McSema - LLVM code decompiler
The guys who spoke at ReCON 2014 published their McSema tool (MC-Semantics) for recovering x86 binaries from Windows to LLVM code. This tool is divided into several subprojects:
At the moment, the program supports x86-semantics translation with integer arithmetic, floating-point arithmetic and vector operations.
What is it for? This project, in theory, will allow more people to make crazy ports and in a shorter time, will more or less get rid of obfuscating malware by recompiling it with optimizations.
The project is funded by DARPA.
Github
PDF project with ReCON 2014
Announcement of the opening of the project code
- Restore execution order
- Semantics of instructions
- Parsing Binary Files
- Testing Semantics
At the moment, the program supports x86-semantics translation with integer arithmetic, floating-point arithmetic and vector operations.
What is it for? This project, in theory, will allow more people to make crazy ports and in a shorter time, will more or less get rid of obfuscating malware by recompiling it with optimizations.
The project is funded by DARPA.
Github
PDF project with ReCON 2014
Announcement of the opening of the project code