Igor’s Tip of the Week #153: Copying pseudocode to disassembly

When using the decompiler, you probably spend most of the time in the Pseudocode view. In case you need to consult the corresponding disassembly, it’s a quick Tab away. However, if you actually prefer the disassembly, there is another option you can try. Copy to assembly This action is available in the pseudocode view’s context menu […]

Igor’s Tip of the Week #150: Extract function

When you open a decompilable file in IDA, you get this somewhat mysterious item in the Help menu: And if you invoke it, it shows an even more mysterious dialog: So, what is it and when it is useful? Originally this feature was added to the decompiler to make decompiler bug reporting easier: oftentimes. a decompiler issue cannot really […]

Igor’s Tip of the Week #148: Fixing “call analysis failed”

This error is not very common but may appear in some situations. Such errors happen when there is a function call in the code, but the decompiler fails to convert it to a high-level function call, e.g.: the target function’s prototype is wrong; the decompiler failed to figure out the function arguments: how many of them, or how […]

Igor’s Tip of the Week #147: Fixing “stack frame is too big”

The Hex-Rays decompiler has been designed to decompile compiler-generated code, so while it can usually handle hand-written or unusual assembly, occasionally you may run into a failure, especially if the code has been modified to hinder decompilation. Here is one of such errors: If you have a genuine function with a huge stack frame, you’ll probably […]

Igor’s Tip of the Week #141: Parsing C files

Previosuly, we’ve covered creating structures from C code using the Local Types window, however this may be not very convenient when you have complex types with many dependencies (especially of scattered over several fiels or depending on preprocessor defines). In such case it may be nore convenient to parse the original header file(s) on […]

Igor’s Tip of the Week #138: Pointer math in the decompiler

While working with decompiled code and retyping variables (or sometimes when they get typed by the decompiler automatically), you might be puzzled by the discrepancies between pseudocode and disassembly. Consider the following example: We see that X22 is accessed with offset 0x10 (16) in the disassembly but 2 in the pseudocode. Is there a bug in the […]