8dcc · August 4, 2023 16:55 · Aug 4, 2023
diff --git a/hexrays.cfg b/hexrays.cfg
@@ -0,0 +1,296 @@
+/*
+
+  Hex-Rays Decompiler configuration file.
+
+  The syntax of this file is very simple.
+  Feel free to edit it to your taste.
+
+  IMPORTANT: the installer overwrites this file. Please make a backup copy
+  if you modify this file in any way. Otherwise you may lose your
+  modifications!
+
+*/
+
+// Pseudocode window dock position
+#define DP_LEFT           0x0001    // Dock pseudocode to the left of disassembly
+#define DP_TOP            0x0002    // Dock pseudocode above disassembly
+#define DP_RIGHT          0x0004    // Dock pseudocode to the right of disassembly
+#define DP_BOTTOM         0x0008    // Dock pseudocode below disassembly
+#define DP_INSIDE         0x0010    // Create a new tab bar with both pseudocode and disassembly
+#define DP_INSIDE_BEFORE  0x0030    // Create a new tab bar with both pseudocode and disassembly
+                                    // and place pseudocode before disassembly in the tab bar
+#define DP_TAB            0x0040    // Place pseudocode into a tab next to disassembly
+#define DP_TAB_BEFORE     0x0060    // Place pseudocode before disassembly in the tab bar
+#define DP_FLOATING       0x0080    // Make pseudocode floating
+PSEUDOCODE_DOCKPOS      = DP_TAB
+
+// Should new pseudocode views created by <Tab>, be synced by default
+// with the disassembly view they are originating from.
+PSEUDOCODE_SYNCED       = NO
+
+// When synced, should the cursor X position be adjusted along the line
+// to point exactly at the place where the current address lies, or
+// should it rather remain stable.
+PSEUDOCODE_SYNC_XPOS    = YES
+
+// Display "Decompiling..." wait box during decompilation
+// Please note that without a wait box it will be impossible to cancel decompilations
+DISPLAY_WAIT_BOX           = YES
+
+// Background colors (rgb values: 0xBBGGRR)
+#define DEFCOLOR 0xFFFFFFFF // default background color
+
+LOCTYPE_BGCOLOR         = DEFCOLOR  // local type defs (not used yet)
+VARDECL_BGCOLOR         = DEFCOLOR  // local variable declarations
+FUNCBODY_BGCOLOR        = DEFCOLOR  // function body
+
+MARK_BGCOLOR            = 0xEEFFF0  // marked function color (in ida)
+
+// Indentations
+
+BLOCK_INDENT            = 4         // 2 spaces for each curly brace
+COMMENT_INDENT          = 48
+RIGHT_MARGIN            = 120       // as soon as the line length approaches
+                                    // the right margin, the decompiler
+                                    // will try to split it
+
+// Limitations
+
+MAX_NCOMMAS             = 8         // Allow 8 comma operators in an expression
+                                    // If more, add a goto and get rid of commas
+
+MAX_STRLIT_LENGTH       = 4096      // Constant string literals longer than this
+                                    // value will not be printed in the
+                                    // decompiler output but replaced by
+                                    // a reference (string name)
+
+// Default constant radix
+DEFAULT_RADIX           = 0         // 0 means "decimal for signed, hex for unsigned"
+                                    // Use 10 for decimal and 16 for hexadecimal
+
+MAX_FUNCSIZE            = 64        // Functions over 64K are not decompiled
+
+MAX_FUNC_ARGS           = 64        // Max number of function arguments
+
+// How to parse the format string of the called variadic functions in order
+// to detect ellipsis arguments?
+#define HPFM_NO                0     // never parse
+#define HPFM_STRICT            1     // only if the function is certainly
+                                     // a printf/scanf-like one
+#define HPFM_WEAK              2     // parse as scanf when a function has
+                                     // really a scanf-style format and
+                                     // parse as printf other variadic functions
+PARSE_FMT_MODE            = HPFM_WEAK
+
+// Collapse local variables declarations by default
+COLLAPSE_LVARS            = NO
+
+// Use a unique part of the address to generate a label name instead of the block number
+GENERATE_EA_LABELS        = NO
+
+// Automatically unhide collapsed items in the pseudocode view on jumping to them
+AUTO_UNHIDE               = NO
+
+// Generate empty lines between compound statements and before labels
+GENERATE_EMPTY_LINES      = YES
+
+// Analysis and display options
+
+#define HO_JUMPOUT_HELPERS     0x000001 // If enabled, the decompiler will
+                                        // generate JUMPOUT() function instead of
+                                        // failing the decompilation because of
+                                        // out-of-function control flow
+#define HO_DISPLAY_CASTS       0x000002 // Print casts in the output text.
+                                        // For example: (int*)x
+#define HO_HIDE_UNORDERED      0x000004 // Hide unordered fpval comparisons
+#define HO_SSE_INTRINSICS      0x000008 // Generate SSE intrinsic functions
+#define HO_IGNORE_OVERLAPS     0x000010 // If enabled, overlapping lvars will
+                                        // lead to a warning instead of
+                                        // failing the decompilation.
+#define HO_FAST_STRUCTURAL     0x000020 // If enabled, fast structural analysis
+                                        // will be used. It generates less number
+                                        // of nested if-statements but may occasionally
+                                        // produce some unnecessary gotos.
+                                        // It is much faster on huge functions.
+#define HO_CONST_STRINGS       0x000040 // Print string literals only if they reside
+                                        // in read-only memory (e.g. .rodata segment).
+                                        // When off, all strings are printed as literals.
+                                        // You can override decompiler's decision by
+                                        // adding 'const' or 'volatile' to the
+                                        // type declaration (press Y on the string)
+#define HO_SCMP_TO_BITOPS      0x000080 // Convert signed comparisons of unsigned
+                                        // variables with zero into bit checks.
+                                        // Before: (signed int)x < 0
+                                        // After: (x & 0x80000000) != 0
+#define HO_UNMERGE_TAILS       0x000100 // Reverse effects of branch tail optimizations:
+                                        // reduce number of gotos by duplicating code
+#define HO_KEEP_CURLIES        0x000200 // Keep curly braces for single-statement blocks
+#define HO_DEL_ADDR_CMPS       0x000400 // Optimize away address comparisons
+                                        // Example: &a < &b will be replaced by
+                                        // 0 or 1. This optimization works only
+                                        // for non-relocatable files.
+#define HO_SHOW_CSTR_CASTS     0x000800 // Print casts from string literals
+                                        // to pointers to char/uchar
+                                        // For example: (unsigned __int8 *)"Hello"
+#define HO_ESC_CLOSES_VIEW     0x001000 // Pressing 'Esc' closes the view
+#define HO_SPOIL_FLAGREGS      0x002000 // Assume all functions spoil flag
+                                        // registers ZF,CF,SF,OF,PF (including
+                                        // functions with explicitely specified
+                                        // spoiled lists)
+#define HO_KEEP_INDIRECT_READS 0x004000 // Keep all indirect memory reads (even
+                                        // with unused results) so as not to lose
+                                        // possible invalid address access
+#define HO_KEEP_EH_CODE        0x008000 // Keep exception related code
+                                        // (e.g. calls to _Unwind_SjLj_Register)
+#define HO_SHOW_PAC_INSNS      0x010000 // Translate ARMv8.3 Pointer Authentication
+                                        // instructions into intrinsic function calls
+                                        // (otherwise ignore all PAC instructions)
+#define HO_KEEP_POTENTIAL_DIV0 0x020000 // Preserve potential divisions by zero
+                                        // (if not set, all unused divisions will
+                                        // be deleted)
+#define HO_MIPS_ADDSUB_TRAP    0x040000 // Generate the integer overflow trap call
+                                        // for 'add', 'sub', 'neg' insns
+#define HO_MIPS_IGN_DIV0_TRAP  0x080000 // Ignore the division by zero trap generated
+                                        // by the compiler (only for MIPS)
+#define HO_HONEST_READFLAGS    0x200000 // Consider __readflags as depending on cpu flags
+                                        // default: off, because the result is correct
+                                        // but awfully unreadable
+#define HO_NON_FATAL_INTERR    0x400000 // Permit decompilation after an internal error
+                                        // (normally the decompiler does not
+                                        // permit new decompilations after an
+                                        // internal error in the current session)
+#define HO_SINGLE_LINE_PROTO   0x800000 // Never use multiline function declarations,
+                                        // even for functions with a long argument list
+#define HO_DECOMPILE_LIBFUNCS 0x1000000 // Decompile library functions too (in batch mode)
+
+HEXOPTIONS               = 0x831FF      // Combination of HO_... bits
+
+// Disable automatic generation of usercall prototypes
+// for the following architectures (comma-separated list, valid
+// values: x86, x64, arm, arm64, ppc, ppc64, mips, mips64)
+DISABLE_USERCALL         = "x64,arm,ppc,ppc64"
+
+// Warning messages
+
+#define WARN_VARARG_REGS    0 // cannot handle register arguments in vararg function, discarded them
+#define WARN_ILL_PURGED     1 // odd caller purged bytes %d, correcting
+#define WARN_ILL_FUNCTYPE   2 // invalid function type has been ignored
+#define WARN_VARARG_TCAL    3 // cannot handle tail call to vararg
+#define WARN_VARARG_NOSTK   4 // call vararg without local stack
+#define WARN_VARARG_MANY    5 // too many varargs, some ignored
+#define WARN_ADDR_OUTARGS   6 // cannot handle address arithmetics in outgoing argument area of stack frame
+#define WARN_DEP_UNK_CALLS  7 // found interdependent unknown calls
+#define WARN_ILL_ELLIPSIS   8 // erroneously detected ellipsis type has been ignored
+#define WARN_GUESSED_TYPE   9 // using guessed type %s;
+#define WARN_EXP_LINVAR    10 // failed to expand a linear variable
+#define WARN_WIDEN_CHAINS  11 // failed to widen chains
+#define WARN_BAD_PURGED    12 // inconsistent function type and number of purged bytes
+#define WARN_CBUILD_LOOPS  13 // too many cbuild loops
+#define WARN_NO_SAVE_REST  14 // could not find valid save-restore pair for %s
+#define WARN_ODD_INPUT_REG 15 // odd input register %s
+#define WARN_ODD_ADDR_USE  16 // odd use of a variable address
+#define WARN_MUST_RET_FP   17 // function return type is incorrect (must be floating point)
+#define WARN_ILL_FPU_STACK 18 // inconsistent fpu stack
+#define WARN_SELFREF_PROP  19 // self-referencing variable has been detected
+#define WARN_WOULD_OVERLAP 20 // variables would overlap: %s
+#define WARN_ARRAY_INARG   21 // array has been used for an input argument
+#define WARN_MAX_ARGS      22 // too many input arguments, some ignored
+#define WARN_BAD_FIELD_TYPE 23// incorrect structure member type for %s::%s, ignored
+#define WARN_WRITE_CONST   24 // write access to const memory at %a has been detected
+#define WARN_BAD_RETVAR    25 // wrong return variable
+#define WARN_FRAG_LVAR     26 // fragmented variable at %s may be wrong
+#define WARN_HUGE_STKOFF   27 // exceedingly huge offset into the stack frame
+#define WARN_UNINITED_REG  28 // reference to an uninitialized register has been removed: %s
+#define WARN_FIXED_MACRO   29 // fixed broken macro-insn
+#define WARN_WRONG_VA_OFF  30 // wrong offset of va_list variable
+#define WARN_CR_NOFIELD    31 // CONTAINING_RECORD: no field '%s' in struct '%s' at %d
+#define WARN_CR_BADOFF     32 // CONTAINING_RECORD: too small offset %d for struct '%s'
+#define WARN_BAD_STROFF    33 // user specified stroff has not been processed: %s
+#define WARN_BAD_VARSIZE   34 // inconsistent variable size for '%s'
+#define WARN_UNSUPP_REG    35 // unsupported processor register '%s'
+#define WARN_UNALIGNED_ARG 36 // unaligned function argument '%s'
+#define WARN_BAD_STD_TYPE  37 // corrupted or unexisting local type '%s'
+#define WARN_BAD_CALL_SP   38 // bad sp value at call
+#define WARN_MISSED_SWITCH 39 // wrong markup of switch jump, skipped it
+#define WARN_BAD_SP        40 // positive sp value %a has been found
+#define WARN_BAD_STKPNT    41 // wrong sp change point
+#define WARN_UNDEF_LVAR    42 // variable '%s' is possibly undefined (variable in orange)
+#define WARN_JUMPOUT       43 // control flows out of bounds to %a
+#define WARN_BAD_VALRNG    44 // values range analysis failed
+#define WARN_BAD_SHADOW    45 // ignored the value written to the shadow area of the succeeding call
+#define WARN_OPT_VALRNG    46 // conditional instruction was optimized away because of '%s'
+#define WARN_RET_LOCREF    47 // returning address of temporary local variable '%s'
+#define WARN_BAD_MAPDST    48 // too short map destination '%s' for variable '%s'
+#define WARN_BAD_INSN      49 // bad instruction
+#define WARN_ODD_ABI       50 // encountered odd instruction for the current ABI
+#define WARN_UNBALANCED_STACK 51 // unbalanced stack, ignored a potential tail call
+#define WARN_OPT_VALRNG2   52 // mask 0x%X is shortened because %s <= 0x%X
+#define WARN_OPT_VALRNG3   53 // masking with 0x%X was optimized away because %s <= 0x%X
+#define WARN_OPT_USELESS_JCND 54 // simplified comparisons for '%s': %s became %s
+
+// Enabled warnings
+WARNINGS =
+[
+  WARN_VARARG_REGS,    // cannot handle register arguments in vararg function, discarded them
+  WARN_ILL_PURGED,     // odd caller purged bytes %d, correcting
+  WARN_ILL_FUNCTYPE,   // invalid function type has been ignored
+  WARN_VARARG_TCAL,    // cannot handle tail call to vararg
+  WARN_VARARG_NOSTK,   // call vararg without local stack
+  WARN_VARARG_MANY,    // too many varargs, some ignored
+  WARN_ADDR_OUTARGS,   // cannot handle address arithmetics in outgoing argument area of stack frame
+  WARN_DEP_UNK_CALLS,  // found interdependent unknown calls
+  WARN_ILL_ELLIPSIS,   // erroneously detected ellipsis type has been ignored
+  WARN_GUESSED_TYPE,   // using guessed type %s;
+  WARN_EXP_LINVAR,     // failed to expand a linear variable
+  WARN_WIDEN_CHAINS,   // failed to widen chains
+  WARN_BAD_PURGED,     // inconsistent function type and number of purged bytes
+  WARN_CBUILD_LOOPS,   // too many cbuild loops
+  WARN_NO_SAVE_REST,   // could not find valid save-restore pair for %s
+  WARN_ODD_INPUT_REG,  // odd input register %s
+  WARN_ODD_ADDR_USE,   // odd use of a variable address
+  WARN_MUST_RET_FP,    // function return type is incorrect (must be floating point)
+  WARN_ILL_FPU_STACK,  // inconsistent fpu stack
+  WARN_SELFREF_PROP,   // self-referencing variable has been detected
+  WARN_WOULD_OVERLAP,  // variables would overlap: %s
+  WARN_ARRAY_INARG,    // array has been used for an input argument
+  WARN_MAX_ARGS,       // too many input arguments, some ignored
+  WARN_BAD_FIELD_TYPE, // incorrect structure member type for %s::%s, ignored
+  WARN_WRITE_CONST,    // write access to const memory at %a has been detected
+  WARN_BAD_RETVAR,     // wrong return variable
+  WARN_FRAG_LVAR,      // fragmented variable at %s may be wrong
+  WARN_HUGE_STKOFF,    // exceedingly huge offset into the stack frame
+  WARN_UNINITED_REG,   // reference to an uninitialized register has been removed: %s
+  WARN_FIXED_MACRO,    // fixed broken macro-insn
+  WARN_WRONG_VA_OFF,   // wrong offset of va_list variable
+  WARN_CR_NOFIELD,     // CONTAINING_RECORD: no field '%s' in struct '%s' at %d
+  WARN_CR_BADOFF,      // CONTAINING_RECORD: too small offset %d for struct '%s'
+  WARN_BAD_STROFF,     // user specified stroff has not been processed: %s
+  WARN_BAD_VARSIZE,    // inconsistent variable size for '%s'
+  WARN_UNSUPP_REG,     // unsupported processor register '%s'
+  WARN_UNALIGNED_ARG,  // unaligned function argument '%s'
+  WARN_BAD_STD_TYPE,   // corrupted or unexisting local type '%s'
+  WARN_BAD_CALL_SP,    // bad sp value at call
+  WARN_MISSED_SWITCH,  // wrong markup of switch jump, skipped it
+  WARN_BAD_SP,         // positive sp value %a has been found
+  WARN_BAD_STKPNT,     // wrong sp change point
+  WARN_UNDEF_LVAR,     // variable '%s' is possibly undefined (variable in orange)
+  WARN_JUMPOUT,        // control flows out of bounds
+  WARN_BAD_VALRNG,     // values range analysis failed
+  WARN_BAD_SHADOW,     // ignored the value written to the shadow area of the succeeding call
+  WARN_OPT_VALRNG,     // conditional instruction was optimized away because %s
+  WARN_RET_LOCREF,     // returning address of temporary local variable '%s'
+  WARN_BAD_MAPDST,     // too short map destination '%s' for variable '%s'
+  WARN_BAD_INSN,       // bad instruction
+  WARN_ODD_ABI,        // encountered odd instruction for the current ABI
+  WARN_UNBALANCED_STACK,// unbalanced stack, ignored a potential tail call
+  WARN_OPT_VALRNG2,    // mask 0x%X is shortened because %s <= 0x%X
+  WARN_OPT_VALRNG3     // masking with 0x%X was optimized away because %s <= 0x%X
+  // WARN_OPT_USELESS_JCND, // disabled by default
+]
+
+// list of function names that are considered "strcmp-like"
+// for them, the decompiler will prefer to use "func(a,b) == 0" as a condition
+// underscores, j_ prefixes and _NN suffixes will be ignored when comparing function names
+CMPFUNCS = "strcmp;memcmp;strncmp;stricmp;wmemcmp;wcscmp;strcasecmp;wcsncmp;strncasecmp;strnicmp;std::string::compare";
+
+// End of the file
No results found