If I use a decompiler to get the source of a known C++ .exe botnet bin will the program execute during the "decompile" ?
What decompiler should I use?
Asked
Active
Viewed 1,362 times
0
-
I've used [IDA decompiler](https://www.hex-rays.com/products/ida/index.shtml) before. It's not for the faint of heart though. :) – Steven Apr 01 '13 at 05:39
-
Well I don't know much C++ or coding past basics. I'd like to just change all his channels and then recompile it. – AnonIce Apr 01 '13 at 05:42
2 Answers
0
No. Decompilation treats the binary as data and does not execute any of the code.
It is like looking at sheet music to determine the structure of the music. The music is not played or heard.
The disassembler or decompiler to use depends on the architecture of the executable. Since you mention .exe that suggests it is MS Windows or Vax/VMS. Search for one suitable for your environment.
wallyk
- 56,922
- 16
- 83
- 148
-
Would the code be usable enough for me to change this guys IRC channel info ..etc and recompile. – AnonIce Apr 01 '13 at 05:40
-
@user2230903: you'd probably have better luck and for much less effort to patch the code. – wallyk Apr 01 '13 at 05:44
-
-
@AnonIce: Somewhere in the code is the IRC channel text. Search for it, and replace it with what you want instead using a binary file editor. Take care not to change the overall length of the data, preferably by changing it to a new string of the same length. It is okay to shorten it (if you know what you are doing), but making it longer is "hard". – wallyk Apr 01 '13 at 06:05
0
I haven't seen any decompilers that generate C++ code. I've seen a few experimental ones that make a reasonable attempt at generating C code, but they tended to be dependent on matching the code-generation patterns of a particular compiler (that may have changed, it's been awhile since I last looked into this). Of course any symbolic information will be gone. Google for "decompiler".
Prashant Shilimkar
- 533
- 1
- 3
- 10