Tried running Yagi for IDA 7.6. 64 bit runs fine, but the 32bit target "ida.exe" will crash almost instantly, and without any sort of dialog/warning box.

Consider wrapping your IDA "run" in an a C or C++ exception handler. It's what I do, great for development. With a msg() in the handler it will tell me my plugin crashed instead of crashing IDA (most of the time anyhow, could cause IDA to crash outside of our plugin space et al).

Hi there,

IDA allow users to analyze between static & debugging. however, Yagi use F7 as hotkey, it will let users cannot do single-step in dynamic mode. besides, Yagi is not stable and easy to crash in dynamic mode :(

Hi !

Currently Yagi can only be installed in Ida installation path, this fix allows installing Yagi in user $IDAUSR/plugins folder. The function get_ida_subdirs() searches in $IDAUSR/ and $IDADIR folders and can be used to detect where Yagi is installed.

I only tested it on Linux but it should work on Windows too (if someone can test it before merging the PR ?)

Hello there, Thank you for this awesome plugin. I have tried this plugin on Linux IDA Pro 7.3 and got the error below:

dlopen(/<path>/idapro-7.3/plugins/yagi.so): /<path>/idapro-7.3/plugins/yagi.so: undefined symbol: get_struc_name
/<path>/idapro-7.3/plugins/yagi.so: can't load file

I hope you will add support to IDA Pro 7.3. Thank you very much

I saw you guys mentioned it might not be that hard to add another decompiler. Ghidra does have support for AVR8 (in particular I'm interested in the Xmega stuff). Is this somewhere in your pipeline? Thanks!

hi there, thanks for the nice job! is there any possible to support Yagi for x64dbg? it's useful. although x64dbg embedded a decompiler Snowman, however it's totally not working :(

This happens when Yagi is attempted to be used with a xex file from Xbox 360:

[Yagi] INFO :  load compiler with sleigh id : PowerPC:BE:16:default
[Yagi] ERROR :  No sleigh specification for PowerPC:BE:16:default

The file is loaded into IDA using this loader: https://github.com/emoose/idaxex

Would appreciate a fix since PowerPC is declared to be supported, so it's probably something simple, thanks in advance

EDIT:

Full output:

WARNING: Python 3 is not configured (Python3TargetDLL value is not set). Please run idapyswitch to select a Python 3 install.

  bytes   pages size description
--------- ----- ---- --------------------------------------------
112492544 13732 8192 allocating memory for b-tree...
103317504 12612 8192 allocating memory for virtual array...
   262144    32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
216072192            total memory allocated

Loading processor module C:\Program Files\IDA Pro 7.6\procs\ppc64.dll for PPC...Initializing processor module PPC...OK
Loading type libraries...
Autoanalysis subsystem has been initialized.
Database for file 'output.xex' has been loaded.
[Yagi] INFO :  load compiler with sleigh id : PowerPC:BE:16:default
[Yagi] ERROR :  No sleigh specification for PowerPC:BE:16:default
---------------------------------------------------------------------------------------------
Python 3.10.1 (tags/v3.10.1:2cd268a, Dec  6 2021, 19:10:37) [MSC v.1929 64 bit (AMD64)] 
IDAPython 64-bit v7.4.0 final (serial 0) (c) The IDAPython Team <[email protected]>
---------------------------------------------------------------------------------------------

IDA version: v7.6

Additional info from IDA View:

.rdata:82000600 Imports from xam.xex v2.0.21256.0 (minimum v2.0.16537.0)
.rdata:82000600
.rdata:82000600
.rdata:82000600 # Processor       : PPC
.rdata:82000600 # Target assembler: GNU Assembler
.rdata:82000600 # Byte sex        : Big endian
.rdata:82000600 # SIMD Instructions: VMX128
.rdata:82000600 # Processor Profile: Server
.rdata:82000600 # ABI              : sysv-hard_float
.rdata:82000600
.rdata:82000600 #include "ppc-asm.h"
.rdata:82000600 .set r1, 1; .set r2, 2
.rdata:82000600 .set lt, 0; .set gt, 1; .set eq, 2; .set so, 3

ida_idp.info.is_32bit()
Out[14]: True

ida_idp.info.is_64bit()
Out[15]: True

For 64-bit programs, ida's two judgments both return true, so Yagi will judge the 64-bit program as 32-bit, which does not meet expectations。

auto mode = yagi::Compiler::Mode::M24;
if (inf_is_64bit())
{
    mode = yagi::Compiler::Mode::M64;
}
if (inf_is_16bit())
{
    mode = yagi::Compiler::Mode::M16;
}
if (inf_is_32bit_exactly())
{
    mode = yagi::Compiler::Mode::M32;
}

With release 1.3.0, on Linux 64 bit, Yagi outputs [Yagi] ERROR : No sleigh specification for sparc:BE:32:default when the path ~/.idapro/plugins/Ghidra is a symbolic link to the real folder.

Things work correctly when Ghidra is copied to ~/.iidapro/plugins. This is confirmed by the following traces obtained with strace -f -e file ida file.idb:

Not working:

$ grep Ghidra test
193726 stat("/home/raph/.idapro/plugins/Ghidra", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
193726 stat("/home/raph/bin/ida76/plugins/Ghidra", 0x7ffd6fe45150) = -1 ENOENT (Aucun fichier ou dossier de ce type)

Working:

193522 stat("/home/raph/.idapro/plugins/Ghidra", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
193522 stat("/home/raph/bin/ida76/plugins/Ghidra", 0x7ffe7fcb41c0) = -1 ENOENT (Aucun fichier ou dossier de ce type)
193522 openat(AT_FDCWD, "/home/raph/.idapro/plugins/Ghidra/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 16
193522 openat(AT_FDCWD, "/home/raph/.idapro/plugins/Ghidra/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 16
193522 openat(AT_FDCWD, "/home/raph/.idapro/plugins/Ghidra/Processors/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 16

Hey!

Congrats on the awesome plugin and the hex-rays plugin contest entry!

It'd be awesome if we could get some prebuilt mac builds/mac support, assuming the plugin would support that :-)

In my plugin, I want to do something imediately after the completion of IDA initialization analysis. So I found a function which named hook_to_notification_point, but it won't work. Is there any other ways?