Decompilers are special modules that work on units as input instead of artifacts. They produce units as well, representing portions of decompiled source code.
JEB Pro ships with decompilers for:
- Dalvik (Android DEX files)
- Java (classfile)
- WebAssembly modules (wasm)
- Ethereum contracts (EVM code)
- Intel x86 32-bit (all x86 - x87/mmx/sse/avx support coming in JEB 4)
- Intel x86 64-bit (all x86 - x87/mmx/sse/avx support coming in JEB 4)
- ARM 32-bit (and common ISA extensions)
- ARM 64-bit (v8 / aarch64)
- MIPS 32-bit
The following picture shows a child decompiler unit, as well as a suite of decompiled classes units.
Currently, JEB relies on two separate decompiler pipelines:
DEXDECis the DEX/Dalvik (as well as Java) decompiler. This decompiler works exclusively with Dalvik input. The primary interface to the reference implementation is IDexDecompilerUnit.
GENDECis the Generic decompilation pipeline, which can handle all types of code, native code, managed code, or else. GENDEC is more modular and open than DEXDEC. All native (x86, arm, etc.) as well as no-native (Ethereum, WebAssembly) decompiler plugins are built on GENDEC.
How to Decompile#
- In the assembly view, position your caret on the area of code you would like to decompile.
- Hit the Tab key to decompile code (you can customize this, see the Keyboard Shortcuts section in the Settings page)
- If a decompiler unit can be created for the current code unit, a new decompiled code unit will be created
- The decompiled code unit will receive focus and the caret positioned on the area of code that most closely corresponds to the low-level bytecode or machine code
Decompiling with Options#
Decompiling with Options is also offered in the Action menu. The default keyboard shortcut is MOD1+Tab. (On most platforms, MOD1 is the Control key; on macOS, it is the Command key.)
When the current settings of your decompiler plugin are not exactly what you want to decompile a particular code item, use Decompile with Options to temporarily modify your settings.
This action also allows users to force the re-decompilation of an already decompiled code item. (A clunkier alternative would be to find the corresponding decompiled unit node in the project Hierarchy, remove it, and then decompile again.)
Back to the Assembly#
Conversely, you can go back to the assembly from a decompiled view by using the Tab.
By default, a view representing a portion of decompiled code (e.g., a class) will be replaced by the next class being decompiled. This default behavior is to avoid cluttering the workspace with tens of views representing various decompiled artifacts. However, if you would like to open every piece of decompiled code in a separate view, you may do so by checking the Navigation, do not replace Views menu option.
Actions and Interactivity#
Generally, when it comes to interactivity, decompilation plugins proxy requests to their corresponding parent code unit. That means that the actions set offered is essentially the same. The consistency between views is maintained.