SLEIGH

Rust port of Ghidra's SLEIGH decompiler. This library allows you to decompile or translate machine code for multiple architectures.

What is SLEIGH?

SLEIGH is a language for describing the instruction sets of general purpose microprocessors, in order to facilitate the reverse engineering of software written for them. SLEIGH was designed for the GHIDRA reverse engineering platform and is used to describe microprocessors with enough detail to facilitate two major components of GHIDRA, the disassembly and decompilation engines.

Quickstart

Add the following to Cargo.toml:

sleigh = "*"

Create a decompiler and decompile bytecodes:

let mut decompiler = Decompiler::builder().x86(X86Mode::Mode32).build();

let code = b"\x01\xd8"; // ADD EAX, EBX

// Lift bytecodes into SLEIGH IL
let (len, pcodes) = decompiler.translate(&code, 0x1000);
println!("{} {:?}", len, pcodes);

// Disasm bytecodes
let (len, insts) = decompiler.disassemble(&code, 0x1000);
println!("{} {:?}", len, insts);

Supported Architectures

✔️ = Ready to Go!

🚧 = Working in Progress

Todos

• Documentation
• Detailed disasm operands
• Detailed varnode
• Unit tests

Contribute

This crate is under construction. Ping me if you find any bugs. Any PRs are welcomed!