The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
CrowdStrike CrowdDetox Plugin for Hex-Rays
CrowdDetox version 1.0.2 Beta by Jason Geffner ([email protected])
The CrowdDetox plugin for Hex-Rays automatically removes junk code and variables from Hex-Rays function decompilations.
Please see the LICENSE file for complete licensing details.
Pre-built versions of the plugin for Windows, Mac OS, and Linux (hexraysCrowdDetox.plw, hexraysCrowdDetox.pmc, and hexrays_CrowdDetox.plx, respectively) can be downloaded from http://www.crowdstrike.com/community-tools/index.html
If you would like to use the pre-built plugin, you may skip to INSTALLATION INSTRUCTIONS. Otherwise, follow the steps below to build the CrowdDetox plugin.
For example, if you want to build the CrowdDetox plugin with Visual Studio 11 in Windows, your command line may look as follows: cmake.exe -G "Visual Studio 11" -D CMAKEMAKEPROGRAM="C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe" -D IDADIR="C:\Program Files\IDA 6.4" -D IDASDK="C:\idasdk64" CMakeLists.txt
Copy hexraysCrowdDetox.plw (for Windows), hexraysCrowdDetox.pmc (for Mac OS), or hexrays_CrowdDetox.plx (for Linux) to the IDA Pro plugins folder.
Remove hexraysCrowdDetox.plw (for Windows), hexraysCrowdDetox.pmc (for Mac OS), or hexrays_CrowdDetox.plx (for Linux) from the IDA Pro plugins folder.
To detox a function's decompilation, press 'Shift-F5'.
By default, CrowdDetox considers values and variables used in return statements to be legitimate. Users can manually set a function's prototype to specify a return type of 'void' if the user doesn't want CrowdDetox to consider a function's returned variables to automatically be considered legitimate.
1.0.2 Beta -- Defined _countof macro 1.0.1 Beta -- Detoxing is no longer automatic; users may now press 'Shift-F5' to detox a function's decompilation -- Returned variables now always considered legitimate by default; users can manually set a function's prototype to specify a return type of 'void' if the user doesn't want CrowdDetox to consider a function's returned variables to automatically be considered legitimate -- Improved handling of 'continue', 'return', and 'asm' statements 1.0 Beta -- Initial release