McSema - LLVM code decompiler

    The guys who spoke at ReCON 2014 published their McSema tool (MC-Semantics) for recovering x86 binaries from Windows to LLVM code. This tool is divided into several subprojects:
    • Restore execution order
    • Semantics of instructions
    • Parsing Binary Files
    • Testing Semantics

    At the moment, the program supports x86-semantics translation with integer arithmetic, floating-point arithmetic and vector operations.

    What is it for? This project, in theory, will allow more people to make crazy ports and in a shorter time, will more or less get rid of obfuscating malware by recompiling it with optimizations.
    The project is funded by DARPA.

    Github
    PDF project with ReCON 2014
    Announcement of the opening of the project code

    Also popular now: