Description
Describe the solution you'd like
It would be nice if we could create an overlay or patch of assembly/pcode to replace a part of the program's assembly passed to the decompiler.
The main use case for this would be to replace some assembly instructions with a function call to materialize inline fonction call(#225 #238).
This would be done by creating a fake function in a custom address space (much like what ResolveX86orX64LinuxSyscallsScript.java does) then create a patch containing the assembly or pcode to call this fake functions and pass it to the decompiler to override some existing instructions. This would result in the assembly being replaced by a function call in the decompiler output.
Ideally these patches could be toggled on and off to display or hide the original assembly.
Some example use cases
From the GUI, we could select a range of assembly instruction then create an patch:
- ignore instructions: would replace by an empty patch
- replace by function call: would create the function and replace with assembly calling it
- custom: manually enter assembly code.
From the scripting API we could make script to:
- detect and display common inline/optimized functions in decompiled code (memset(), memcpy(), ...)
- hide some compiler specific code (canary, Control Flow Guard ...)
- remove anti decompiler nops (exemple :
x86_64: eb ff c0 ff c8)
Describe alternatives you've considered
The same behavior can be obtained by manually patching the actual program's assembly but:
- It is a really painful process
- We are limited by the replaced instructions size/alignment
- The changes can't be easily undone
- There is no way to track what part of the assembly has been modified