0

If a program is already in its .exe form, how would you decompile it in order to see its code? And if you would compile it again to an executable file, would it work?

2
Contributors
2
Replies
3
Views
8 Years
Discussion Span
Last Post by ruisimoes
0

> how would you decompile it in order to see its code?
Short answer - you can't disassemble code.

Long answer, you can disassemble code, but the result is likely to be the most horrible mess you've ever seen.

Example:

for ( i = 0 ; i < 10 ; i++ ) {
  printf( "i = %d\n", i );
}

Might end up looking like

int var1 = 0;
loop1:
if ( var1 >= 10 ) goto loop1End;
func1( constString1, var1 );
i = i + 1;
goto loop1;
loop1End:;

Depending on how much symbol table information your disassembler has, func1 might actually be written as 'printf', and there is an outside chance that var1 might become 'i'.

Now imagine that scaled up to the 10's of thousands of lines, and you can see that what you're going to get is not going to be a whole load of fun to deal with.

Understand that you'll NEVER get back anything which remotely resembles the original source, for any non-trivial program. It might be better than shrouded source code, but not by much.

You're generally better off just rewriting it. Picking your way through a whole mess of disassembler generated code is only for the damned (or desperate).

0

Thanks for your thread. I know the only way to decompile an EXE is to assembly. During this conversion a lot of information is lost and a lot of assumptions are made. If we compile the same source code with two different compilers we'll even get completely different assembly. But maybe we could use PEID to try and detect the kind of compiler(s) used and then some programs like crackme's. The idea could be making a few minor changes to the original program, or studying its structure, function, and operation, making it also possible to develop a better program. I'm not an expert but I'd really like to learn more.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.