Your Only Decompiler API Lib - A generic API to script in and out of decompilers

These details have not been verified by PyPI

Project links

Homepage

Project description

YODALib

Your Only Decompiler API Library (YODALib)!

YODALib is an abstracted decompiler API that enables you to write plugins/scripts that work, with minimal edit, in every decompiler supported by YODALib.

Install

pip install -e .

Usage

YODALib exposes all decompiler API through the abstract class DecompilerInterface. The DecompilerInterface can be used in either the default mode, which assumes a GUI, or headless mode. In headless mode, the interface will start a new process using a specified decompiler.

UI Mode (default)

To use the same script everywhere, use the convenience function DecompilerInterface.discover_interface(), which will auto find the correct interface. Copy the below code into any supported decompiler and it should run without edit.

from yodalib.api import DecompilerInterface
deci = DecompilerInterface.discover_interface()
for function in deci.functions:
    if function.header.type == "void *":
        function.header.type = "long long"
    
    deci.functions[function.addr] = function

Headless Mode

To use headless mode you must specify a decompiler to use. You can get the traditional interface using the following:

from yodalib.api import DecompilerInterface
deci = DecompilerInterface.discover_interface(force_decompiler="ida", headless=True)

Artifact Access Caveats

In designing the dictionaries that contain all Artifacts in a decompiler, we had a clash between ease-of-use and speed. When accessing some artifacts like a Function, we must decompile the function. Decompiling is slow. Due to this issue we slightly changed how these dictionaries work to fast accessing.

The only way to access a full artifact is to use the getitem interface of a dictionary. In practice this looks like the following:

for func_addr, light_func in deci.functions.items():
    full_function = deci.function[func_addr]

Notice, when using the items function the function is light, meaning it does not contain stack vars and other info. This also means using keys, values, or list on an artifact dictionary will have the same affect.

TODO

G/S: Getters/Setters

Add all decompilers to auto-detect interface

ALL

Move hook-inits to inside the Interface creation for all decompilers?
- This could cause issues. What happens when this is done twice?

IDA

Change Callbacks
G/S Comments

Binja

Change Callbacks

Ghidra

Generic Interface Outline & Stubs
Every G/S
Change Callbacks

angr

Change Callbacks

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

0.2.0

Nov 8, 2023

0.1.0

Nov 6, 2023

0.0.0

Apr 20, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

yodalib-0.2.0.tar.gz (57.6 kB view hashes)

Uploaded Nov 8, 2023 Source

Built Distribution

yodalib-0.2.0-py3-none-any.whl (72.8 kB view hashes)

Uploaded Nov 8, 2023 Python 3

Hashes for yodalib-0.2.0.tar.gz

Hashes for yodalib-0.2.0.tar.gz
Algorithm	Hash digest
SHA256	`ee9ac34388c2079ebee1eadee4c88e7850454bc59042f8bf5b4e6a9ef894b99e`
MD5	`c0eff4c95d22acb36d6932c8c61c1173`
BLAKE2b-256	`f23880c8e70eb65f682bf2f44448924cae67d2ba486889c00aabd6fb4631001c`

Hashes for yodalib-0.2.0-py3-none-any.whl

Hashes for yodalib-0.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`a57b9ff625fdca8afc30221a848741031f4103a22f2db738da23342b79b30b45`
MD5	`6476760740623cce82bbd0eb9d98d3a8`
BLAKE2b-256	`0232323cfe1ba9919f7984e5d7350bc9bb29c99a6f34193aeedf2f9099996ad4`