Recent Releases of retdec
retdec - Release v5.0
What's Changed
The one major change:
* RetDec is now a library (#779.
* Related changes are the removal of retdec-decompiler.py (it is now a binary, e.g. retdec-decompiler.exe on Windows), retdec-bin2llvmir, retdec-llvmir2hll, and some other supportive functionality.
* See an example in src/retdectool, or an actual implementation of RetDec executable in src/retdec-decompiler, to find out how to use RetDec library.
For more details, see the full changelog or the list below:
- Check for Armadillo made more generic by @ladislav-zezula in https://github.com/avast/retdec/pull/733
- Added tests for more versions of Petite packer by @ladislav-zezula in https://github.com/avast/retdec/pull/735
- Add detection support for newer versions of VMProtect. by @tamaroth in https://github.com/avast/retdec/pull/734
- Improve the detection of Enigma protector (32-bit). by @tamaroth in https://github.com/avast/retdec/pull/741
- Improve the detection of ASPack executable packer. by @tamaroth in https://github.com/avast/retdec/pull/743
- Fixed missing
header by @Cyclic3 in https://github.com/avast/retdec/pull/745 - Improve the detection of the Eziriz packer/protector by @ladislav-zezula in https://github.com/avast/retdec/pull/746
- Added detection of PyInstaller by @ladislav-zezula in https://github.com/avast/retdec/pull/748
- Add support for using the 'dotnet' module in YARA rules by @PeterMatula in https://github.com/avast/retdec/pull/749
- Add detection support of Astrum InstallWizard. by @tamaroth in https://github.com/avast/retdec/pull/753
- Add detection of AutoHotKey compiler. by @tamaroth in https://github.com/avast/retdec/pull/756
- Improve the detection of AutoIT files compiled to binary. by @tamaroth in https://github.com/avast/retdec/pull/757
- fix: mislabeled scripts and writing strings versus bytes by @kayarre in https://github.com/avast/retdec/pull/759
- The detection of BAT to PE-EXE script-compilers. by @tamaroth in https://github.com/avast/retdec/pull/761
- The improved detection of BeRo EXE Packer. by @tamaroth in https://github.com/avast/retdec/pull/764
- deps/yara: force rebuild if config changed, fix #760 by @PeterMatula in https://github.com/avast/retdec/pull/763
- Lz more corruptions by @ladislav-zezula in https://github.com/avast/retdec/pull/767
- Fixed bug with alignment of PointerToRawData by @ladislav-zezula in https://github.com/avast/retdec/pull/768
- Update Yara to 4.0.1 by @PeterMatula in https://github.com/avast/retdec/pull/769
- deps/yara/patch: patch YARA surces to fix bug in v4.0.1 by @PeterMatula in https://github.com/avast/retdec/pull/773
- Optimize utils and file parsing to prevent timeouts in exotic files by @PeterMatula in https://github.com/avast/retdec/pull/772
- Lz memory dump detection by @ladislav-zezula in https://github.com/avast/retdec/pull/770
- Extension of bin2llvmir with optimization of X87 FPU stack. by @JurajHolub in https://github.com/avast/retdec/pull/715
- CMake fixes by @xkubov in https://github.com/avast/retdec/pull/777
- Remove too broad YARA rules for VMProtect packer detection. by @tamaroth in https://github.com/avast/retdec/pull/778
- Improve the detection of CExe packer by modifying the YARA rule. by @tamaroth in https://github.com/avast/retdec/pull/781
- Retdec is a library now by @PeterMatula in https://github.com/avast/retdec/pull/779
- * guidata and gursrc section names are now considered packer sections by @ladislav-zezula in https://github.com/avast/retdec/pull/776
- fileformat/format_detection: use file magic to detect COFF files. by @PeterMatula in https://github.com/avast/retdec/pull/783
- Issue 774 by @PeterMatula in https://github.com/avast/retdec/pull/785
- Reduce static data by @PeterMatula in https://github.com/avast/retdec/pull/787
- deps/openssl: remove, require it as a prerequisite. by @PeterMatula in https://github.com/avast/retdec/pull/807
- Improvement to the detection of multiple packers. by @tamaroth in https://github.com/avast/retdec/pull/804
- utils: replace our filesystem_path with std::filesystem by @PeterMatula in https://github.com/avast/retdec/pull/806
- MzHeader and PeHeader classes in PELIB were replaced by ImageLoader class by @ladislav-zezula in https://github.com/avast/retdec/pull/812
- Improve MoleBox packer detection. by @tamaroth in https://github.com/avast/retdec/pull/815
- * Fixed high memory usage on samples with screwed up delayed imports by @ladislav-zezula in https://github.com/avast/retdec/pull/817
- Provide unified logging interface by @xkubov in https://github.com/avast/retdec/pull/816
- Lz high memory usage by @ladislav-zezula in https://github.com/avast/retdec/pull/818
- * Check for invalid IAT directory by @ladislav-zezula in https://github.com/avast/retdec/pull/822
- Fixed high memory usage in debug directory (#824) by @ladislav-zezula in https://github.com/avast/retdec/pull/825
- Fix crash on samples having corrupted PE header (#821) by @tamaroth in https://github.com/avast/retdec/pull/827
- Ninja build by @PeterMatula in https://github.com/avast/retdec/pull/830
- Small improvements to detections of binary tools. by @tamaroth in https://github.com/avast/retdec/pull/831
- Fixed build under RHEL based Linux where libraries are installed into lib64 instead of just lib by @metthal in https://github.com/avast/retdec/pull/834
- fix GCC 9.3.1 hang by @hanickadot in https://github.com/avast/retdec/pull/835
- Fixed segfault on PE files whose IMAGEFILEHEADER is cut by @ladislav-zezula in https://github.com/avast/retdec/pull/839
- Fix invalid memory read in PeLib::CoffSymbolTable::read() (#840) by @ladislav-zezula in https://github.com/avast/retdec/pull/841
- Added detection of Blizzard Protector by @ladislav-zezula in https://github.com/avast/retdec/pull/845
- Remove the copyright comment from the outputs generated by RetDec by @s3rvac in https://github.com/avast/retdec/pull/843
- utils: fix #842, always link stdc++fs if linux & gcc. by @PeterMatula in https://github.com/avast/retdec/pull/846
- deps/googletest: fix adding 'd' suffix in MSVC debug build by @PeterMatula in https://github.com/avast/retdec/pull/848
- Added YARA rule for CreateInstall installer by @ladislav-zezula in https://github.com/avast/retdec/pull/852
- Added YARA rules for FlyStudio installer by @ladislav-zezula in https://github.com/avast/retdec/pull/853
- Added YARA rule for Gentee Installer by @ladislav-zezula in https://github.com/avast/retdec/pull/855
- GhostInstaller and InnoSetup revisited by @ladislav-zezula in https://github.com/avast/retdec/pull/857
- Lz installers install creator by @ladislav-zezula in https://github.com/avast/retdec/pull/858
- Added YARA rules for Quick Batch installer by @ladislav-zezula in https://github.com/avast/retdec/pull/864
- Lz image loader win version specific by @ladislav-zezula in https://github.com/avast/retdec/pull/863
- improved YARA rules for Wise installer by @ladislav-zezula in https://github.com/avast/retdec/pull/865
- Added YARA rule for VISEMAN installer by @ladislav-zezula in https://github.com/avast/retdec/pull/868
- Added YARA rules for Setup Factory by @ladislav-zezula in https://github.com/avast/retdec/pull/869
- Added YARA rule for 'Xenocode Application Launcher' by @ladislav-zezula in https://github.com/avast/retdec/pull/870
- Added YARA rules for SmartInstall Maker by @ladislav-zezula in https://github.com/avast/retdec/pull/871
- Fixed issue #872 by @ladislav-zezula in https://github.com/avast/retdec/pull/873
- Fix infinite loops in copy propagation optimizer by @jacob-baines in https://github.com/avast/retdec/pull/876
- Fix missing comma in usualPackerSections initializer by @HoundThe in https://github.com/avast/retdec/pull/894
- Lz import thunk check by @ladislav-zezula in https://github.com/avast/retdec/pull/897
- Added YARA rule for Inno Setup 6.0.0 by @ladislav-zezula in https://github.com/avast/retdec/pull/899
- Fixed possible access to unallocated memory in MPRESS unpacker by @metthal in https://github.com/avast/retdec/pull/906
- Lz issue 907 by @ladislav-zezula in https://github.com/avast/retdec/pull/908
- Fixed issue #911 by @ladislav-zezula in https://github.com/avast/retdec/pull/912
- unpacker/mpress: Properly copy non-packer related sections to the unpacked file by @metthal in https://github.com/avast/retdec/pull/913
- Do not fail completely when retdec-archive-decompiler is not available by @metthal in https://github.com/avast/retdec/pull/914
- Lz fix too many imports by @ladislav-zezula in https://github.com/avast/retdec/pull/917
- Fixed issue https://github.com/avast/retdec/issues/921 by @ladislav-zezula in https://github.com/avast/retdec/pull/922
- Make Fileinfo configurable via a JSON config file by @PeterMatula in https://github.com/avast/retdec/pull/923
- Add version info to all executable apps by @PeterMatula in https://github.com/avast/retdec/pull/926
- unpackertool: added signatures for new UPX versions by @TheDuchy in https://github.com/avast/retdec/pull/929
- Detection of SHA512 improved. Prevented YARA DoS on d251e8b3a5818132d… by @ladislav-zezula in https://github.com/avast/retdec/pull/935
- Implement telfhash for ELF import table by @HoundThe in https://github.com/avast/retdec/pull/936
- Calculate Rich header hash by @HoundThe in https://github.com/avast/retdec/pull/945
- Added new x86 PE signatures for LZMA UPX stub for UPX 3.94+ by @metthal in https://github.com/avast/retdec/pull/948
- Add parsing of the PE Authenticode format by @HoundThe in https://github.com/avast/retdec/pull/902
- Make X509 serial number parsing code compatible with YARA (#954) by @xbabka01 in https://github.com/avast/retdec/pull/955
- Fix the Rich header analysis algorithm by @HoundThe in https://github.com/avast/retdec/pull/973
- Add sanity check for length of a PE resource type name by @HoundThe in https://github.com/avast/retdec/pull/974
- Add oneline subject/issuer to the output by @HoundThe in https://github.com/avast/retdec/pull/976
- Increased PE symbols MAX_LENGTH limits by @HoundThe in https://github.com/avast/retdec/pull/978
- Fix UB due to iterator reaching before begin() in rich header parsing by @HoundThe in https://github.com/avast/retdec/pull/987
- Fix PE resource memory leak due to missing virtual destructor. by @HoundThe in https://github.com/avast/retdec/pull/984
- Fixed resource issue by @ladislav-zezula in https://github.com/avast/retdec/pull/988
- Check for TypeLib parent relationship by @HoundThe in https://github.com/avast/retdec/pull/983
- Change the section name parsing to only remove trailing zeroes by @HoundThe in https://github.com/avast/retdec/pull/979
- Fixed Lz issue 967 by @ladislav-zezula in https://github.com/avast/retdec/pull/970
- Adding Yara rule for InnoSetup 6.1.0 by @fr0gger in https://github.com/avast/retdec/pull/989
- Lz retdec 54 by @ladislav-zezula in https://github.com/avast/retdec/pull/981
- DllFlags are now present on EXEs as well by @ladislav-zezula in https://github.com/avast/retdec/pull/995
- Modified Visual Basic's Yara rule by @Dadda97 in https://github.com/avast/retdec/pull/992
- Modified AutoHotKey's Yara rule by @Dadda97 in https://github.com/avast/retdec/pull/991
- COFF debug info is no longer counted as part of the image by @ladislav-zezula in https://github.com/avast/retdec/pull/996
- Debug info is only accepted if it has the type of IMAGEDEBUGTYPE_CO… by @ladislav-zezula in https://github.com/avast/retdec/pull/1004
- Fixed RETDEC-74 and RETDEC-61 by @ladislav-zezula in https://github.com/avast/retdec/pull/1003
- Add signatureVerified flag for each signature by @HoundThe in https://github.com/avast/retdec/pull/994
- Add check that the resource file offset is valid by @HoundThe in https://github.com/avast/retdec/pull/982
- backport yara patch for macOS by @catap in https://github.com/avast/retdec/pull/1001
- Fix of .NET analysis differences by @HoundThe in https://github.com/avast/retdec/pull/997
- Do not return entry point offset if it's not backed up by disk data by @HoundThe in https://github.com/avast/retdec/pull/975
- Check if certificateTable overlaps a section and export the information by @HoundThe in https://github.com/avast/retdec/pull/986
- Fix master not building due to conflicting types by @HoundThe in https://github.com/avast/retdec/pull/1007
- Fixed discrepancies in icon hash between YARA and retdec-fileinfo by @ladislav-zezula in https://github.com/avast/retdec/pull/1006
- Switch to using Python3 module to detect a python by @catap in https://github.com/avast/retdec/pull/999
- Add SECURITY.md as requested in #1018 by @PeterMatula in https://github.com/avast/retdec/pull/1025
- Check if data is not empty in dotnet integer decoding functions by @HoundThe in https://github.com/avast/retdec/pull/1030
- remove --backend-aggressive-opts and all the related code by @PeterMatula in https://github.com/avast/retdec/pull/1032
- Parse various PE timestamps and export them out by @HoundThe in https://github.com/avast/retdec/pull/1035
- Integrate new authenticode parser by @HoundThe in https://github.com/avast/retdec/pull/1027
- Fixed ImageLoader::Save() by @ladislav-zezula in https://github.com/avast/retdec/pull/1029
- Check for ELF damage by @HoundThe in https://github.com/avast/retdec/pull/1036
- Update API for OpenSSL 3.0 by @catap in https://github.com/avast/retdec/pull/1041
- fix typo in config.cpp by @KisaragiEffective in https://github.com/avast/retdec/pull/1048
- Fixed false positive in the detection of PyInstaller 3.x by @ladislav-zezula in https://github.com/avast/retdec/pull/1051
- Migrate hardcoded
maketo${CMAKE_MAKE_PROGRAM}by @catap in https://github.com/avast/retdec/pull/1043 - Updated list of language IDs by @metthal in https://github.com/avast/retdec/pull/1054
- Use image loader when loading corrupted resources by @metthal in https://github.com/avast/retdec/pull/1055
- Update YARA to 4.2.X by @HoundThe in https://github.com/avast/retdec/pull/1061
- Add dll name from export directory to output by @HoundThe in https://github.com/avast/retdec/pull/1060
- Fix: Manually-specified variables were not used by the project. by @xkubov in https://github.com/avast/retdec/pull/1052
- Lz include relocation into image load by @ladislav-zezula in https://github.com/avast/retdec/pull/1063
- Move signing certificate to a separate object by @HoundThe in https://github.com/avast/retdec/pull/1065
- Updated authenticode parser to the newest version by @metthal in https://github.com/avast/retdec/pull/1067
- Never try to limit memory on macOS by @catap in https://github.com/avast/retdec/pull/1074
- Update authenticode-parser, use-after-free, signedness issues by @HoundThe in https://github.com/avast/retdec/pull/1082
- Use multistage build for Dockerfile, reduces container size by ~1.5G by @bagelbyte in https://github.com/avast/retdec/pull/1081
- Check for possible overflow when checking for segment overlap. by @HoundThe in https://github.com/avast/retdec/pull/1087
- Fix parameter and return types for dynamically called functions by @richardlford in https://github.com/avast/retdec/pull/1085
- Upgrade to Capstone release 4.0.2 with patch by @richardlford in https://github.com/avast/retdec/pull/1086
- Handle Procedure Linkage calls for 32bit x86 from gcc by @richardlford in https://github.com/avast/retdec/pull/1088
- Add ability to process PNG icons for perceptual hash calculation by @HoundThe in https://github.com/avast/retdec/pull/1090
- Add prototypes for dynamically-linked functions without headers by @richardlford in https://github.com/avast/retdec/pull/1092
- Add printing of analysis time to retdec-fileinfo output by @metthal in https://github.com/avast/retdec/pull/1107
- Yara: inherits linker flags by @catap in https://github.com/avast/retdec/pull/1111
- Use provided libtool via
CMAKE_LIBTOOLby @catap in https://github.com/avast/retdec/pull/1109 - Added missed
${RETDEC_INSTALL_BIN_DIR}topat2yaraby @catap in https://github.com/avast/retdec/pull/1113 - Updated yaramod by @metthal in https://github.com/avast/retdec/pull/1121
- Added sanity check for page index when loading pages from broken samples by @metthal in https://github.com/avast/retdec/pull/1120
- Fix removeZeroSequences by @neverwin in https://github.com/avast/retdec/pull/1110
- Update to Capstone V5 by @PeterMatula in https://github.com/avast/retdec/pull/1124
- Simplify removing range by @neverwin in https://github.com/avast/retdec/pull/1115
- Allow to configure
yara's make tool by @catap in https://github.com/avast/retdec/pull/1123 - capstone2llvmir: use undef value if register not loaded but used by @PeterMatula in https://github.com/avast/retdec/pull/1033
- Try to fix issue #638 by @seviezhou in https://github.com/avast/retdec/pull/642
- Continuous integration in Github Actions by @xkubov in https://github.com/avast/retdec/pull/1053
- Create Autoamted Release Flow by @xkubov in https://github.com/avast/retdec/pull/1125
New Contributors
- @tamaroth made their first contribution in https://github.com/avast/retdec/pull/734
- @Cyclic3 made their first contribution in https://github.com/avast/retdec/pull/745
- @kayarre made their first contribution in https://github.com/avast/retdec/pull/759
- @hanickadot made their first contribution in https://github.com/avast/retdec/pull/835
- @jacob-baines made their first contribution in https://github.com/avast/retdec/pull/876
- @HoundThe made their first contribution in https://github.com/avast/retdec/pull/894
- @TheDuchy made their first contribution in https://github.com/avast/retdec/pull/929
- @xbabka01 made their first contribution in https://github.com/avast/retdec/pull/955
- @fr0gger made their first contribution in https://github.com/avast/retdec/pull/989
- @Dadda97 made their first contribution in https://github.com/avast/retdec/pull/992
- @catap made their first contribution in https://github.com/avast/retdec/pull/1001
- @KisaragiEffective made their first contribution in https://github.com/avast/retdec/pull/1048
- @bagelbyte made their first contribution in https://github.com/avast/retdec/pull/1081
- @richardlford made their first contribution in https://github.com/avast/retdec/pull/1085
- @neverwin made their first contribution in https://github.com/avast/retdec/pull/1110
Full Changelog: https://github.com/avast/retdec/compare/v4.0...v5.0
- C++
Published by github-actions[bot] over 3 years ago
retdec - v4.0
- Added support for decompilation of 64-bit ARM binaries (#268, #533, #550).
- Added option to generate the decompilation results as JSON (JSON output file format). This output contains additional meta-information and can be conveniently consumed by 3rd-party tools.
- Added a new library called
retdecthat lets you decompile the input into both LLVM IR module and structured (i.e. functions and basic blocks) Capstone disassembly. See theretdectooldemo application. - Implemented proper RetDec installation (#648). It is now possible to easily use RetDec components in other CMake projects.
See the accompanying blog post for detailed description of the main features.
For all the changes, see the full changelog.
- C++
Published by PeterMatula about 6 years ago
retdec - v3.3
- Added basic support for decompilation of x86-64 binaries (previously, RetDec supported only 32b Intel x86).
- Added support for build and run on FreeBSD and potentially on other BSD OSes.
- Replaced the old LLVMIR-to-BIR converter in
retdec-llvmir2hllwith a new one, which, in most cases, improves code structure and significantly speeds up decompilations. - Reduced the needed stack space in
retdec-llvmir2hll, which lowers its memory requirements. retdec-fileinfois now able to parse and generate imported types and TypeRef hashes for .NET binaries, metadata of Visual Basic binaries, and icon hashes for exact and similarity matching in PE files.- Many bug fixes.
For more details, see the full changelog.
- C++
Published by PeterMatula over 7 years ago
retdec - v3.2
- Converted shell scripts to Python scripts so that Windows users no longer have to install MSYS2 in order to run RetDec.
- Added generation of export-table hashes into
retdec-fileinfo. - Several other bugfixes and enhancements.
For more details, see the full changelog.
- C++
Published by PeterMatula almost 8 years ago
retdec - v3.1
- Unofficial support for building and running RetDec on macOS.
- Reduced the likelihood of system crashes and freezes by limiting the overall memory when running RetDec tools.
- More accurate decoding - a complete rewrite of binary to LLVM IR translation.
- More accurate statically linked code detection - cross-checking signature references.
- Detection of corrupted and unloadable PE files.
- Better detection of compilers and packers - added new signatures and heuristics. YARA signatures are compiled now, which results in faster scanning.
- New directory structure and tool names - we have added a
retdec-prefix to all installed binaries and scripts. - Easier project development - removal of git submodules.
- Build speedup and continuous integration builds.
- Many other bugfixes and enhancements.
For more details, see the full changelog.
- C++
Published by PeterMatula about 8 years ago
retdec - Initial public release (v3.0)
This is the initial public release.
- C++
Published by s3rvac over 8 years ago