Skip to content
| Marketplace
Sign in
Visual Studio Code>Programming Languages>DecompilerNew to Visual Studio Code? Get it now.

Decompiler

tintinweb

|
60,316 installs
| (4) | Free
Decompile the $h*! out of things
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

get in touch with Consensys Diligence
[ 🌐 📩 🔥 ]

Decompiler!

Let's be honest, there is no reason to remember how to decompile stuff with the various tools available. Wouldn't it be nice to just decompile the $h*! out of things right off the fingertips in Visual Studio Code? Well, here we go:

This extension decompiles ...

  • PEELF/MACH Binary executables for various platforms
    • as supported by Ghidra; Windows PE, Linux ELF, IOS, etc..
    • or IDAPro (Experimental, Windows Only for now)
  • Jar Java Jar archives and compiled Classes
  • APK Android APK's
  • PYC Python .pyc and .pyo
  • EVM Ethereum/EVM based Smart Contracts
    • (Experimental, Linux/MacOs only)

Just right-click → Decompile on a supported executable and wait for the magic to happen.

The decompilation result is added to a temporary sub-workspace. You can right-click → Download files to your local file-system right from the sub-workspace.

Have phun 🙌

Tour

macOS

vscode-decompiler

Windows (Ghidra vs. IDAPro)

vscode-decompiler-idapro

Ethereum Smart Contract

Save the EVM byte-code in a file with extension .evm, then right-click → Decompile.

vscode-decompiler-evm-1

Setup

Requirements: General
  • Requires Java (11+) to be installed system-wide. Just install the latest JRE/JDK for your OS (e.g. OpenJDK, Oracle JDK).
  • Other tools are bundled with the extension. Just make sure Java is available in your PATH.
Requirements: Binary executables (Ghidra / IDA Pro)
  • Requires a working installation of Ghidra (← Download) to decompile executables
    • either available in PATH (like when you install it with brew cask install ghidra on os-x; or set-up manually)
    • otherwise please specify the path to the executable <ghidra>/support/analyzeHeadless in code → preferences → settings: vscode-decompiler.tool.ghidra.path and make sure that the analyzeHeadless script runs without errors (and is not prompting for the JDK Home 🤓). Here's a sample Ghidra config for Windows: ghidraconf
  • (Experimental; Windows Only) Optional a licensed version of IDA Pro with decompiler support.
    • specify the path to the idaw executable in code → preferences → settings: vscode-decompiler.tool.idaPro.path, e.g. c:\IDA68\idaw.exe.
    • set preference to idaPro (experimental Windows Only) in code → preferences → settings: vscode-decompiler.default.decompiler.selected.
    • we'll automatically try to run 32 and 64bits idaw on the target application (preference on what executable is configured by you)
    • If you're running <= IDA Pro 6.6 and the normal IDA decompilation mode does not work you can try the set preference to idaPro legacy hexx-plugin (experimental Windows Only) in code → preferences → settings: vscode-decompiler.default.decompiler.selected. Note: Use this method only if the normal IDA Pro mode doesnt work. Caveat: idaw*.exe must not be in a path that contains spaces, ask @microsoft why 😉.
Requirements: Python
  • Python decompilation requires pip3 install uncompyle6 (see settings)
    • specify the uncompyle6 script location in code → preferences → settings: vscode-decompiler.tool.uncompyle.path or set to uncompyle6 if it is available in PATH
Requirements: Smart Contracts (EVM byte-code)
  • The pseudocode generator panoramix/eveem requires a working installation of python3.8 or newer.
    • specify the python3.8 path in code → preferences → settings: vscode-decompiler.tool.python38.path (e.g. /usr/local/opt/python@3.8/bin/python3.8 (macos/homebrew))
    • make sure pip for python3.8 is installed
    • install panoramix dependencies: $ /usr/local/opt/python@3.8/bin/python3.8 -m pip install coloredlogs requests web3 timeout_decorator
  • Note: Panoramix is run in local mode. EVM byte-code is not sent to eveem.org.
    • It will attempt to download a function signature database on first load.
    • It will cache files to <userhome>/.panoramix.
  • No Windows support :/ (see this issue).
Setting tool preferences

code → preferences → settings:

  • Set default decompiler preference to ghidra (default) or idaPro (experimental Windows Only) (requires a licensed version of IDAPro + Decompiler)
    • vscode-decompiler.default.decompiler.selected
  • Set preference for java decompilation to JADX or JD-CLI (default)
    • vscode-decompiler.java.decompiler.selected
  • Set preference for android apk decompilation to dex2jar + jd-cli (slow) or JADx (default)
    • vscode-decompiler.apk.decompiler.selected"

Troubleshooting & FAQ

  • (macOs) "macOs cannot verify the developer of 'decompiler' ...
    • Follow the fix outline in https://support.apple.com/en-za/guide/mac-help/mh40616/mac.
    • Verify that you've downloaded ghidra from the original website, verify checksums. Note: you're running an NSA tool on your computer, just saying.
    • Open the <ghidra-install-folder>/Ghidra/Features/Decompiler/os/osx64 in finder, Ctrl+mouseClick on decompile → open (you only need to do this one time). image

Credits

This extension wouldn't be possible without the smarties that are developing the following reverse-engineering tools:

  • Ghidra by @NSA/CSS
  • JadX by @skylot
  • JD-CLI by @Josef Cacek
  • dex2Jar by @Bob Pan
  • IDA Pro Advanced & Decompiler
  • python-uncompyle6 by @R. Bernstein
  • panoramix the engine behind eveem.org created by @Tomasz Kolinko
  • LogoMakr (CC; Logo)

Release Notes

see CHANGELOG


  • Contact us
  • Jobs
  • Privacy
  • Terms of use
  • Trademarks
© 2022 Microsoft