> Date: Mon, 22 Feb 2010 18:10:08 +1100 > Subject: RE: Decompiler? > From: tim@clewlow.org > To: debian-user@lists.debian.org > > > > > > > > > > > >> Date: Sun, 21 Feb 2010 07:28:01 -0500 > >> From: zlinuxman@wowway.com > >> To: debian-user@lists.debian.org > >> Subject: Re: Decompiler? > >> > >> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: > >> > > >> > Dear All > >> > > >> > I have disassembled the object file on my Debian server , by the > >> following : > >> > > >> > #objdump wmain > >> > > >> > In the output , I have recognized the intended subroutine that I > >> need to > >> > find the exact command syntax that it sends out. To this end, I > >> ; asked > >> > you guys on how to capture it through 'tcpdump' but didn't > >> success. I > >> > read this segment assembly language code but it is somewhat > >> difficult to > >> > decode. Can you please let me know what Debian decompiler is > >> suitable for > >> > this case? I tried with 'decompyle' but it didn't get through. > >> > >> First, let me make sure I understand what you are asking. You have > >> some > >> binary object code and you want to transform it back into the C > >> source > >> code that it came from. Is that right? Or did I misunderstand you? > >> > >> If that is what you want, then I doubt that it is possible. I've > >> never > >> heard of a decompiler. I have heard of a disassembler, but even > >> they > >> have the ir limitations. I myself have done extensive work as a > >> programmer > >> on a disassembler for the s390 platform. It happens to be the > >> disassembler > >> resident in the TRACK for z/VM freeware program. So I am speaking > >> from > >> experience here. Even a disassembler is a guess. Here are some > >> things that > >> you lose, even in a disassembler: > >> > >> 1. All comments. > >> 2. The names of all variables > >> 3. The distinction between code and data > >> > >> For example, if I encounter the hex string '41101004' that could > >> be a > >> > >> LA 1,4(,1) > >> > >> instruction. But it might not be an instruction. It might be data. > >> It > >> might be > >> > >> DC F'1091571716' > > > > >> Or maybe it's a floating point number in traditional s390 > >> hexadecimal > >> floating point format. Or maybe it's part of an escape sequence of > >> codes > >> to be sent to a printer. You can never be sure. All these > >> uncertainties > >> are present in a disassembler. In assembly language, there is > >> pretty much > >> a one-to-one correspondence between assembler instructions and > >> machine > >> instructions. But in a high-level language, that is not so. A > >> single > >> statement in source code may generate a long sequence of machine > >> instructions. > >> How do you know where one statement ends and another begins? > >> > >> In short, I doubt if it is possible. Even if you do find something > >> that > >> purports to be a dec ompiler, its output will almost certainly not > >> match > >> the original input. Compilation is a one-way process. > >> > >> > >> > >> -- > >> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > >> with a subject of "unsubscribe". Trouble? Contact > >> listmaster@lists.debian.org > >> Archive: > >> http://lists.debian.org/[🔎] 1425884921.13942331266755281555.JavaMail.root@md01.wow.synacor.com > >> > > > > > > > > Thank you for your reply . Actually my Debian server is running an > > application program that sends commands toward an attached network > > element . The commands deal with 'profile read' , 'profile modify' , > > and 'profile delete' issues . On the application gui , there is an > > option to try for 'profile replace' that I cannot find the rel ated > > command . As there is a need to try for this 'profile replace' in > > batch file , so I need to find the exact command syntax for this > > purpose . I tried to capture it through tracing with 'tcpdump' but > > it was un-successful . So I dis-assembled the code and I was lucky > > to find the related subroutine . It is short in length but I cannot > > decode it to find the logic in behind . So I need to find a > > de-compiler to de-compile it to some sort of higher level languages > > to see if I can understand the login behind . Please give me a hint > > on how to accomplish this . > > > > > > > > > > _________________________________________________________________ > > Hotmail: Trusted email with Microsoft’s powerful SPAM protection. > > https://signup.live.com/signup.aspx?id=60969 > > I once worked for a compa ny that was asked to reverse engineer a > file as the client had lost the original source. The method was to > first create lots of simple programs that each contained just one, > or few, lines of code, compile it, and then slowly build up a > one-to-one map of source to binary. It was _____extremely_____ > tedious the compiler would optimise code and so trial and error > guesses had to often be made to try and get the compiler to build a > specific chunk of binary. I do not want to ever do that again. > However, it can be done. > > Please note, as others have said, you will not get any object names > (variables or procedures) out of this, and you will always have to > make educated guesses when data chunks are hard coded in. > > Regards, Tim. > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble ? Contact listmaster@lists.debian.org > Archive: http://lists.debian.org/[🔎] 5ebd1c701d43edd6bb09531a2cea4dac.squirrel@192.168.1.100 > Thanks . As I don't want to completely analyze the whole of the program and I just want to find the exact syntax of an specific command that is being exchanged between my Debian and the remote network element , can you please let me know which de-compiler can I use to de-compiler just that small subroutine segment part ? Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. |