Home

Welcome to the PLASMA disassembler wiki!

Howto

• Read a MIPS binary

Hacks

• About jumptables
• Use the Python API
• Source code structure
• Add a support for a new architecture

FIXME

• mips: use the register simulation to implement the li instruction (currently it's done only at the decompilation). the analyzer have to save computed immediate values #70
• stack analysis #62 : better heuristic to compute the frame size
• mips: detect end of functions : imports have no "jr $ra"
• check if a stack variable already exists before renaming it
• make plasma pip-installable issue #60

TODO

Stack :

• stack variables for MIPS64
• canary detection

Analyzer :

• unicode strings
• function detection : actually it checks first if the prolog is known, otherwise nothing is done. But if the function is in a code section we should force to analyze the function.
• improve analyzer performances : memoryview or c_types : a disassembling is done on a block which is every time copied. It requires to modify the capstone api
• mips: auto detect the value of gp
• detect syscalls during the analysis, not at the decompilation
• jump-tables for MIPS/ARM
• add more instructions for simulation

Visual :

• unsensitive case search
• better printing of PE imports
• reload automatically if the analyzer has modified the content in visual

Elf :

• import symbols from so : CLE does, but I've not copied this part

Memory map :

• cleanup
• communicate with analyzer/visual -> cursors on the map
• zoom

Features :

• binary search history
• visual popup to modify : frame_size #62, flags (noreturn #47)
• set type on stack variables
• multi-lines comments
• vtables
• structure, enum
• Mach-o
• text search ? will be unfortunately inefficient, it requires to disassemble all the binary