable is not defined anywhere. What is it? Such notation is used by the decompiler when the code accesses memory addresses not present in the database. In most cases it indicates an error in […]

Igor’s tip of the week #107: Multiple return values

The Hex-Rays decompiler was initially created to decompile C code, so its pseudocode output uses (mostly) C syntax. However, the input binaries may be compiled using other languages: C++, Pascal, Basic, ADA, and many others. While the code of most of them can be represented in C without real issues, some have peculiarities which require […]

Igor’s tip of the week #106: Outlined functions

The release notes for IDA 8.0 mention outlined functions. What are those and how to deal with them in IDA? Function outlining is an optimization that saves code size by identifying recurring sequences of machine code and replacing each instance of the sequence with a call to a new function that contains the identified sequence […]

Igor’s tip of the week #100: Collapsing pseudocode parts

When working with big functions in the decompiler, it may be useful to temporarily hide some parts of the pseudocode to analyze the rest. While currently it’s not possible to hide arbitrary lines like in disassembly, you can hide specific sections of it.   Collapsing local variable declarations While the local variable declarations are useful to see […]

Igor’s tip of the week #87: Function chunks and the decompiler

We’ve covered function chunks last week and today we’ll show an example of how to use them in practice to handle a common compiler optimization.   Shared function tail optimization When working with some ARM firmware, you may sometimes run into the following situation: We have decompilation of sub_8098C which ends with a strange JUMPOUT statement and if […]

Igor’s tip of the week #83: Decompiler options: default radix

We’ve covered the major pseudocode formatting options previously but there is one more option which can influence the output. It is the radix used for printing numbers in the pseudocode. In a positional numeral system, the radix or base is the number of unique digits, including the digit zero, used to represent numbers. For example, for […]