Reverse Engineering – The decompiler

For the most part, the debugger are supported and assemble together to decompile, dieosembeulreo also can analyze and decompile a compiled language, because you can see that the dieosembeulreo and the decompiler can do this classification of the advance. So in this book, the interpretation of the source code, and analysis(such as the executable file, breakpoint control) feature is the difference as there is no tool to saw the decompiler. The decompiler was anticipated earlier, it seemed, the executable file serves as a convert source code level.

Most of the decompiler is a compilation of language-dependent executable because it is necessary to determine, a compiled language. (It is possible to decompile tools, different language.)

Below is a compiled language using PEiDcan determine, hope to take advantage of useful.

http://www.peid.info/

 
 


[Figure] PEiDidentified by the PE Header structure of ntsec

 
 

Why use PEiDlanguage used in the program to check in advance, what’s the difference between a language-specific code to know in advance that you can use a decompiler, if packing(4features in the chapter.) If it is, commonly known as packing programs, information about programs that can get the packing, there are also a lot of useful information, such as information about the file structure can get, file analysis: let to take advantage of by applying the.

 
 

So any of these actions help tools one of the things that let me check.

 
 

IDA Hex-Rays

IDAplugin, Hex-Raysof the features it has to offer is really powerful and Pseudocode functions can be.

The majority of the IDAto be analyzed can be reinterpreted in the language of the Ccode, by converting it to give.

This can increase the readability of the station analyst because, even in the very useful progress reverse engineer can use.

Only Hex-Rays plugin is a paid version, if you want to use, or purchase the program, you shall be using the path of the dark. Relevant information can be obtained from the following sites, Pseudocode conversion feature, the F5key is currently viewing the procedure, Ctrl + F5keys program can convert the entire pseudocode.

http://hex-rays.com/

 
 


[Figure] Hello_vc.exe , the majority of the contents of the code conversion to decompile it is possible.

 
 

Boomerang

Boomerang(Boomerang)is a Clanguage compiler, written in the language native to Cwork to decompile help.

If you look at using a boomerang, Clanguages by analyzing an Assembly station code generation process can be found through the GUI.

But in the year since the new update 2006and issjianha, is not the ability to decompile is excellent.

Boomerang is available for download from the site below.

http://boomerang.sourceforge.net/

 
 


[Figure] Hello_vc.exe decompile the content

 
 

REC (Reverse engineering compiler)

RECdecompiler and at the same time, the Clanguage required to reverse engineer PEHeaderand hex values can be a useful tool, even to the present day. 2012continue with version updates and the ability to be very excellent, Assembly. Dikeompaileul the code to proceed nevertheless, it does seem to be much difference with the code won, but free, can be useful as a tool of analysis.

http://www.backerstreet.com/rec/rec.htm

 
 


[Figure] Hello_vc.exe , the contents of the tab to decompile to determine at a glance the information through a variety of possible

 
 

VB Decompiler

In addition to the foregoing, Clanguage VBcan decompile a compiled language tool, the language, some NET(.NET) -based language it is possible to compile. Currently offers a paid version, the free version is limited, in the case of a function.

http://www.vb-decompiler.org/

 
 


[picture] net it is possible to decompile a fraction

 
 

DeDe

Delphi language decompiler you can check detailed objects with is a feature of the.

To use this tool exclusively, than you can use in conjunction with the debugging tools, you can take a quick analysis.

For example, if you take advantage of, you are calling error code 401the Assembly level if you want to set up a break point in the program, this gets underway with debugging tools, the code analysis should proceed sequentially, but, you can use the program below, error code 401 UIto the right you can see the code to start the Assembly. In this way, you can use the side by side, station dramatically reduce the time spent on the analysis can be.

The site of the current developers do not exist, it is possible to download from the download site from overseas under the program.

http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/DeDe.shtml

 
 


[picture] object unit provides the convenience

 
 

.NET Reflector

NET-based decompilers are the best of the powerful has the ability to decompile.

Decompile the resulting code would be the same as the degree of the source code and hee hee-level, NET decompiler is famous for. If you can get from the site below, 30day test version can be used as a.

NET decompiler to other products also exist, but, as these tools are deemed sufficient.

1create the Department had Hello C # let’s try to decompile an executable file.

http://www.reflector.net/

 
 


[picture] written in code almost match

 
 

The decompiler is easy enough to introduce a tool tip, because the usage is paid.

In recent years, anti-debugging technology evolved, the decompiler can extract the source code of the program as much, but, so far, several programs will be able to use by applying the.

After debugging, analysis and useful, so, you know, then the usage of the above tools, see using the.

 
 

 
 

Facebook Comments

2 comments on “Reverse Engineering – The decompiler”

  1. 프로그래밍 응답

    안녕하세요 선생님. 프로그래밍 관련 지식이 많으신것 같은데 개인적으로 여쭤보고싶은게 있습니다. 이메일 남기고 가겠습니다. 곡 도와주셨으면 합니다. 감사합니다.

    • allmnet 응답

      메일 확인하였습니다. 메일로 회신드릴게요. 외부 도움이 받으시기를 추천드립니다.

Leave A Reply

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

This site uses Akismet to reduce spam. Learn how your comment data is processed.