remove decompilers sub-dir

mahaloz · Apr 26, 2024 · a71c0dd · a71c0dd
1 parent e762e9f
commit a71c0dd
Show file tree

Hide file tree

Showing 9 changed files with 82 additions and 13 deletions.
diff --git a/docs/decompilers/directory.md b/docs/decompilers/directory.md
@@ -1,5 +1,5 @@
-# All Decompilers
-A collection of full decompilers.
+# Decompiler Directory
+Ove
 
 ### Legend
 
@@ -9,8 +9,8 @@ A collection of full decompilers.
 
 ### Alphabetical Order
 
-| Decompiler | Attributes | Lifter/IR |
-|------------|------------|-----------|
-| [angr decompiler](https://github.com/angr/angr/tree/master/angr/analyses/decompiler) | 🌐, 0️⃣ | [VEX](https://github.com/angr/vex/tree/8f48c00eadbb31d379b829c01792a9c4a21636d4), [AIL](https://github.com/angr/ailment) | 
-| [Binary Ninja](https://binary.ninja/) | 0️⃣ | [BNIL](https://docs.binary.ninja/dev/bnil-llil.html) |
+| Decompiler | Attributes | Lifter/IR | Release Date |
+|------------|------------|-----------|--------------|
+| [angr decompiler](https://github.com/angr/angr/tree/master/angr/analyses/decompiler) | 🌐, 0️⃣ | [VEX](https://github.com/angr/vex/tree/8f48c00eadbb31d379b829c01792a9c4a21636d4), [AIL](https://github.com/angr/ailment) | Aug. 2019 |
+| [Binary Ninja](https://binary.ninja/) | 0️⃣ | [BNIL](https://docs.binary.ninja/dev/bnil-llil.html) | ? |
 
diff --git a/docs/fundamentals/cfg_recovery/func_recov.md b/docs/fundamentals/cfg_recovery/func_recov.md
@@ -0,0 +1 @@
+# Function Identification
diff --git a/docs/fundamentals/cfg_recovery/jump_res.md b/docs/fundamentals/cfg_recovery/jump_res.md
@@ -0,0 +1 @@
+# Jump Resolving
diff --git a/docs/fundamentals/cfg_recovery/overview.md b/docs/fundamentals/cfg_recovery/overview.md
@@ -1 +1,63 @@
-# Overview
+# Overview
+## Introduction
+A control flow graph (CFG) is a graph that describes the "flow" of execution in a program[^1]. 
+As such, CFG recovery, in binary analysis, is the recovery of such a graph from binary code. 
+Since decompilation directly relies on this CFG, the recovery of it is considered fundamental to decompilation. 
+
+This recovery can be broken up into multiple phases, some being optional depending on the decompilation target:
+
+1. [Disassembling](): the conversion of binary code to its mnemonic instructions and operands 
+2. [Program Lifting](): the conversion disassembly to an intermediate language (IL) for better abstraction 
+3. [Function Recognition](): the discovery of boundaries defining a function
+4. [Indirect Jump Resolving](): the resolution of jumps that have no constant target(s). 
+
+The second phase, program lifting, is only required if the decompiler aims to be architecture agnostic.
+Most decompilers will use an IL to make their later analyses more widely applicable. 
+
+## Graph Recovery Example
+An example C program is shown below:
+```c
+int main(int argc) {
+    int ret_code;
+    if(argc > 2) {
+        ret_code = 0;
+    }
+    else {
+	    ret_code = 1;
+    }
+    return ret_code;
+}
+```
+
+It is compiled on a x86-64 Linux machine with [GCC](), without optimizations:
+```bash
+gcc example.c -o example && objdump -D -M intel example | grep "<main>:" -A 12
+```
+
+After disassembling with [objdump](https://en.wikipedia.org/wiki/Objdump), which includes some function identification, we get the following disassembly:
+```asm
+0000000000001129 <main>:
+    1129:	f3 0f 1e fa          	endbr64
+    112d:	55                   	push   rbp
+    112e:	48 89 e5             	mov    rbp,rsp
+    1131:	89 7d ec             	mov    DWORD PTR [rbp-0x14],edi
+    1134:	83 7d ec 02          	cmp    DWORD PTR [rbp-0x14],0x2
+    1138:	7e 09                	jle    1143 <main+0x1a>
+    113a:	c7 45 fc 00 00 00 00 	mov    DWORD PTR [rbp-0x4],0x0
+    1141:	eb 07                	jmp    114a <main+0x21>
+    1143:	c7 45 fc 01 00 00 00 	mov    DWORD PTR [rbp-0x4],0x1
+    114a:	8b 45 fc             	mov    eax,DWORD PTR [rbp-0x4]
+    114d:	5d                   	pop    rbp
+    114e:	c3                   	ret
+```
+
+In this example, the instructions at `0x1138` and `0x114a` cause the control flow to branch, resulting in the recovered graph:
+
+![](/static/img/disass_ex.svg)
+
+Notice the implied edges coming from the assembly that looked linear (`0x114a`).
+The structure of the graph will also look the same if lifted to an IL.
+
+
+[^1]: Allen, Frances E. "Control flow analysis." ACM Sigplan Notices 5.7 (1970): 1-19.
+
diff --git a/docs/fundamentals/type_recovery/overview.md b/docs/fundamentals/type_recovery/overview.md
@@ -0,0 +1 @@
+# Type Overview
diff --git a/docs/fundamentals/type_recovery/pushdown.md b/docs/fundamentals/type_recovery/pushdown.md
@@ -0,0 +1 @@
+# Push-down Typing
diff --git a/docs/fundamentals/type_recovery/var_rec.md b/docs/fundamentals/type_recovery/var_rec.md
@@ -0,0 +1 @@
+# Variable Recovery
diff --git a/docs/static/img/disass_ex.svg b/docs/static/img/disass_ex.svg
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -31,11 +31,6 @@ nav:
   - contributing.md
 - Decompilers 💾:
   - decompilers/directory.md
-  - Decompiler:
-    - decompilers/decompiler/angr.md
-    - decompilers/decompiler/binary_ninja.md
-    - decompilers/decompiler/ghidra.md
-    - decompilers/decompiler/ida_pro.md
   - decompilers/tools.md
   - decompilers/history.md
 - Fundamentals 🔍:
@@ -44,8 +39,12 @@ nav:
     - fundamentals/cfg_recovery/overview.md
     - fundamentals/cfg_recovery/disassembly.md
     - fundamentals/cfg_recovery/lifting.md
-  - Datatype Recovery:
+    - fundamentals/cfg_recovery/func_recov.md
+    - fundamentals/cfg_recovery/jump_res.md
+  - Type Recovery:
     - fundamentals/type_recovery/overview.md
+    - fundamentals/type_recovery/var_rec.md
+    - fundamentals/type_recovery/pushdown.md
   - Control Flow Structuring:
     - fundamentals/cf_structuring/overview.md
     - fundamentals/cf_structuring/schema-based.md