C++ Decompilation Tricks

How decompilers do stuff

These tricks include notes for Binary Ninja, but IDA looks similar (and I'm sure GHidra does too).

Example code:

char rax_3 = *std::vector<uint8_t>::operator[](&vector, sx.q(j))
*std::vector<uint8_t>::operator[](&vector, sx.q(j)) = *std::string::operator[](arg1, other: j) ^ rax_3

Looks really bizarre and overwhelming, but look at the words. std::vector<uint8_t>::operator[] literally means the operator [], the subscript operator. It wants the subscript of the first parameter, with the second parameter being the argument. So

std::vector<uint8_t>::operator[](&vector, sx.q(j))

Is really just

vector[j]

Also, if it doesn't make sense, change types to add extra arguments! Detection is pretty trash, and it might help a lot.

A non-exhaustive list is:

Decompilation

Meaning

Parameter(s)

std::T::~T

Destructor of class T

T*

std::vector<T>::operator[](&vector, sx.q(j))

vector[j]

T*, int64_t

Last updated 3 months ago