The IDC tool is an interactive decompiler, where the user starts with an almost literal translation of Assembly code in C language, which he progressively decompiles by the successive application of low-level refactorings, ultimately leading to high-level C code.
Fully automated decompilation is not always possible because:
- there is an ambiguous correspondence between high-level language statements and the respective machine code instructions;
- much of the original information is discarded during the compilation process;
- the distinction between data and code in an executable is often blurred.
The idea behind IDC is that human intervention can be employed to:
- disambiguate code semantics,
- organize code,
- and improve readability.
The current main user features of IDC are:
Import Intel IA32 Assembly code, in the AT&T syntax -- the syntax normally generated by the gcc compiler for the Intel IA32 architecture.
Visualize and export quasi-C language code.
Provides a context-sensitive refactoring browser to a set of low-level refactorings.
Visualize and manipulate the Control Flow Graph (CFG) and the Abstract Syntax Tree (AST).
- It has an easily extensible architecture (new program metadata, new processors, new refactorings, or new visualizations can easily be added).
It is possible to modify the refactorings while running the program.
IDC is still in a proof of concept state. It is not yet ready for the reverse engineering real life applications, suffering from some limitations:
- The IA32 instruction set is not yet fully supported, namely the floating-point and SIMD instructions are not yet translated.
- Not all refactoring are implemented, and some are only have a partial implementation.
- The data flow analysis performed in the refactorings focus only on register variables.
- The implementation of several of many necessary the refactorings is still missing due to lack of time.