Q: There is a tool like IDR for x64 PEs?

[Stingered]

Looking for anything that can decompile PE64 like IDR, except 64bit. Maybe only IDA Pro, but I thought I would ask just in case.

-thx

[atom0s]

There was a start of IDR64 here: https://github.com/crypto2011/IDR64 But it is marked as 'incomplete' so it may not work that well or have everything you'd need/want. Hasn't been worked on in a long time either so don't expect updates.

[sendersu]

Keep in mind that IDR / IDR64 is only for Delphi based binaries

I'd recommend Ida for PE64 - especially if you want to see high level like language... - HR decompilers are good enough
or try Ghidra as well

[Stingered]

Quote:

Originally Posted by sendersu

Keep in mind that IDR / IDR64 is only for Delphi based binaries

I'd recommend Ida for PE64 - especially if you want to see high level like language... - HR decompilers are good enough
or try Ghidra as well

This is 100% a Delphi binary. I was not aware there was an IDR64 available. Have only used IDR for 32bit binaries. Was able to locate a version of IDR64 off GitHub!

Update: Copied the .BIN files from the 32bit version and IDR64 was able to load the binary.

[sendersu]

Thats interesting case...
original IDR64 repo contains only syskb2012/13/14.bin files
I guess these were produced from corresponding 64 bit Delphi
but taking into account that 32 bit *.bin packages also works... it sounds very suspicious,
do you think that 32 bit code from 32 bit Delphi would have the same patterns as in 64 bit? Do you see any system modules APIs detected by reusing it from 32 bit IDR?
Just thoughts aloud