RE: Decompiler?

To: debian-user@lists.debian.org
Subject: RE: Decompiler?
From: "Tim Clewlow" <tim@clewlow.org>
Date: Mon, 22 Feb 2010 18:10:08 +1100
Message-id: <[🔎] 5ebd1c701d43edd6bb09531a2cea4dac.squirrel@192.168.1.100>
In-reply-to: <[🔎] SNT125-W3489B663BC1696676EB521DB430@phx.gbl>
References: <[🔎] SNT125-W52ACE3B1ED82AEB83E20BDDB440@phx.gbl>,<[🔎] 1425884921.13942331266755281555.JavaMail.root@md01.wow.synacor.com> <[🔎] SNT125-W3489B663BC1696676EB521DB430@phx.gbl>

>
>
>
>
>> Date: Sun, 21 Feb 2010 07:28:01 -0500
>> From: zlinuxman@wowway.com
>> To: debian-user@lists.debian.org
>> Subject: Re: Decompiler?
>>
>> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote:
>> >
>> > Dear All
>> >
>> > I have disassembled the object file on my Debian server , by the
>> following :
>> >
>> > #objdump wmain
>> >
>> > In the output , I have recognized the intended subroutine that I
>> need to
>> > find the exact command syntax that it sends out. To this end, I
>> asked
>> > you guys on how to capture it through 'tcpdump' but didn't
>> success. I
>> > read this segment assembly language code but it is somewhat
>> difficult to
>> > decode. Can you please let me know what Debian decompiler is
>> suitable for
>> > this case? I tried with 'decompyle' but it didn't get through.
>>
>> First, let me make sure I understand what you are asking. You have
>> some
>> binary object code and you want to transform it back into the C
>> source
>> code that it came from. Is that right? Or did I misunderstand you?
>>
>> If that is what you want, then I doubt that it is possible. I've
>> never
>> heard of a decompiler. I have heard of a disassembler, but even
>> they
>> have their limitations. I myself have done extensive work as a
>> programmer
>> on a disassembler for the s390 platform. It happens to be the
>> disassembler
>> resident in the TRACK for z/VM freeware program. So I am speaking
>> from
>> experience here. Even a disassembler is a guess. Here are some
>> things that
>> you lose, even in a disassembler:
>>
>> 1. All comments.
>> 2. The names of all variables
>> 3. The distinction between code and data
>>
>> For example, if I encounter the hex string '41101004' that could
>> be a
>>
>> LA 1,4(,1)
>>
>> instruction. But it might not be an instruction. It might be data.
>> It
>> might be
>>
>> DC F'1091571716'
>>
>> Or maybe it's a floating point number in traditional s390
>> hexadecimal
>> floating point format. Or maybe it's part of an escape sequence of
>> codes
>> to be sent to a printer. You can never be sure. All these
>> uncertainties
>> are present in a disassembler. In assembly language, there is
>> pretty much
>> a one-to-one correspondence between assembler instructions and
>> machine
>> instructions. But in a high-level language, that is not so. A
>> single
>> statement in source code may generate a long sequence of machine
>> instructions.
>> How do you know where one statement ends and another begins?
>>
>> In short, I doubt if it is possible. Even if you do find something
>> that
>> purports to be a decompiler, its output will almost certainly not
>> match
>> the original input. Compilation is a one-way process.
>>
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
>> Archive:
>> [🔎] 1425884921.13942331266755281555.JavaMail.root@md01.wow.synacor.com">http://lists.debian.org/[🔎] 1425884921.13942331266755281555.JavaMail.root@md01.wow.synacor.com
>>
>
>
>
> Thank you for your reply . Actually my Debian server is running an
> application program that sends commands toward an attached network
> element . The commands deal with 'profile read' , 'profile modify' ,
> and 'profile delete' issues . On the application gui , there is an
> option to try for 'profile replace' that I cannot find the related
> command . As there is a need to try for this 'profile replace' in
> batch file , so I need to find the exact command syntax for this
> purpose . I tried to capture it through tracing with 'tcpdump' but
> it was un-successful . So I dis-assembled the code and I was lucky
> to find the related subroutine . It is short in length but I cannot
> decode it to find the logic in behind . So I need to find a
> de-compiler to de-compile it to some sort of higher level languages
> to see if I can understand the login behind . Please give me a hint
> on how to accomplish this .
>
>
>
>
> _________________________________________________________________
> Hotmail: Trusted email with Microsoft?s powerful SPAM protection.
> https://signup.live.com/signup.aspx?id=60969

I once worked for a company that was asked to reverse engineer a
file as the client had lost the original source. The method was to
first create lots of simple programs that each contained just one,
or few, lines of code, compile it, and then slowly build up a
one-to-one map of source to binary. It was _____extremely_____
tedious the compiler would optimise code and so trial and error
guesses had to often be made to try and get the compiler to build a
specific chunk of binary. I do not want to ever do that again.
However, it can be done.

Please note, as others have said, you will not get any object names
(variables or procedures) out of this, and you will always have to
make educated guesses when data chunks are hard coded in.

Regards, Tim.

Reply to:

Follow-Ups:
- RE: Decompiler?
  - From: Hadi Motamedi <motamedi24@hotmail.com>

References:
- Decompiler?
  - From: Hadi Motamedi <motamedi24@hotmail.com>
- Re: Decompiler?
  - From: Stephen Powell <zlinuxman@wowway.com>
- RE: Decompiler?
  - From: Hadi Motamedi <motamedi24@hotmail.com>

Prev by Date: Re: Debian-Multimedia
Next by Date: RE: tcpdump?
Previous by thread: RE: Decompiler?
Next by thread: RE: Decompiler?
Index(es):
- Date
- Thread