Retrospective Analysis is a plugin for IDA Pro that accelerates and simplifies reverse engineering. It performs a comprehensive backward analysis of function calls using a layered system, predicts and modifies function types, and removes unused parameters. The analysis starts directly from the context menu of the decompiled view, ensuring a seamless integration into your workflow.
The analysis begins from the selected function and iteratively scans the call hierarchy up to a user-defined depth (1–10 layers). Each layer represents a group of function calls, enabling detailed examination of call relationships.
Analyzes function call types (e.g., __thiscall, __stdcall), modifies them, and removes unused parameters afterward.
Identifies inconsistencies and common patterns in function call types to improve function signatures.
Detects and removes redundant parameters from call references, ensuring cleaner and more optimized function signatures.
Choose the best approach for your analysis with two user-selectable engines:
- Hex-Rays Compiler Based Engine: Utilizes the Hex-Rays library to backward compile functions and analyze calls.
- IDA API Based Engine: Analyzes raw machine code to backward compile functions and inspect call relationships.
Automatically corrects virtual call types and parameters, deleting any unused parameters for a more accurate signature.
Incorporates new methods for enhanced accuracy in determining call types and parameters. This update now supports the previously unsupported usercall and userpurge rules, allowing for more effective detection and correction of signature issues.
Start the analysis directly from the context menu in the decompiled view.
The decompiled view is automatically refreshed after any modifications.
-
Select a Function
Open the decompiled view in IDA Pro and right-click the function you want to analyze. -
Start the Analysis
Choose Retrospective Analysis from the context menu.
-
Configure Analysis Settings (Optional)
Adjust the analysis depth (1–10 layers) and select your preferred analysis engine if needed.
-
Review the Results
The plugin automatically corrects call types, removes unused parameters, and updates the decompiled view with the changes.
- Download the latest release from GitHub Releases.
- Place the plugin file in the
pluginsdirectory of your IDA Pro installation. - Restart IDA Pro. The plugin will then appear in the context menu of the decompiled view.
- Return Type Analysis: Enhancing the analysis to automatically detect and adjust function return types.
Your new update lets you choose the best backward analysis engine for your scenario and delivers better accuracy when dealing with complex or unusual calling conventions. Contributions and feedback—especially regarding further automation and additional analysis capabilities—are highly welcome.
Feel free to fork the repository, submit pull requests, and help further improve the plugin!