Questions tagged [decompiling]

Decompilers analyze binary code outputting source code in a higher level language such as C. The output is generally not any easier to analyze than the original assembler due to loss of information during compilation.

The concept of a decompiler seems simple to most people. A compiled binary was created from source code, so the operation seems like it should be reversible. However, there are some challenges that a decompiler faces:

Decomposing assembler to a basic block.
Lose of information during compilation.

Decomposing Basic blocks

Hand crafted assembler may confound analysis into a basic block, which will prohibit the creation of a control flow graph. For example, hand crafted assembler is not bound to follow a function prologue and epilogue. Assembler may make use of instructions that do not map to a higher level language. It may use self-modifying code and multiple entry points (even mid-instruction) for legitimate purposes or to foil reverse engineering. Aggressive compiler optimization may produce the same effects under some cases.

Loss of information

Comment and variable names are obviously lost information in the decompilation process. As well, compilers aggressively optimize code; a key part being to keep high level variable in registers. Because of this, a register maybe re-used for many different high level variable. This may result in the decompiled code have a different amount of variables and control structure from the original code. Also, different compilers (or even different optimization levels) generate different code for the same source code. Ie, the source to machine mapping is compiler dependent. Without hints to the decompiler, it cannot generically re-generate the same source. Often the decompiled code will resemble obfuscated code.

Cristina Cifuentes's research paper from Queensland University of Technology give more technical details of a decompiler. The Boomerang project is an example of an Open Source decompiler.

Some general uses of a decompiler:

Retargetting code to a different instruction set.
Analyzing a binary for security issue.
Patching code for an operating system update.

Due to the loss of information, decompiled code may not assist in understanding assembler code. It certainly can not produce the original source code. Examining decompiled code can give an appreciation of good variable naming.

See also: disassembling reverse-engineering

1056 questions

votes

1 answer

Is there an ASM to C convertor?

I have a exe written in C and have decompiled it but the output went right over my head. Will I have to learn assembly in order to understand what the exe does or is there another way? EDIT: The reason I want to know what's in the exe is because I…

c assembly decompiling

asked Sep 05 '13 at 09:37

fARcRY

2,338
6
24
40

votes

1 answer

Recompiling the OpenXmlSdkTool.Core DLL with a anon-method and delegate error

I'm doing research into the OpenXmlSdkTools v2.5 and had a sneak peak inside the OpenXmlSdkTools.Core.DLL and saved it as a c# Project with ILSpy. While this question is active, here is the OpenXmlSdkTools.Core.DLL as a way to quickly reproduce the…

c# delegates decompiling anonymous-methods

asked Aug 31 '13 at 10:24

Jeremy Thompson

61,933
36
195
321

votes

1 answer

Recompile system app

Because I'm creating a custom ROM I want to remove some entries from the settings.apk Because there is no way to hide a preference with XML I have to change the source code from the apk and have to delete the preference from the PreferenceScreen. So…

android decompiling recompile dex2jar

asked Aug 18 '13 at 22:19

Cilenco

6,951
17
72
152

votes

1 answer

Prevent decompilation of password data

I am currently working on one of my first application that will be distributed, but I am running into a huge problem. With use of dotPeek (http://www.jetbrains.com/decompiler/) I can easily retrieve my login data. Of course, converting the…

c# database security authentication decompiling

asked Jul 28 '13 at 22:26

bas

1,678
12
23

votes

0 answers

How does the loader initialize the GOT in ELF/ELF64 executables?

Just like the title says - how does the loader initialize the GOT in ELF/ELF64 executables? I am trying to statically determine what the first entry in the GOT will be, as its initial value is 0.

assembly x86 executable x86-64 decompiling

asked Jul 18 '13 at 14:34

RouteMapper

2,484
1
26
45

votes

1 answer

some disassemble c++ code I am puzzled

I use the IDA pro,hex-rays to decompile some code of a dll. get some code like below: void __stdcall IsDotInLine(double a1, double a2, double a3, double a4, double a5, double a6, double a7) { int v7; // edx@1 int v8; // ecx@1 double v9; //…

c++ decompiling

asked May 30 '13 at 06:58

user1279988

votes

3 answers

How to Prevent SWF from Decompiling?

How do I prevent my SWF from decompiling? Is there any difference between ActionScript 1/2 and ActionScript 3 in the perspective of decompile prevention? This is an opposite question of the following question: How do you decompile a swf file? How…

flash decompiling actionscript-3 actionscript

asked Oct 29 '09 at 07:07

Raptor

53,206
45
230
366

votes

2 answers

Decompiled assembly, which programming language was used

How would you know if a decompiled assembly was written in C# or VB.net?

.net decompiling

asked May 07 '13 at 11:40

anouar.bagari

2,084
19
30

votes

2 answers

It is possible to find a specific byte array in a .NET assembly?

How easy would it be for a someone to decompile/disassemble/reflect over a .NET Assembly compiled in release mode to find the contents of a specific byte array? Is it a good idea to implement a security mechanism that relies on a specific key…

.net security .net-assembly cil decompiling

asked Apr 04 '13 at 16:40

Owen Johnson

2,416
2
19
23

votes

1 answer

Decompile and Recompile apk files on ubuntu

I am trying to modify an Android app using apktool. I've downloaded the apktool and now I have 3 file apktool, aapt and apktool.jar I am trying to modify the background of the Gallery_3D.apk I am using these command to decompile and then…

android decompiling recompile

asked Mar 29 '13 at 06:14

Nirmal Ram

1,722
4
25
45

votes

2 answers

jd-eclipse for dynamically generated java classes

I was looking at JD-Eclipse to be able to view contents of class files. Does anyone know if it is possible to view contents of dynamically generated classes (say proxies) loaded in the JVM using this? Thanks in advance!

java decompiling

asked Mar 20 '13 at 06:08

Kilokahn

2,281
1
25
50

votes

3 answers

Coldfusion Runtime Source Code

Good Day, I was wondering if it was possible to view/debug/hack into the coldfusion.runtime source code. Specifically, I'm getting out of memory errors that look like the following: allocLargeObjectOrArray: [C, size 8388624…

java coldfusion decompiling coldfusion-8 cfml

asked Mar 07 '13 at 23:49

M Lamb

votes

0 answers

C++ disassembler?

Let me just say that I am now backing up everything. I accidentally typed this line, g++ -o source.cc source.cc And I now have a binary instead of my source. Does anyone know of a good dissembler for C++ in the command line... I have all the…

g++ decompiling decompiler

asked Feb 17 '13 at 04:43

Harley Armstrong

votes

1 answer

Find near duplicate binary files (.lib,.bin)

Scenario is: Though the source-code doesn't change, I'm seeing that the the compiled lib/bin files are having difference though It's compiled by same compiler and with same dependencies. Since it's not a text file, I'm deprived of ideas, as we…

algorithm gcc compiler-construction diff decompiling

asked Feb 06 '13 at 18:08

gkns

votes

0 answers

Boomerang decompiler fails

I need to decompile a windows program which the source code was lost for a long time. I am using boomerang in Windows 7 for this. However, it looks broken, gives this message and quits: Could not open dynamic loader library Win32BinaryFile.dll…

c++ decompiling boomerang

asked Jan 26 '13 at 09:29

Victor Stafusa - BozoNaCadeia

13,995
13
56
72

Prev 1 2 3

…

70 71 Next