Re: Decompiler?

To: debian-user@lists.debian.org
Subject: Re: Decompiler?
From: Stephen Powell <zlinuxman@wowway.com>
Date: Sun, 21 Feb 2010 07:28:01 -0500 (EST)
Message-id: <[🔎] 1425884921.13942331266755281555.JavaMail.root@md01.wow.synacor.com>
In-reply-to: <[🔎] SNT125-W52ACE3B1ED82AEB83E20BDDB440@phx.gbl>

On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote:
> 
> Dear All
> 
> I have disassembled the object file on my Debian server , by the following :
> 
> #objdump wmain
> 
> In the output , I have recognized the intended subroutine that I need to
> find the exact command syntax that it sends out.  To this end, I asked
> you guys on how to capture it through 'tcpdump' but didn't success.  I
> read this segment assembly language code but it is somewhat difficult to
> decode.  Can you please let me know what Debian decompiler is suitable for
> this case?  I tried with 'decompyle' but it didn't get through.

First, let me make sure I understand what you are asking.  You have some
binary object code and you want to transform it back into the C source
code that it came from.  Is that right?  Or did I misunderstand you?

If that is what you want, then I doubt that it is possible.  I've never
heard of a decompiler.  I have heard of a disassembler, but even they
have their limitations.  I myself have done extensive work as a programmer
on a disassembler for the s390 platform.  It happens to be the disassembler
resident in the TRACK for z/VM freeware program.  So I am speaking from
experience here.  Even a disassembler is a guess.  Here are some things that
you lose, even in a disassembler:

1.  All comments.
2.  The names of all variables
3.  The distinction between code and data

For example, if I encounter the hex string '41101004' that could be a

         LA    1,4(,1)

instruction.  But it might not be an instruction.  It might be data.  It
might be

         DC    F'1091571716'

Or maybe it's a floating point number in traditional s390 hexadecimal
floating point format.  Or maybe it's part of an escape sequence of codes
to be sent to a printer.  You can never be sure.  All these uncertainties
are present in a disassembler.  In assembly language, there is pretty much
a one-to-one correspondence between assembler instructions and machine
instructions.  But in a high-level language, that is not so.  A single
statement in source code may generate a long sequence of machine instructions.
How do you know where one statement ends and another begins?

In short, I doubt if it is possible.  Even if you do find something that
purports to be a decompiler, its output will almost certainly not match
the original input.  Compilation is a one-way process.

Reply to:

Follow-Ups:
- RE: Decompiler?
  - From: Hadi Motamedi <motamedi24@hotmail.com>

References:
- Decompiler?
  - From: Hadi Motamedi <motamedi24@hotmail.com>

Prev by Date: Re: annoying 4gb seg fixup
Next by Date: Re: annoying 4gb seg fixup
Previous by thread: Decompiler?
Next by thread: RE: Decompiler?
Index(es):
- Date
- Thread