#1
|
|||
|
|||
Q: There is a tool like IDR for x64 PEs?
Looking for anything that can decompile PE64 like IDR, except 64bit. Maybe only IDA Pro, but I thought I would ask just in case.
-thx Last edited by Stingered; 04-27-2023 at 06:10. |
#2
|
||||
|
||||
There was a start of IDR64 here: https://github.com/crypto2011/IDR64 But it is marked as 'incomplete' so it may not work that well or have everything you'd need/want. Hasn't been worked on in a long time either so don't expect updates.
__________________
Personal Projects Site: https://atom0s.com |
#3
|
|||
|
|||
Keep in mind that IDR / IDR64 is only for Delphi based binaries
I'd recommend Ida for PE64 - especially if you want to see high level like language... - HR decompilers are good enough or try Ghidra as well |
The Following User Says Thank You to sendersu For This Useful Post: | ||
Stingered (04-27-2023) |
#4
|
|||
|
|||
Quote:
Update: Copied the .BIN files from the 32bit version and IDR64 was able to load the binary. Last edited by Stingered; 04-27-2023 at 22:07. |
The Following User Says Thank You to Stingered For This Useful Post: | ||
niculaita (04-27-2023) |
#5
|
|||
|
|||
Thats interesting case...
original IDR64 repo contains only syskb2012/13/14.bin files I guess these were produced from corresponding 64 bit Delphi but taking into account that 32 bit *.bin packages also works... it sounds very suspicious, do you think that 32 bit code from 32 bit Delphi would have the same patterns as in 64 bit? Do you see any system modules APIs detected by reusing it from 32 bit IDR? Just thoughts aloud |
Thread Tools | |
Display Modes | |
|
|