Hex-Rays v7.4 vs. v7.3 Decompiler Comparison Page

Here are some side-by-side comparisons of decompilations for v7.3 and v7.4. Please maximize the window too see both columns simultaneously.

The following examples are displayed on this page:

Better array detection

The text produced by v7.3 is not quite correct because the array at [ebp-128] was not recognized. Overall determining the array is a tough task but we can handle simple cases automatically now.

_BYTE v7[256]; // [sp+0h] [bp-128h]
  __int64 v8; // [sp+120h] [bp-8h]

  v8 = a2;
  v4 = a2;
  memcpy(v7, &v8, sizeof(v7));
  memcpy(a1, v7, 0x100u);

Support for more floating-point helpers

On the left there is a mysterious call to _extendsfdf2. In fact this is a compiler helper function that just converts a single precision floating point value into a double precision value. However, we do not want to see this call as is. It is much better to translate it into the code that looks more like C. Besides, there is a special treatment for printf-like functions.

void __cdecl printf_float(float a)
{
  printf("%f\n", a);
}

Automatic variable mapping

In some cases we can easily prove that one variable can be mapped into another. The new version automatically creates a variable mapping in such cases. This makes the output shorter and easier to read. Needless to say that the user can revert the mapping if necessary.

__int64 sprintf_s(
        char *__ptr64 const _Buffer,
        const unsigned __int64 _BufferCount,
        const char *__ptr64 const _Format,
        ...)
{
  unsigned __int64 *v6; // x0
  __int64 result; // x0
  va_list va; // [xsp+38h] [xbp+38h]

  va_start(va, _Format);
  v6 = _local_stdio_printf_options();
  return _stdio_common_vsprintf_s(*v6, _Buffer, _BufferCount, _Format, 0i64,
                                  (char *__ptr64)va);
}

Automatic symbolic names

The new version automatically applies symbolic constants when necessary. Less manual work.

  if ( operation == ReadKeyNames )
    return BaseDllReadVariableNames(v1, v2);
  if ( operation != ReadSection )
  {
    if ( operation == WriteKeyValue || operation == DeleteKey )
      return BaseDllWriteVariableValue(v1, v2, 0, 0);
    if ( operation == WriteSection || operation == DeleteSection )
      return BaseDllWriteApplicationVariables(v1, v2);

Simplified C++ names

This is not the longest C++ function name one may encounter but just compare the left and right sides. In fact the right side could even fit into one line easily, we just kept it multiline to be consistent. By the way, all names in IDA benefit from this simplification, not only the ones displayed by the decompiler. And it is configurable!

std::string *
__fastcall
std::_System_error::_Makestr(
  std::string *result,
  std::error_code _Errcode,
  std::string _Message)

Improved handling of 64-bit arithmetics

The battle is long but we do not give up. More 64-bit patterns are recognized now.

return h() % 1024;

Better detection of 64-bit decrements

Yet another example of 64-bit arithmetics. The code on the left is correct but not useful at all. It can and should be converted into the simple equivalent text on the right.

return a1 - 1;

More meaningful variable names

Currently we support only GetProcAddress but we are sure that we will expand this feature in the future.\

MessageBoxA_0 = (int (__stdcall *)(HWND, LPCSTR, LPCSTR, UINT))
                    GetProcAddress(v4, "MessageBoxA");
    if ( !MessageBoxA_0 )
      return 0;
    GetActiveWindow = (HWND (__stdcall *)())GetProcAddress(v5, "GetActiveWindow");
    GetLastActivePopup = (HWND (__stdcall *)(HWND))GetProcAddress(v5, "GetLastActivePopup");
  }
  if ( GetActiveWindow )
  {
    v3 = GetActiveWindow();
    if ( v3 )
    {
      if ( GetLastActivePopup )
        v3 = GetLastActivePopup(v3);
    }
  }
  return MessageBoxA_0(v3, a1, a2, a3);

Last updated