Code Monkey home page Code Monkey logo

lucid's Introduction

Lucid - An Interactive Hex-Rays Microcode Explorer

Lucid Plugin

Overview

Lucid is a developer-oriented IDA Pro plugin for exploring the Hex-Rays microcode. It was designed to provide a seamless, interactive experience for studying microcode transformations in the decompiler pipeline.

This plugin is labeled only as a prototype & code resource for the community. Please note that it is a development aid, not a general purpose reverse engineering tool.

Special thanks to genmc / @pat0is et al. for the inspiration.

Releases

  • v0.1 -- Initial release

Installation

Lucid is a cross-platform (Windows, macOS, Linux) Python 2/3 plugin. It takes zero third party dependencies, making the code both portable and easy to install.

  1. From your disassembler's python console, run the following command to find its plugin directory:

    • IDA Pro: os.path.join(idaapi.get_user_idadir(), "plugins")
  2. Copy the contents of this repository's /plugins/ folder to the listed directory.

  3. Restart your disassembler.

This plugin is only supported for IDA 7.5 and newer.

Usage

Lucid will automatically load for any architecture with a Hex-Rays decompiler present. Simply right click anywhere in a Pseudocode window and select View microcode to open the Lucid Microcode Explorer.

View microcode

By default, the Microcode Explorer will synchronize with the active Hex-Rays Pseudocode window.

Lucid Layers

Lucid makes it effortless to trace microinstructions through the entire decompiler pipeline. Simply select a microinstruction, and scroll (or click... if you must) through the microcode maturity layer list.

Lucid Layer Traversal Demo

Watch as the explorer stays focused on your selected instruction, while the surrounding microcode landscape melts away. It's basically magic.

Sub-instruction Granularity

Cursor tracing can operate at a sub-operand / sub-instruction level. Placing your cursor on different parts of the same microinstruction can trace sub-components back to their respective origins.

Lucid Sub-instruction Granularity Demo

If the instructions at the traced address get optimized away, Lucid will attempt to keep your cursor in the same approximate context. It will change the cursor color from green to red to indicate the loss of precision.

Sub-instruction Trees

As the Hex-Rays microcode increases in maturity, the decompilation pipeline begins to nest microcode as sub-instructions and sub-operands that form tree-based structures.

Lucid Sub-instrution Graph Demo

You can view these individual trees by right clicking an instruction and selecting View subtree.

Known Bugs

As this is the initial release, there will probably a number of small quirks and bugs. Here are a few known issues at the time of release:

  • While sync'd with hexrays, cursor mapping can get wonky if focused on microcode that gets optimized away
  • When opening the Sub-instruction Graph, window/tab focus can change unexpectedly
  • Microcode Explorer does not dock to the top-level far right compartment on Linux?
  • Switching between multiple Pseudocode windows in different functions might cause problems
  • Double clicking an instruction address comment can crash IDA if there is no suitable view to jump to
  • Plugin has not been tested robustly on Mac / Linux
  • ...?

If you encounter any crashes or bad behavior, please file an issue.

Future Work

Time and motivation permitting, future work may include:

  • Clean up the code.......
  • Interactive sub-instruction graph generalization (to pattern_t / rules)
  • Microcode optimizer development workflow?
  • Microcode optimization manager?
  • Ctree explorer (and similar graph generalization stuff...)
  • Microcode hint text?
  • Improve layer translations
  • Improve performance
  • Migrate off IDA codeview?
  • ...?

I welcome external contributions, issues, and feature requests. Please make any pull requests to the develop branch of this repository if you would like them to be considered for a future release.

Authors

lucid's People

Contributors

gaasedelen avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

lucid's Issues

substring not found

Executing action: lucid:view_microcode (View microcode)
Traceback (most recent call last):
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\util\ida.py", line 51, in activate
self.action_function(ctx)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\core.py", line 119, in interactive_view_microcode
self.explorer.show(current_address)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\ui\explorer.py", line 48, in show
self.select_function(address)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\ui\explorer.py", line 98, in select_function
mtext = MicrocodeText(mba, self.model.verbose)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 463, in init
self.refresh()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 471, in refresh
self._generate_from_mba()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 483, in _generate_from_mba
blk_token = MicroBlockText(blk, self.verbose)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 275, in init
self.refresh()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 283, in refresh
self._generate_from_blk()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 298, in _generate_from_blk
insn_token = MicroInstructionToken(insn, insn_idx, self)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 166, in init
self._generate_from_insn()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 177, in _generate_from_insn
self._create_subop(mop)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 191, in _create_subop
subop = MicroOperandToken(mop, parent=self)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 100, in init
self._generate_from_op()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 112, in _generate_from_op
self._create_subop(mop.d.r)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 147, in _create_subop
subop = MicroOperandToken(mop, parent=self)
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\microtext.py", line 101, in init
self._generate_token_ranges()
File "C:/Program Files/IDA_Pro_v7.5_Portable/plugins\lucid\text.py", line 92, in _generate_token_ranges
token_index = self.text[parsing_offset:].index(token.text)
ValueError: substring not found

supported unknown architecture?

Hello, your excellent work inspired me!
I wonder if the same method can support decompilation of completely unknown architectures, that means a binary IDA can even not disassemble.
Now i have written a script to add some rules for disassemble, but i need to further decompile it, i know Ghidra can do that but i'm not familiar with Ghidra, is IDA can do that?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.