Sometimes, it might end up being less work to just re-write the program from scratch. But most likely the decompiler will produce absolutely unreadable spaghetti code, and it will be a huge headache to decipher it. If the decompiler is good, the code you get will at least be compilable back into an equivalent executable, and then you can start slowly refactoring it to be readable. So when you decompile, the compiler can only guess at what the source code must have looked like, it has no way of knowing what your code was, because that's gone. Most compilers these days will drastically change your code to optimize it. It is rare for code to be compiled as written. Sometimes loops are unrolled for performance.However, as a general remark: The conversion from C source to executable machine code is lossy. There are many decompilers out there and it's not practical to cover them all here. I am somewhat new to its features and proper configuration for this given setup. What you want to do is called "decompiling". I have some compiled Linux kernel modules (LKMs) with no source available that I am analyzing with IDA Pro 7.5 on Windows. In most cases I've seen, the code needed to be rewritten from scratch, maintained as an assembly language program, or reconstituted by re-applying change requests to an older version. Pencil and paper, believe it or not, for jotting flows and ideas.Once installed, you can then double-click. I know of no free tool to do this automatically, but a Python or Bash script over the top of a text parser of the assembly output (which can be written in sed or Perl) can be helpful. Download Wine from your Linux distributions software repositories. Decompilers like Boomerang, Hex-rays, and Snowman can provide some greater readability but they do not recover the actual variable names or syntax of the original program and they are not 100% reliable, especially in cases where the engineers that created the executable tested with these packages and tried to obfuscate the security further.Disassemblers which show EXACTLY what the executable does but is difficult to read for those that don't write assembly code on that specific architecture or have experience with disassembly.The command "file" which takes the file path as the first parameter so you can determine (in most cases) what type of executable you have.Several tools are common in reverse engineering an executable.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |