all_decompiled_source_code.c in the current directory. It will also read /path/to/executable.info
which contains more information about the executable and hints for the decompiler.
Increase the memory for larger methods.
The Info file
The info file is read and written by the decompiler. The file structure is similar to an ini file and consists of sections which start with[sectionName]
. Lines starting with a #
are comments.
The function section
This is a very common section. The section name is the address of the function and the section contains more information about this function. An example of this section may be:
[0x80487f0]
signature: d4 hexdump(d1 *fname)
local-variable: 20,40,default,stat_buffer
local-variable: 92,16,,read_buffer
The signature line
As the name suggests this contains the signature of this function. The signature is similar to C with some extensions:- The types d1, d2, d4 and d8 stand for integer data types of 1, 2, 4 and 8 bytes size with unknown signedness. The types s1, s2, s4 and s8 stand for signed integer data types. The types u1, u2, u4 and u8 stand for unsigned integer data types. Note that depending on the memory model these types may also represent pointers.
- The basic integer types of C (char, short, int, long, long long) are available.
- The
const
keyword is discarded. - The register transfer place is by default assumed to be the stack. This can be overwritten using a notation with
<
and>
to specify the register. An example is:
signature: d4 memcpy(d4 dest, d4 src, d4 size)
- Optionally is it possible to specify a set of flags. The syntax is using
{
and}
like in
signature: d4 foo(d4 p1 , d4 p2 ){calleePopsStack=8,rs.ebp=PERSERVED,rs.edi=PERSERVED,rs.esi=PERSERVED}
Currently supported flags are:
- `fixed`: to denote that the signature is fixed, and will not change. Examples are library functions.
- `rs.
= `: Specify the register state of the given register. currently only `PERSERVED` is supported. - `calleePopsStack=
`: Number of bytes this method pops from the stack before it returns.
The proposed-signature line
If the decompiler finds information about the method (e.g. the number and types of parameters) it will create a signature line if no such line exists and a proposed-signature if there is already a signature. It is up to the user to merge these two lines.The local-variable line
May occur multiple times. Specifies a local variable. Syntax is:local-variable: <start>,<size>,<flags>,<name>
. Start and size are in bytes. Currently supported flag is default
meaning that any non-fixed-offset access to the local stack area will access this variable.
The dataRanges section
List the areas in code areas of the executable which are not executed. This may be padding nops after a return, a jump table or some variable. Each line consists of the start and next valid address and an optional comment. Example
[dataRanges]
0x020044-0x020050
0x020177-0x020180;unused+block+with+nops
0x027e58-0x027e84;jump+table+11+4-byte+entries
The extraFunctions section
Lists the starting addresses of functions which aren’t detected by the decompiler. Example:
[extraFunctions]
0x020003
0x020010
The activeFunctions section
Lists the addresses of functions which should be decompiled when-c activeFunctions
is passed to holdec on the command line. Example:
[activeFunctions]
0x01238
0x08718
main
The volatileRanges section
The holdec decompiler tries aggressively to merge memory read and writes. It assumes that a memory location is no changed by some other entity. A busy-waiting loop will for example be discarded. To prevent this one can specify ranges of memory addresses which are modified some other entity and so require a memory reload every time. Example (for the Amiga):
[volatileRanges]
0xdff000-0xdff1be
0xbfe000-0xbfefff
0xbfd000-0xbfdfff
The globals section
Allows to given fixed memory addresses (global variables) names. Example:
[globals]
0x01234:rand_seed
0x012a0:last_mouse_x
0x012a1:scratch_area_128_bytes
]]>