Download Latest Version
RetDec-v5.0-Windows-Release.7z (165.6 MB)
Get an email when there's a new version of RedtDec
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| CHANGELOG.md | 2022-12-08 | 39.7 kB | |
| LICENSE-PELIB | 2022-12-08 | 882 Bytes | |
| LICENSE-THIRD-PARTY | 2022-12-08 | 54.6 kB | |
| RetDec-v5.0-macOS-Release.tar.xz | 2022-12-08 | 173.8 MB | |
| RetDec-v5.0-Windows-Release.7z | 2022-12-08 | 165.6 MB | |
| LICENSE | 2022-12-08 | 1.1 kB | |
| RetDec-v5.0-Linux-Release.tar.xz | 2022-12-08 | 189.3 MB | |
| README.md | 2022-12-08 | 18.6 kB | |
| Release v5.0.tar.gz | 2022-12-08 | 27.2 MB | |
| Release v5.0.zip | 2022-12-08 | 29.1 MB | |
| Totals: 10 Items | 585.1 MB | 55 | |
What's Changed
The one major change:
* RetDec is now a library (#779.
* Related changes are the removal of retdec-decompiler.py (it is now a binary, e.g. retdec-decompiler.exe on Windows), retdec-bin2llvmir, retdec-llvmir2hll, and some other supportive functionality.
* See an example in src/retdectool, or an actual implementation of RetDec executable in src/retdec-decompiler, to find out how to use RetDec library.
For more details, see the full changelog or the list below:
- Check for Armadillo made more generic by @ladislav-zezula in https://github.com/avast/retdec/pull/733
- Added tests for more versions of Petite packer by @ladislav-zezula in https://github.com/avast/retdec/pull/735
- Add detection support for newer versions of VMProtect. by @tamaroth in https://github.com/avast/retdec/pull/734
- Improve the detection of Enigma protector (32-bit). by @tamaroth in https://github.com/avast/retdec/pull/741
- Improve the detection of ASPack executable packer. by @tamaroth in https://github.com/avast/retdec/pull/743
- Fixed missing <limits> header by @Cyclic3 in https://github.com/avast/retdec/pull/745
- Improve the detection of the Eziriz packer/protector by @ladislav-zezula in https://github.com/avast/retdec/pull/746
- Added detection of PyInstaller by @ladislav-zezula in https://github.com/avast/retdec/pull/748
- Add support for using the 'dotnet' module in YARA rules by @PeterMatula in https://github.com/avast/retdec/pull/749
- Add detection support of Astrum InstallWizard. by @tamaroth in https://github.com/avast/retdec/pull/753
- Add detection of AutoHotKey compiler. by @tamaroth in https://github.com/avast/retdec/pull/756
- Improve the detection of AutoIT files compiled to binary. by @tamaroth in https://github.com/avast/retdec/pull/757
- fix: mislabeled scripts and writing strings versus bytes by @kayarre in https://github.com/avast/retdec/pull/759
- The detection of BAT to PE-EXE script-compilers. by @tamaroth in https://github.com/avast/retdec/pull/761
- The improved detection of BeRo EXE Packer. by @tamaroth in https://github.com/avast/retdec/pull/764
- deps/yara: force rebuild if config changed, fix [#760] by @PeterMatula in https://github.com/avast/retdec/pull/763
- Lz more corruptions by @ladislav-zezula in https://github.com/avast/retdec/pull/767
- Fixed bug with alignment of PointerToRawData by @ladislav-zezula in https://github.com/avast/retdec/pull/768
- Update Yara to 4.0.1 by @PeterMatula in https://github.com/avast/retdec/pull/769
- deps/yara/patch: patch YARA surces to fix bug in v4.0.1 by @PeterMatula in https://github.com/avast/retdec/pull/773
- Optimize utils and file parsing to prevent timeouts in exotic files by @PeterMatula in https://github.com/avast/retdec/pull/772
- Lz memory dump detection by @ladislav-zezula in https://github.com/avast/retdec/pull/770
- Extension of bin2llvmir with optimization of X87 FPU stack. by @JurajHolub in https://github.com/avast/retdec/pull/715
- CMake fixes by @xkubov in https://github.com/avast/retdec/pull/777
- Remove too broad YARA rules for VMProtect packer detection. by @tamaroth in https://github.com/avast/retdec/pull/778
- Improve the detection of CExe packer by modifying the YARA rule. by @tamaroth in https://github.com/avast/retdec/pull/781
- Retdec is a library now by @PeterMatula in https://github.com/avast/retdec/pull/779
-
- gu_idata and gu_rsrc section names are now considered packer sections by @ladislav-zezula in https://github.com/avast/retdec/pull/776
- fileformat/format_detection: use file magic to detect COFF files. by @PeterMatula in https://github.com/avast/retdec/pull/783
- Issue 774 by @PeterMatula in https://github.com/avast/retdec/pull/785
- Reduce static data by @PeterMatula in https://github.com/avast/retdec/pull/787
- deps/openssl: remove, require it as a prerequisite. by @PeterMatula in https://github.com/avast/retdec/pull/807
- Improvement to the detection of multiple packers. by @tamaroth in https://github.com/avast/retdec/pull/804
- utils: replace our filesystem_path with std::filesystem by @PeterMatula in https://github.com/avast/retdec/pull/806
- MzHeader and PeHeader classes in PELIB were replaced by ImageLoader class by @ladislav-zezula in https://github.com/avast/retdec/pull/812
- Improve MoleBox packer detection. by @tamaroth in https://github.com/avast/retdec/pull/815
-
- Fixed high memory usage on samples with screwed up delayed imports by @ladislav-zezula in https://github.com/avast/retdec/pull/817
- Provide unified logging interface by @xkubov in https://github.com/avast/retdec/pull/816
- Lz high memory usage by @ladislav-zezula in https://github.com/avast/retdec/pull/818
-
- Check for invalid IAT directory by @ladislav-zezula in https://github.com/avast/retdec/pull/822
- Fixed high memory usage in debug directory (#824) by @ladislav-zezula in https://github.com/avast/retdec/pull/825
- Fix crash on samples having corrupted PE header (#821) by @tamaroth in https://github.com/avast/retdec/pull/827
- Ninja build by @PeterMatula in https://github.com/avast/retdec/pull/830
- Small improvements to detections of binary tools. by @tamaroth in https://github.com/avast/retdec/pull/831
- Fixed build under RHEL based Linux where libraries are installed into lib64 instead of just lib by @metthal in https://github.com/avast/retdec/pull/834
- fix GCC 9.3.1 hang by @hanickadot in https://github.com/avast/retdec/pull/835
- Fixed segfault on PE files whose IMAGE_FILE_HEADER is cut by @ladislav-zezula in https://github.com/avast/retdec/pull/839
- Fix invalid memory read in PeLib::CoffSymbolTable::read() (#840) by @ladislav-zezula in https://github.com/avast/retdec/pull/841
- Added detection of Blizzard Protector by @ladislav-zezula in https://github.com/avast/retdec/pull/845
- Remove the copyright comment from the outputs generated by RetDec by @s3rvac in https://github.com/avast/retdec/pull/843
- utils: fix [#842], always link stdc++fs if linux & gcc. by @PeterMatula in https://github.com/avast/retdec/pull/846
- deps/googletest: fix adding 'd' suffix in MSVC debug build by @PeterMatula in https://github.com/avast/retdec/pull/848
- Added YARA rule for CreateInstall installer by @ladislav-zezula in https://github.com/avast/retdec/pull/852
- Added YARA rules for FlyStudio installer by @ladislav-zezula in https://github.com/avast/retdec/pull/853
- Added YARA rule for Gentee Installer by @ladislav-zezula in https://github.com/avast/retdec/pull/855
- GhostInstaller and InnoSetup revisited by @ladislav-zezula in https://github.com/avast/retdec/pull/857
- Lz installers install creator by @ladislav-zezula in https://github.com/avast/retdec/pull/858
- Added YARA rules for Quick Batch installer by @ladislav-zezula in https://github.com/avast/retdec/pull/864
- Lz image loader win version specific by @ladislav-zezula in https://github.com/avast/retdec/pull/863
- improved YARA rules for Wise installer by @ladislav-zezula in https://github.com/avast/retdec/pull/865
- Added YARA rule for VISEMAN installer by @ladislav-zezula in https://github.com/avast/retdec/pull/868
- Added YARA rules for Setup Factory by @ladislav-zezula in https://github.com/avast/retdec/pull/869
- Added YARA rule for 'Xenocode Application Launcher' by @ladislav-zezula in https://github.com/avast/retdec/pull/870
- Added YARA rules for SmartInstall Maker by @ladislav-zezula in https://github.com/avast/retdec/pull/871
- Fixed issue [#872] by @ladislav-zezula in https://github.com/avast/retdec/pull/873
- Fix infinite loops in copy propagation optimizer by @jacob-baines in https://github.com/avast/retdec/pull/876
- Fix missing comma in usualPackerSections initializer by @HoundThe in https://github.com/avast/retdec/pull/894
- Lz import thunk check by @ladislav-zezula in https://github.com/avast/retdec/pull/897
- Added YARA rule for Inno Setup 6.0.0 by @ladislav-zezula in https://github.com/avast/retdec/pull/899
- Fixed possible access to unallocated memory in MPRESS unpacker by @metthal in https://github.com/avast/retdec/pull/906
- Lz issue 907 by @ladislav-zezula in https://github.com/avast/retdec/pull/908
- Fixed issue [#911] by @ladislav-zezula in https://github.com/avast/retdec/pull/912
- unpacker/mpress: Properly copy non-packer related sections to the unpacked file by @metthal in https://github.com/avast/retdec/pull/913
- Do not fail completely when retdec-archive-decompiler is not available by @metthal in https://github.com/avast/retdec/pull/914
- Lz fix too many imports by @ladislav-zezula in https://github.com/avast/retdec/pull/917
- Fixed issue https://github.com/avast/retdec/issues/921 by @ladislav-zezula in https://github.com/avast/retdec/pull/922
- Make Fileinfo configurable via a JSON config file by @PeterMatula in https://github.com/avast/retdec/pull/923
- Add version info to all executable apps by @PeterMatula in https://github.com/avast/retdec/pull/926
- unpackertool: added signatures for new UPX versions by @TheDuchy in https://github.com/avast/retdec/pull/929
- Detection of SHA512 improved. Prevented YARA DoS on d251e8b3a5818132d… by @ladislav-zezula in https://github.com/avast/retdec/pull/935
- Implement telfhash for ELF import table by @HoundThe in https://github.com/avast/retdec/pull/936
- Calculate Rich header hash by @HoundThe in https://github.com/avast/retdec/pull/945
- Added new x86 PE signatures for LZMA UPX stub for UPX 3.94+ by @metthal in https://github.com/avast/retdec/pull/948
- Add parsing of the PE Authenticode format by @HoundThe in https://github.com/avast/retdec/pull/902
- Make X509 serial number parsing code compatible with YARA (#954) by @xbabka01 in https://github.com/avast/retdec/pull/955
- Fix the Rich header analysis algorithm by @HoundThe in https://github.com/avast/retdec/pull/973
- Add sanity check for length of a PE resource type name by @HoundThe in https://github.com/avast/retdec/pull/974
- Add oneline subject/issuer to the output by @HoundThe in https://github.com/avast/retdec/pull/976
- Increased PE symbols MAX_LENGTH limits by @HoundThe in https://github.com/avast/retdec/pull/978
- Fix UB due to iterator reaching before begin() in rich header parsing by @HoundThe in https://github.com/avast/retdec/pull/987
- Fix PE resource memory leak due to missing virtual destructor. by @HoundThe in https://github.com/avast/retdec/pull/984
- Fixed resource issue by @ladislav-zezula in https://github.com/avast/retdec/pull/988
- Check for TypeLib parent relationship by @HoundThe in https://github.com/avast/retdec/pull/983
- Change the section name parsing to only remove trailing zeroes by @HoundThe in https://github.com/avast/retdec/pull/979
- Fixed Lz issue 967 by @ladislav-zezula in https://github.com/avast/retdec/pull/970
- Adding Yara rule for InnoSetup 6.1.0 by @fr0gger in https://github.com/avast/retdec/pull/989
- Lz retdec 54 by @ladislav-zezula in https://github.com/avast/retdec/pull/981
- DllFlags are now present on EXEs as well by @ladislav-zezula in https://github.com/avast/retdec/pull/995
- Modified Visual Basic's Yara rule by @Dadda97 in https://github.com/avast/retdec/pull/992
- Modified AutoHotKey's Yara rule by @Dadda97 in https://github.com/avast/retdec/pull/991
- COFF debug info is no longer counted as part of the image by @ladislav-zezula in https://github.com/avast/retdec/pull/996
- Debug info is only accepted if it has the type of IMAGE_DEBUG_TYPE_CO… by @ladislav-zezula in https://github.com/avast/retdec/pull/1004
- Fixed RETDEC-74 and RETDEC-61 by @ladislav-zezula in https://github.com/avast/retdec/pull/1003
- Add signatureVerified flag for each signature by @HoundThe in https://github.com/avast/retdec/pull/994
- Add check that the resource file offset is valid by @HoundThe in https://github.com/avast/retdec/pull/982
- backport yara patch for macOS by @catap in https://github.com/avast/retdec/pull/1001
- Fix of .NET analysis differences by @HoundThe in https://github.com/avast/retdec/pull/997
- Do not return entry point offset if it's not backed up by disk data by @HoundThe in https://github.com/avast/retdec/pull/975
- Check if certificateTable overlaps a section and export the information by @HoundThe in https://github.com/avast/retdec/pull/986
- Fix master not building due to conflicting types by @HoundThe in https://github.com/avast/retdec/pull/1007
- Fixed discrepancies in icon hash between YARA and retdec-fileinfo by @ladislav-zezula in https://github.com/avast/retdec/pull/1006
- Switch to using Python3 module to detect a python by @catap in https://github.com/avast/retdec/pull/999
- Add SECURITY.md as requested in [#1018] by @PeterMatula in https://github.com/avast/retdec/pull/1025
- Check if data is not empty in dotnet integer decoding functions by @HoundThe in https://github.com/avast/retdec/pull/1030
- remove --backend-aggressive-opts and all the related code by @PeterMatula in https://github.com/avast/retdec/pull/1032
- Parse various PE timestamps and export them out by @HoundThe in https://github.com/avast/retdec/pull/1035
- Integrate new authenticode parser by @HoundThe in https://github.com/avast/retdec/pull/1027
- Fixed ImageLoader::Save() by @ladislav-zezula in https://github.com/avast/retdec/pull/1029
- Check for ELF damage by @HoundThe in https://github.com/avast/retdec/pull/1036
- Update API for OpenSSL 3.0 by @catap in https://github.com/avast/retdec/pull/1041
- fix typo in config.cpp by @KisaragiEffective in https://github.com/avast/retdec/pull/1048
- Fixed false positive in the detection of PyInstaller 3.x by @ladislav-zezula in https://github.com/avast/retdec/pull/1051
- Migrate hardcoded
maketo${CMAKE_MAKE_PROGRAM}by @catap in https://github.com/avast/retdec/pull/1043 - Updated list of language IDs by @metthal in https://github.com/avast/retdec/pull/1054
- Use image loader when loading corrupted resources by @metthal in https://github.com/avast/retdec/pull/1055
- Update YARA to 4.2.X by @HoundThe in https://github.com/avast/retdec/pull/1061
- Add dll name from export directory to output by @HoundThe in https://github.com/avast/retdec/pull/1060
- Fix: Manually-specified variables were not used by the project. by @xkubov in https://github.com/avast/retdec/pull/1052
- Lz include relocation into image load by @ladislav-zezula in https://github.com/avast/retdec/pull/1063
- Move signing certificate to a separate object by @HoundThe in https://github.com/avast/retdec/pull/1065
- Updated authenticode parser to the newest version by @metthal in https://github.com/avast/retdec/pull/1067
- Never try to limit memory on macOS by @catap in https://github.com/avast/retdec/pull/1074
- Update authenticode-parser, use-after-free, signedness issues by @HoundThe in https://github.com/avast/retdec/pull/1082
- Use multistage build for Dockerfile, reduces container size by ~1.5G by @bagelbyte in https://github.com/avast/retdec/pull/1081
- Check for possible overflow when checking for segment overlap. by @HoundThe in https://github.com/avast/retdec/pull/1087
- Fix parameter and return types for dynamically called functions by @richardlford in https://github.com/avast/retdec/pull/1085
- Upgrade to Capstone release 4.0.2 with patch by @richardlford in https://github.com/avast/retdec/pull/1086
- Handle Procedure Linkage calls for 32bit x86 from gcc by @richardlford in https://github.com/avast/retdec/pull/1088
- Add ability to process PNG icons for perceptual hash calculation by @HoundThe in https://github.com/avast/retdec/pull/1090
- Add prototypes for dynamically-linked functions without headers by @richardlford in https://github.com/avast/retdec/pull/1092
- Add printing of analysis time to retdec-fileinfo output by @metthal in https://github.com/avast/retdec/pull/1107
- Yara: inherits linker flags by @catap in https://github.com/avast/retdec/pull/1111
- Use provided libtool via
CMAKE_LIBTOOLby @catap in https://github.com/avast/retdec/pull/1109 - Added missed
${RETDEC_INSTALL_BIN_DIR}topat2yaraby @catap in https://github.com/avast/retdec/pull/1113 - Updated yaramod by @metthal in https://github.com/avast/retdec/pull/1121
- Added sanity check for page index when loading pages from broken samples by @metthal in https://github.com/avast/retdec/pull/1120
- Fix removeZeroSequences by @neverwin in https://github.com/avast/retdec/pull/1110
- Update to Capstone V5 by @PeterMatula in https://github.com/avast/retdec/pull/1124
- Simplify removing range by @neverwin in https://github.com/avast/retdec/pull/1115
- Allow to configure
yara's make tool by @catap in https://github.com/avast/retdec/pull/1123 - capstone2llvmir: use undef value if register not loaded but used by @PeterMatula in https://github.com/avast/retdec/pull/1033
- Try to fix issue [#638] by @seviezhou in https://github.com/avast/retdec/pull/642
- Continuous integration in Github Actions by @xkubov in https://github.com/avast/retdec/pull/1053
- Create Autoamted Release Flow by @xkubov in https://github.com/avast/retdec/pull/1125
New Contributors
- @tamaroth made their first contribution in https://github.com/avast/retdec/pull/734
- @Cyclic3 made their first contribution in https://github.com/avast/retdec/pull/745
- @kayarre made their first contribution in https://github.com/avast/retdec/pull/759
- @hanickadot made their first contribution in https://github.com/avast/retdec/pull/835
- @jacob-baines made their first contribution in https://github.com/avast/retdec/pull/876
- @HoundThe made their first contribution in https://github.com/avast/retdec/pull/894
- @TheDuchy made their first contribution in https://github.com/avast/retdec/pull/929
- @xbabka01 made their first contribution in https://github.com/avast/retdec/pull/955
- @fr0gger made their first contribution in https://github.com/avast/retdec/pull/989
- @Dadda97 made their first contribution in https://github.com/avast/retdec/pull/992
- @catap made their first contribution in https://github.com/avast/retdec/pull/1001
- @KisaragiEffective made their first contribution in https://github.com/avast/retdec/pull/1048
- @bagelbyte made their first contribution in https://github.com/avast/retdec/pull/1081
- @richardlford made their first contribution in https://github.com/avast/retdec/pull/1085
- @neverwin made their first contribution in https://github.com/avast/retdec/pull/1110
Full Changelog: https://github.com/avast/retdec/compare/v4.0...v5.0