1 of 1

Hex-Rays v1.6 vs. v1.5 Decompiler Comparison Page

Below you will find side-by-side comparisons of v1.5 and v1.6 decompilations. Please maximize the window too see both columns simultaneously.

The following examples are displayed on this page:

NOTE: these are just some selected examples that can be illustrated as a side-by-side difference. Hex-Rays Decompiler v1.6 includes are many other improvements and new features that are not mentioned on this page - simply because there was nothing to compare them with. Also, some improvements have already been illustrated in the previous comparisons. Please refer to the for more details.

Inline CFString constants

This simple improvement can substantially speed up analysis of Objective C code: CFString text constants are immediately visible in the output.

More humanly if-conditions

The decompiler generates much more readable text by dividing complex conditions into smaller chunks. The output is longer but hey, sometimes it makes sense to be verbose! :)

Support for CONTAINING_RECORD macro

iv class="cmptell"> The decompiler knows how to use the macro it the output to get rid of typecasts. As soon as the variable types are correctly set, it replaces casts with a simple macro call.

Support for LIST_ENTRY macros

We added recognition of macros. While not all cases are handled yet, it usually works quite well. Saves you from the mental effort of recognizing these macros yourself.

Better tail call recognition

A much better recognition of tail call optimization leads to less JUMPOUT() calls in the output. The call arguments are recognized correctly. The function return value is not lost anymore.

Improved memset recognition

Six non-trivial lines of code have been collapsed into one simple line. We are happy with this improvement!

Support for TEB/KPCR references

No more cryptic offsets anymore. As an additional bonus, the decompiler automatically determines variable types because it can use the . By the way, KPCR fields are recognized too, you just need to load the corresponding til file!

Better char/short variable recognition

The previous version of the decompiler failed to create a 16-bit variable that was stored by the compiler in bx. This had some very nasty consequences: the function prototype had an incorrect input argument (ebx) and the calling convention was wrong. While it was possible to correct it by specifying the function prototype manually, the new version lifts this burden from you.

The new version takes care of this situation much better. It uses a more fine-grained approach to variable allocation. It created a small 16-bit variable v4. No more ugly LOWORD() macro, the output is cleaner. The correctly determined function prototype will help when decompiling other functions as well because there will be less parasitic arguments and less confusion.

Better recognition of inline functions

Sorry for a long sample, the previous version of the decompiler was not handling strlen() well enough. It is a never ending fight and perfection is impossible, but we still continue to work on it. Recognition of inline functions is an incredibly hard problem, but the new version has a better engine to recognize them. There is plenty of room for improvement, to put it mildly.

Structure copying - 1

While it is not pure C, we feel that using C++ style structure copying operations in the output adds to clarity. The above sample is almost perfect, this only possible improvement is to _this to this. The new decompiler can do that, read our for more info.

Structure copying - 2

Please note that after collapsing several assignments into one we also got rid of the intermediary v30 variable. Very good!

Sometimes compilers copy structures by DWORD's, regardless of member types. The previous version of the decompiler diligently represented these assignments in the best form it could. However, using a structure copy operation is much better, it is concise and precise.

Support for union fields

Finally the decompiler has proper support for union fields. Previously analysing code with unions could quickly turn into a nightmare because the decompiler would just use the first union field and would not allow you to change it. The code, while it had the field names, was very misleading because these names could be completely wrong. This is what we have on the left sample.

The new version is much better in this aspect. First, it tries to determine the best union field using several heuristic rules. It checks the disassembly listing for 'structure offset' operands, checks the current context to select the best fit union field. In many cases no user intervention is required. However, if the decompiler fails to pick the corrent union field, the user can always correct it by selecting the desired union field manually. Even complex situations like a union with another nested union or structure are supported. Anonymous nested unions are represented correctly too.

Support for merged calls

There is a common compiler optimization that reuses the same call instruction for different calls. Of the left side, the WinHelpA() call is used in two different situations. The decompiler had to use a goto statement because it could not represent the code with constructs.

The new version unmerged the call and got rid of the goto statement. Isn't it nice?

Hex-Rays v1.6 vs. v1.5 Decompiler Comparison Page

Below you will find side-by-side comparisons of v1.5 and v1.6 decompilations. Please maximize the window too see both columns simultaneously.

The following examples are displayed on this page:

Inline CFString constants

This simple improvement can substantially speed up analysis of Objective C code: CFString text constants are immediately visible in the output.

More humanly if-conditions

The decompiler generates much more readable text by dividing complex conditions into smaller chunks. The output is longer but hey, sometimes it makes sense to be verbose! :)

Support for CONTAINING_RECORD macro

iv class="cmptell"> The decompiler knows how to use the macro it the output to get rid of typecasts. As soon as the variable types are correctly set, it replaces casts with a simple macro call.

Support for LIST_ENTRY macros

We added recognition of macros. While not all cases are handled yet, it usually works quite well. Saves you from the mental effort of recognizing these macros yourself.

Better tail call recognition

A much better recognition of tail call optimization leads to less JUMPOUT() calls in the output. The call arguments are recognized correctly. The function return value is not lost anymore.

Improved memset recognition

Six non-trivial lines of code have been collapsed into one simple line. We are happy with this improvement!

Support for TEB/KPCR references

Better char/short variable recognition

Better recognition of inline functions

Structure copying - 1

Structure copying - 2

Please note that after collapsing several assignments into one we also got rid of the intermediary v30 variable. Very good!

Support for union fields

Support for merged calls

The new version unmerged the call and got rid of the goto statement. Isn't it nice?

  v27 = (char *)operator new(v24);
  v28 = v27;
  strcpy(v27, *v3);
  v29 = -1;
  v30 = " ";
  do
  {
    if ( !v29 )
      break;
    v12 = *v30++ == 0;
    --v29;
  }
  while ( !v12 );
  v31 = ~v29;
  v32 = v31;
  v33 = &v30[-v31];
  v34 = -1;
  v35 = v27;
  do
  {
    if ( !v34 )
      break;
    v12 = *v35++ == 0;
    --v34;
  }
  while ( !v12 );
  memcpy(v35 - 1, v33, v32);
  v36 = v3[1];
  v37 = -1;
  do
  {
    if ( !v37 )
      break;
    v12 = *v36++ == 0;
    --v37;
  }
  while ( !v12 );
  v38 = ~v37;
  v39 = &v36[-v38];
  v40 = v38;
  v41 = v27;
  v42 = -1;
  do
  {
    if ( !v42 )
      break;
    v12 = *v41++ == 0;
    --v42;
  }
  while ( !v12 );
  memcpy(v41 - 1, v39, v40);
  v43 = " ";
  v44 = -1;
  do
  {
    if ( !v44 )
      break;
    v12 = *v43++ == 0;
    --v44;
  }
  while ( !v12 );
  v45 = ~v44;
  v46 = &v43[-v45];
  v47 = v45;
  v48 = v27;
  v49 = -1;
  do
  {
    if ( !v49 )
      break;
    v12 = *v48++ == 0;
    --v49;
  }
  while ( !v12 );
  memcpy(v48 - 1, v46, v47);
  v50 = v3[2];
  v51 = -1;
  do
  {
    if ( !v51 )
      break;
    v12 = *v50++ == 0;
    --v51;
  }
  while ( !v12 );
  v52 = ~v51;
  v53 = &v50[-v52];
  v54 = v52;
  v55 = v27;
  v56 = -1;
  do
  {
    if ( !v56 )
      break;
    v12 = *v55++ == 0;
    --v56;
  }
  while ( !v12 );
  memcpy(v55 - 1, v53, v54);
  if ( v3[3] )
  {
    argca = v3 + 3;
    v91 = v3 + 3;
    do
    {
      v57 = " \"";
      v58 = -1;
      do
      {
        if ( !v58 )
          break;
        v12 = *v57++ == 0;
        --v58;
      }
      while ( !v12 );
      v59 = ~v58;
      v60 = &v57[-v59];
      v61 = v59;
      v62 = v27;
      v63 = -1;
      do
      {
        if ( !v63 )
          break;
        v12 = *v62++ == 0;
        --v63;
      }
      while ( !v12 );
      memcpy(v62 - 1, v60, v61);
      v64 = *argca;
      v65 = -1;
      do
      {
        if ( !v65 )
          break;
        v12 = *v64++ == 0;
        --v65;
      }
      while ( !v12 );
      v66 = ~v65;
      v67 = &v64[-v66];
      v68 = v66;
      v69 = v27;
      v70 = -1;
      do
      {
        if ( !v70 )
          break;
        v12 = *v69++ == 0;
        --v70;
      }
      while ( !v12 );
      memcpy(v69 - 1, v67, v68);
      if ( (*argca)[strlen(*argca) - 1] == 92 )
      {
        v71 = "\\";
        v72 = -1;
        do
        {
          if ( !v72 )
            break;
          v12 = *v71++ == 0;
          --v72;
        }
        while ( !v12 );
        v73 = ~v72;
        v74 = &v71[-v73];
        v75 = v73;
        v76 = v27;
        v77 = -1;
        do
        {
          if ( !v77 )
            break;
          v12 = *v76++ == 0;
          --v77;
        }
        while ( !v12 );
        memcpy(v76 - 1, v74, v75);
      }
      v78 = "\"";
      v79 = -1;
      do
      {
        if ( !v79 )
          break;
        v12 = *v78++ == 0;
        --v79;
      }
      while ( !v12 );
      v80 = ~v79;
      v81 = &v78[-v80];
      v82 = v80;
      v83 = v27;
      v84 = -1;
      do
      {
        if ( !v84 )
          break;
        v12 = *v83++ == 0;
        --v84;
      }
      while ( !v12 );
      memcpy(v83 - 1, v81, v82);
      ++v91;
      argca = v91;
    }
    while ( *v91 );
  }

  v27 = (char *)operator new(v24);
  v28 = v27;
  strcpy(v27, *v3);
  v29 = -1;
  v30 = " ";
  do
  {
    if ( !v29 )
      break;
    v12 = *v30++ == 0;
    --v29;
  }
  while ( !v12 );
  v31 = ~v29;
  v32 = v31;
  v33 = &v30[-v31];
  v34 = -1;
  v35 = v27;
  do
  {
    if ( !v34 )
      break;
    v12 = *v35++ == 0;
    --v34;
  }
  while ( !v12 );
  memcpy(v35 - 1, v33, v32);
  v36 = v3[1];
  v37 = -1;
  do
  {
    if ( !v37 )
      break;
    v12 = *v36++ == 0;
    --v37;
  }
  while ( !v12 );
  v38 = ~v37;
  v39 = &v36[-v38];
  v40 = v38;
  v41 = v27;
  v42 = -1;
  do
  {
    if ( !v42 )
      break;
    v12 = *v41++ == 0;
    --v42;
  }
  while ( !v12 );
  memcpy(v41 - 1, v39, v40);
  v43 = " ";
  v44 = -1;
  do
  {
    if ( !v44 )
      break;
    v12 = *v43++ == 0;
    --v44;
  }
  while ( !v12 );
  v45 = ~v44;
  v46 = &v43[-v45];
  v47 = v45;
  v48 = v27;
  v49 = -1;
  do
  {
    if ( !v49 )
      break;
    v12 = *v48++ == 0;
    --v49;
  }
  while ( !v12 );
  memcpy(v48 - 1, v46, v47);
  v50 = v3[2];
  v51 = -1;
  do
  {
    if ( !v51 )
      break;
    v12 = *v50++ == 0;
    --v51;
  }
  while ( !v12 );
  v52 = ~v51;
  v53 = &v50[-v52];
  v54 = v52;
  v55 = v27;
  v56 = -1;
  do
  {
    if ( !v56 )
      break;
    v12 = *v55++ == 0;
    --v56;
  }
  while ( !v12 );
  memcpy(v55 - 1, v53, v54);
  if ( v3[3] )
  {
    argca = v3 + 3;
    v91 = v3 + 3;
    do
    {
      v57 = " \"";
      v58 = -1;
      do
      {
        if ( !v58 )
          break;
        v12 = *v57++ == 0;
        --v58;
      }
      while ( !v12 );
      v59 = ~v58;
      v60 = &v57[-v59];
      v61 = v59;
      v62 = v27;
      v63 = -1;
      do
      {
        if ( !v63 )
          break;
        v12 = *v62++ == 0;
        --v63;
      }
      while ( !v12 );
      memcpy(v62 - 1, v60, v61);
      v64 = *argca;
      v65 = -1;
      do
      {
        if ( !v65 )
          break;
        v12 = *v64++ == 0;
        --v65;
      }
      while ( !v12 );
      v66 = ~v65;
      v67 = &v64[-v66];
      v68 = v66;
      v69 = v27;
      v70 = -1;
      do
      {
        if ( !v70 )
          break;
        v12 = *v69++ == 0;
        --v70;
      }
      while ( !v12 );
      memcpy(v69 - 1, v67, v68);
      if ( (*argca)[strlen(*argca) - 1] == 92 )
      {
        v71 = "\\";
        v72 = -1;
        do
        {
          if ( !v72 )
            break;
          v12 = *v71++ == 0;
          --v72;
        }
        while ( !v12 );
        v73 = ~v72;
        v74 = &v71[-v73];
        v75 = v73;
        v76 = v27;
        v77 = -1;
        do
        {
          if ( !v77 )
            break;
          v12 = *v76++ == 0;
          --v77;
        }
        while ( !v12 );
        memcpy(v76 - 1, v74, v75);
      }
      v78 = "\"";
      v79 = -1;
      do
      {
        if ( !v79 )
          break;
        v12 = *v78++ == 0;
        --v79;
      }
      while ( !v12 );
      v80 = ~v79;
      v81 = &v78[-v80];
      v82 = v80;
      v83 = v27;
      v84 = -1;
      do
      {
        if ( !v84 )
          break;
        v12 = *v83++ == 0;
        --v84;
      }
      while ( !v12 );
      memcpy(v83 - 1, v81, v82);
      ++v91;
      argca = v91;
    }
    while ( *v91 );
  }

Hex-Rays v1.6 vs. v1.5 Decompiler Comparison Page

hashtagHex-Rays v1.6 vs. v1.5 Decompiler Comparison Page

hashtagInline CFString constants

hashtagMore humanly if-conditions

hashtagSupport for CONTAINING_RECORD macro

hashtagSupport for LIST_ENTRY macros

hashtagBetter tail call recognition

hashtagImproved memset recognition

hashtagSupport for TEB/KPCR references

hashtagBetter char/short variable recognition

hashtagBetter recognition of inline functions

hashtagStructure copying - 1

hashtagStructure copying - 2

hashtagSupport for union fields

hashtagSupport for merged calls

Hex-Rays v1.6 vs. v1.5 Decompiler Comparison Page

hashtagHex-Rays v1.6 vs. v1.5 Decompiler Comparison Page

hashtagInline CFString constants

hashtagMore humanly if-conditions

hashtagSupport for CONTAINING_RECORD macro

hashtagSupport for LIST_ENTRY macros

hashtagBetter tail call recognition

hashtagImproved memset recognition

hashtagSupport for TEB/KPCR references

hashtagBetter char/short variable recognition

hashtagBetter recognition of inline functions

hashtagStructure copying - 1

hashtagStructure copying - 2

hashtagSupport for union fields

hashtagSupport for merged calls