suleram · hasherezade · Feb 15, 2026 · Feb 15, 2026 · Feb 15, 2026 · Feb 15, 2026
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+*/__pycache__/*
+__pycache__/*
+data/
+*.bak
+
diff --git a/Parser/parse_v8cache.py b/Parser/parse_v8cache.py
@@ -30,17 +30,24 @@ def run_disassembler_binary(binary_path, file_name, out_file_name):
         )
 
     # Open the output file in write mode
-    with open(out_file_name, 'w') as outfile:
+    with open(out_file_name, 'w', encoding="utf-8", errors="replace") as outfile:
         # Call the binary with the file name as argument and pipe the output to the file
-        try:
-            result = subprocess.run([binary_path, file_name], stdout=outfile, stderr=subprocess.PIPE, text=True)
-
-            # Check the return status code
-            if result.stderr:
-                raise RuntimeError(
-                    f"Binary execution failed with status code {result.returncode}: {result.stderr.strip()}")
-        except subprocess.CalledProcessError as e:
-            raise RuntimeError(f"Error calling the binary: {e}")
+        result = subprocess.run(
+            [binary_path, file_name],
+            stdout=outfile,
+            stderr=subprocess.PIPE,
+            text=True,
+        )
+
+        # Treat only non-zero exit codes as failure. Some tools may emit warnings to stderr on success.
+        if result.returncode != 0:
+            err = (result.stderr or "").strip()
+            raise RuntimeError(
+                f"Binary execution failed with status code {result.returncode}." + (f" Stderr: {err}" if err else "")
+            )
+
+        if result.stderr:
+            print(f"[!] Disassembler stderr: {result.stderr.strip()}")
 
 
 def parse_v8cache_file(file_name, out_name, view8_dir, binary_path):

diff --git a/Parser/sfi_file_parser.py b/Parser/sfi_file_parser.py
@@ -1,6 +1,7 @@
 from Parser.shared_function_info import SharedFunctionInfo, CodeLine
 from parse import parse
 import re
+import json
 
 all_functions = {}
 repeat_last_line = False
@@ -12,7 +13,7 @@ def set_repeat_line_flag(flag):
 
 
 def get_next_line(file):
-    with open(file) as f:
+    with open(file, encoding='utf-8', errors='ignore') as f:
         for line in f:
             line = line.strip()
             if not line:
@@ -75,8 +76,9 @@ def parse_const_line(lines, func_name):
     if not address:
         return var_idx, value
     if value.startswith("<String"):
-        value = value.split("#", 1)[-1].rstrip('> ').replace('"', '\\"')
-        return var_idx, f'"{value}"'
+        value = json.dumps(value.split("#", 1)[-1].rstrip('> ')) #.replace('"', '\\"')
+        #return var_idx, f'"{value}"'
-        #return var_idx, f'"{value}"'
-        #return var_idx, f'"{value}"'
+        return var_idx, value
     if value.startswith("<SharedFunctionInfo"):
         value = value.split(" ", 1)[-1].rstrip('> ') if " " in value else ""
         return var_idx, parse_shared_function_info(lines, value, func_name)

diff --git a/Parser/shared_function_info.py b/Parser/shared_function_info.py
@@ -1,16 +1,83 @@
 from Translate.translate import translate_bytecode
+from Translate.jump_blocks import CodeLine
 from Simplify.simplify import simplify_translated_bytecode
 
+import re
+import pickle
+from typing import Dict, List, Optional, Union
 
-class CodeLine:
-    def __init__(self, opcode="", line="", inst="", translated="", decompiled=""):
-        self.v8_opcode = opcode
-        self.line_num = line
-        self.v8_instruction = inst
-        self.translated = translated
-        self.decompiled = decompiled
-        self.visible = True
+###
+
+class GlobalVars:
+    _STRING_RE = re.compile(r'"([^"\\]*(?:\\.[^"\\]*)*)"')
+    _FUNC_RE = re.compile(r'\b(func_([A-Za-z0-9_$]+)_0x[0-9a-fA-F]+)\b')
+
+    def __init__(self):
+        self.strings_set = None
+        self.funcs_map = None
+
+    def parse(self, value) -> bool:
+        is_parsed = False
+
+        strings = set(self._STRING_RE.findall(value))
+        funcs = list(self._FUNC_RE.finditer(value))
+
+        if strings:
+            is_parsed = True
+            self.strings_set = (self.strings_set or set())
+            self.strings_set.update(strings)
+
+        if funcs:
+            is_parsed = True
+            self.funcs_map = (self.funcs_map or {})
+
+            for match in funcs:
+                full_name = match.group(1)
+                short_name = match.group(2)
+                self.funcs_map[short_name] = full_name
+
+        return is_parsed
+
+    def is_filled(self) -> bool:
+        if self.strings_set or self.funcs_map:
+            return True
+        return False
 
+    def has_value(self, value) -> bool:
+        if self.strings_set is not None:
+            val = value.strip('"')
+            if (value in self.strings_set or val in self.strings_set):
+                return True
+        if self.funcs_map is not None:
+            if value in self.funcs_map.keys():
+                return True
+        return False
+
+    def resolve_global_name(self, value) -> Optional[str]:
+
+        def _is_string(value):
+            if value.startswith('"') and value.endswith('"'):
+                return True
+            return False
+
+        if not self.is_filled():
+            return None
+
+        if not _is_string(value):
+            return None
+
+        val = value.strip('"')
+        if self.strings_set is not None:
+            if (value in self.strings_set or val in self.strings_set):
+                return "global_" + val
+
+        if self.funcs_map is not None:
+            if val in self.funcs_map:
+                return self.funcs_map[val]
+
+        return None    
+
+###
 
 class SharedFunctionInfo:
     def __init__(self):
@@ -22,6 +89,8 @@ def __init__(self):
         self.code = None
         self.const_pool = None
         self.exception_table = None
+        self.visible = True
+        self.metadata = None
 
     def is_fully_parsed(self):
         return all(
@@ -40,18 +109,62 @@ def translate_bytecode(self):
     def simplify_bytecode(self):
         simplify_translated_bytecode(self, self.code)
 
-    def replace_const_pool(self):
-        replacements = {f"ConstPool[{idx}]": var for idx, var in enumerate(self.const_pool)}
+    def fill_global_variables(self, global_vars: GlobalVars):
+        """
+        If the Global Vars were defined anywhere in this function, fill them in and store in the global structure.
+        """
+
+        patternDef = re.compile(r'ConstPoolLiteral\[(\d+)\]')
+
+        for obj in self.code:
+            line = obj.decompiled
+            if "DeclareGlobals(" not in line:
+                continue
+            match = re.search(patternDef, line.strip())
+            if not match:
+                continue
+            index = int(match.group(1))
+            # Ensure const_pool exists and index is within valid bounds; otherwise skip
+            if self.const_pool is None or not (0 <= index < len(self.const_pool)):
+                continue
+            if global_vars.parse(self.const_pool[index]):
+                return True
+        return False
+
+    def replace_const_pool(self, global_vars: GlobalVars):
+
+        def _replacement(match):
+            index = int(match.group(2))
+            # Ensure const_pool exists and index is within valid bounds; otherwise leave unchanged
+            if self.const_pool is None or not (0 <= index < len(self.const_pool)):
+                return match.group(0)  # Leave unchanged
+
+            value = self.const_pool[index]
+            if match.group(1) == "ConstPool":  # Not ConstPoolLiteral
+
+                global_symbol = global_vars.resolve_global_name(value)
+                if global_symbol:
+                    return global_symbol
+
+                return value.strip('"')
+            return value
+
+        # Regular expression to match patterns A[NUMBER] or B[NUMBER]
+        pattern = r'(ConstPoolLiteral|ConstPool)\[(\d+)\]'
+
+        #replacements = {f"ConstPool[{idx}]": var.strip('"') for idx, var in enumerate(self.const_pool)}
+        #replacements.update({f"ConstPoolLiteral[{idx}]": var for idx, var in enumerate(self.const_pool)})
+
         for line in self.code:
-            if not line.visible:
+            if "ConstPool" not in line.decompiled:
                 continue
-            for const_id, var in replacements.items():
-                line.decompiled = line.decompiled.replace(const_id, var)
+            line.decompiled = re.sub(pattern, _replacement, line.decompiled)
 
-    def decompile(self):
+    def decompile(self, global_vars: GlobalVars):
         self.translate_bytecode()
         self.simplify_bytecode()
-        self.replace_const_pool()
+        self.fill_global_variables(global_vars)
+        self.replace_const_pool(global_vars)
 
     def export(self, export_v8code=False, export_translated=False, export_decompiled=True):
         export_func = self.create_function_header() + '\n'
@@ -70,3 +183,39 @@ def export(self, export_v8code=False, export_translated=False, export_decompiled
             if export_line:
                 export_func += export_line + '\n'
         return export_func
+
+####
+
+FunctionsBlob = Union[Dict[str, "SharedFunctionInfo"], List["SharedFunctionInfo"]]
+
+# Helper function for serializing multiple functions
+def serialize_functions(functions: FunctionsBlob) -> bytes:
+    """Serialize decompiled output using pickle.
+
+    SECURITY NOTE:
+      Pickle is unsafe for untrusted input. Only load serialized files that you
+      generated yourself.
+    """
+    return pickle.dumps(functions, protocol=pickle.HIGHEST_PROTOCOL)
+
+
+def deserialize_functions(data: bytes) -> FunctionsBlob:
+    """Deserialize decompiled output using pickle.
+
+    SECURITY NOTE:
+      Unpickling can execute arbitrary code. Do not load files from untrusted
+      sources.
+    """
+    return pickle.loads(data)
+
+
+def save_functions_to_file(functions: FunctionsBlob, filename: str):
+    """Save decompiled output to a file (pickle)."""
+    with open(filename, 'wb') as f:
+        f.write(serialize_functions(functions))
+
+
+def load_functions_from_file(filename: str) -> FunctionsBlob:
+    """Load decompiled output from a file (pickle)."""
+    with open(filename, 'rb') as f:
+        return deserialize_functions(f.read())
diff --git a/README.md b/README.md
@@ -18,31 +18,42 @@
 <h2>Usage</h2>
 <h3>Command-Line Arguments</h3>
 <ul>
-<li><code>input_file</code>: The input file name.</li>
-<li><code>output_file</code>: The output file name.</li>
-<li><code>--path</code>, <code>-p</code>: Path to disassembler binary (optional).</li>
-<li><code>--disassembled</code>, <code>-d</code>: Indicate if the input file is already disassembled (optional).</li>
-<li><code>--export_format</code>, <code>-e</code>: Specify the export format(s). Options are <code>v8_opcode</code>, <code>translated</code>, and <code>decompiled</code>. Multiple options can be combined (optional, default: <code>decompiled</code>).</li>
+<li><code>--inp</code>, <code>-i</code>: The input file name</li>
+<li><code>--out</code>, <code>-o</code>: Path to the output (depending on the type of the output, a single file or a directory tree may be generated)</li>
+<li><code>--input_format</code>, <code>-f</code>: Indicate format of the input. Options are: <code>raw</code>: the output is a raw JSC file; <code>disassembled</code>: the input file is already disassembled; <code>serialized</code>: the input is already decompiled, and stored in a serialized format (pickle; trusted input only)</li>
-<li><code>--input_format</code>, <code>-f</code>: Indicate format of the input. Options are: <code>raw</code>: the output is a raw JSC file; <code>disassembled</code>: the input file is already disassembled; <code>serialized</code>: the input is already decompiled, and stored in a serialized format (pickle; trusted input only)</li>
+<li><code>--input_format</code>, <code>-f</code>: Indicate format of the input. Options are: <code>raw</code>: the input is a raw JSC file; <code>disassembled</code>: the input file is already disassembled; <code>serialized</code>: the input is already decompiled, and stored in a serialized format (pickle; trusted input only)</li>
-<li><code>--input_format</code>, <code>-f</code>: Indicate format of the input. Options are: <code>raw</code>: the output is a raw JSC file; <code>disassembled</code>: the input file is already disassembled; <code>serialized</code>: the input is already decompiled, and stored in a serialized format (pickle; trusted input only)</li>
+<li><code>--input_format</code>, <code>-f</code>: Indicate format of the input. Options are: <code>raw</code>: the input is a raw JSC file; <code>disassembled</code>: the input file is already disassembled; <code>serialized</code>: the input is already decompiled, and stored in a serialized format (pickle; trusted input only)</li>
+<li><code>--export_format</code>, <code>-e</code>: Specify the export format(s). Options are <code>v8_opcode</code>, <code>translated</code>, <code>decompiled</code>, and <code>serialized</code>. Multiple options can be combined (optional, default: <code>decompiled</code>).</li>
+<li><code>--path</code>, <code>-p</code>: Path to disassembler binary. Required if the input is in the raw format.</li>
-<li><code>--path</code>, <code>-p</code>: Path to disassembler binary. Required if the input is in the raw format.</li>
+<li><code>--path</code>, <code>-p</code>: Path to disassembler binary. By default, View8 auto-detects the V8 version and uses a bundled disassembler from <code>Bin/</code>; use this option to override the auto-selected binary or when no suitable bundled binary is available for raw input.</li>
-<li><code>--path</code>, <code>-p</code>: Path to disassembler binary. Required if the input is in the raw format.</li>
+<li><code>--path</code>, <code>-p</code>: Path to disassembler binary. By default, View8 auto-detects the V8 version and uses a bundled disassembler from <code>Bin/</code>; use this option to override the auto-selected binary or when no suitable bundled binary is available for raw input.</li>
+<li><code>--tree</code>, <code>-t</code>: Split output into a tree structure (rather than storing all functions in one file). Specify the function that will be used as a top node of the tree. To start from the default main function, use 'start' (optional).</li>
+<li><code>--mainlimit</code>, <code>-l</code>: In tree mode: a tree with depth above this limit will be treated as different module than main (optional).</li>
+<li><code>--include</code>, <code>-n</code>: Functions tree to Include in the output (optional).</li>
+<li><code>--exclude</code>, <code>-x</code>: Functions tree to Exclude from the output (optional).</li>
 </ul>
 
 <h3>Basic Usage</h3>
 <p>To decompile a V8 bytecode file and export the decompiled code:</p>
-<pre><code>python view8.py input_file output_file</code></pre>
+<pre><code>python view8.py -i input_file -o output_file</code></pre>
 <h3>Disassembler Path</h3>
 <p>By default, <code>view8</code> detects the V8 bytecode version of the input file (using <code>VersionDetector.exe</code>) and automatically searches for a compatible disassembler binary in the <code>Bin</code> folder. This can be changed by specifing a different disassembler binary, use the <code>--path</code> (or <code>-p</code>) option:</p>
-<p>By default, <code>view8</code> detects the V8 bytecode version of the input file (using <code>VersionDetector.exe</code>) and automatically searches for a compatible disassembler binary in the <code>Bin</code> folder. This can be changed by specifing a different disassembler binary, use the <code>--path</code> (or <code>-p</code>) option:</p>
+<p>By default, <code>view8</code> detects the V8 bytecode version of the input file (using <code>VersionDetector.exe</code>) and automatically searches for a compatible disassembler binary in the <code>Bin</code> folder. This can be changed by specifying a different disassembler binary, use the <code>--path</code> (or <code>-p</code>) option:</p>
-<p>By default, <code>view8</code> detects the V8 bytecode version of the input file (using <code>VersionDetector.exe</code>) and automatically searches for a compatible disassembler binary in the <code>Bin</code> folder. This can be changed by specifing a different disassembler binary, use the <code>--path</code> (or <code>-p</code>) option:</p>
+<p>By default, <code>view8</code> detects the V8 bytecode version of the input file (using <code>VersionDetector.exe</code>) and automatically searches for a compatible disassembler binary in the <code>Bin</code> folder. This can be changed by specifying a different disassembler binary, use the <code>--path</code> (or <code>-p</code>) option:</p>
-<pre><code>python view8.py input_file output_file --path /path/to/disassembler</code></pre>
+<pre><code>python view8.py -i input_file -o output_file --path /path/to/disassembler</code></pre>
 <h3>Processing Disassembled Files</h3>
-<p>To skip the disassembling process and provide an already disassembled file as the input, use the <code>--disassembled</code> (or <code>-d</code>) flag:</p>
-<pre><code>python view8.py input_file output_file --disassembled</code></pre>
+<p>To skip the disassembling process and provide an already disassembled file as the input, use the <code>--input_format disassembled</code> (or <code>-f disassembled</code>) option:</p>
+<pre><code>python view8.py -i input_file -o output_file -f disassembled</code></pre>
+<h3>Creating and Processing Serialized Files</h3>
+<p>Sometimes we may want to decompile the file into a serialized format (preserving all the objects and structures). This type of an output may be easier to post-process than a text format, and useful i.e. for further deobfuscation. To create a serialized output we use a specific export format: <code>--export_format serialized</code> (or <code>-e serialized</code>)</p>
+<p><strong>Security warning:</strong> the current serialized format is a Python <code>pickle</code> file (<code>.pkl</code>). Unpickling data from untrusted sources can execute arbitrary code. Only load serialized files that you generated yourself.</p>
+<pre><code>python view8.py -i input_file -o output_file -e serialized</code></pre>
+<p>If we ever want to load the serialized output back, and decompile it as a different type of an output, we can do it using <code>--input_format serialized</code> (or <code>-f serialized</code>) option:</p>
+<pre><code>python view8.py -i input_file -o output_file -f serialized</code></pre>
 <h3>Export Formats</h3>
 <p>Specify the export format(s) using the <code>--export_format</code> (or <code>-e</code>) option. You can combine multiple formats:</p>
 <ul>
 <li><code>v8_opcode</code></li>
 <li><code>translated</code></li>
 <li><code>decompiled</code></li>
+<li><code>serialized</code></li>
 </ul>
 <p>For example, to export both V8 opcodes and decompiled code side by side:</p>
-<pre><code>python view8.py input_file output_file -e v8_opcode decompiled</code></pre>
+<pre><code>python view8.py -i input_file -o output_file -e v8_opcode decompiled</code></pre>
 <p>By default, the format used is <code>decompiled</code>.</p>
 
 <h3>VersionDetector.exe</h3>
@@ -52,3 +63,4 @@
     <li><code>-d</code>: Retrieves a hash (little-endian) and returns its corresponding version using brute force.</li>
     <li><code>-f</code>: Retrieves a file and returns its version.</li>
 </ul>
+