About
Snowman is a native code to C/C++ decompiler, see the examples of generated code. This talk gives a brief explanation of how it works.
Standalone Version
-
Supports ARM, x86, and x86-64 architectures.
-
Reads ELF, Mach-O, and PE file formats.
-
Reconstructs functions, their names and arguments, local and global variables, expressions, integer, pointer and structural types, all types of control-flow structures, including switch.
-
Has a nice graphical user interface with one-click navigation between the assembler code and the reconstructed program.
-
Has a command-line interface for batch processing.
IDA Plug-in
-
Enjoys all executable file formats supported by the disassembler.
-
Benefits from IDA’s signature search, parsers of debug information, and demanglers.
-
Decompiles a chosen function or the whole program by push of a button.
-
Allows easy jumping between the disassembler and the decompiled code.
-
Fully integrates into IDA’s GUI.
Download
-
v0.1.3 (19 October 2018)
-
Standalone: Windows x86-64, Windows x86.
-
IDA plug-in:
-
Windows: IDA 7.0, IDA 6.95, IDA 6.3-6.8, IDA 6.1,
-
Linux: IDA 7.0, IDA 6.95, IDA 6.3-6.8.
-
-
-
v0.1.2 (7 January 2018)
-
Standalone: Windows x86-64, Windows x86.
-
IDA plug-in:
-
Windows: IDA 7.0, IDA 6.95, IDA 6.3-6.8, IDA 6.1,
-
Linux: IDA 7.0, IDA 6.95, IDA 6.3-6.8.
-
-
-
PGP public key, to verify the signatures of the git tags.
Installation Instructions
-
Standalone version you can just unpack and run.
-
IDA plug-in is installed by copying
.plw,.p64,.plx,.dll,.sofiles to IDA’spluginsdirectory.
Usage Instructions
-
Do not try to decompile large programs at once. Select a necessary part in the assembly listing and push
Ctrl-Einstead. Or better use the Snowman IDA plug-in. -
When using the IDA plug-in, press
F3to decompile the function under cursor.
Contacts
-
To report a bug or request a feature, please create an issue.
-
To submit a patch open a pull request.
-
To ask questions, use the mailing list.
-
To ask questions that should not go in public, write me an e-mail.