Home

Welcome to the PLASMA disassembler wiki!

Howto

• Read a MIPS binary

Hacks

• About jumptables
• Use the Python API
• Source code structure
• Add a support for a new architecture

FIXME

• stack analysis #62 : better heuristic to compute the frame size
• make plasma pip-installable issue #60
• mips: detect end of functions : imports have no "jr $ra"

TODO

Stack :

• stack variables for ARM
• check if a stack variable already exists before renaming it
• re-add canary detection

Analyzer :

• unicode strings
• function detection : actually it checks first if the prolog is known, otherwise nothing is done. But if the function is in a code section we should force to analyze the function.
• improve analyzer performances : memoryview or c_types : a disassembling is done on a block which is every time copied. It requires to modify the capstone api
• mips: use the register simulation to implement the li instruction (currently it's done only at the decompilation)
• detect syscalls during the analysis, not at the decompilation

Visual :

• better printing of PE imports
• reload automatically if the analyzer has modified the content in visual

Features :

• multi-lines comments
• vtables
• structure, enum
• Mach-o
• IDA-like memory bar (in gtk/qt ?)
• text search ? will be unfortunately inefficient, it requires to disassemble all the binary