[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Decompiler?




 
> Date: Mon, 22 Feb 2010 18:10:08 +1100
> Subject: RE: Decompiler?
> From: tim@clewlow.org
> To: debian-user@lists.debian.org
>
>
> >
> >
> >
> >
> >> Date: Sun, 21 Feb 2010 07:28:01 -0500
> >> From: zlinuxman@wowway.com
> >> To: debian-user@lists.debian.org
> >> Subject: Re: Decompiler?
> >>
> >> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote:
> >> >
> >> > Dear All
> >> >
> >> > I have disassembled the object file on my Debian server , by the
> >> following :
> >> >
> >> > #objdump wmain
> >> >
> >> > In the output , I have recognized the intended subroutine that I
> >> need to
> >> > find the exact command syntax that it sends out. To this end, I
> >> ; asked
> >> > you guys on how to capture it through 'tcpdump' but didn't
> >> success. I
> >> > read this segment assembly language code but it is somewhat
> >> difficult to
> >> > decode. Can you please let me know what Debian decompiler is
> >> suitable for
> >> > this case? I tried with 'decompyle' but it didn't get through.
> >>
> >> First, let me make sure I understand what you are asking. You have
> >> some
> >> binary object code and you want to transform it back into the C
> >> source
> >> code that it came from. Is that right? Or did I misunderstand you?
> >>
> >> If that is what you want, then I doubt that it is possible. I've
> >> never
> >> heard of a decompiler. I have heard of a disassembler, but even
> >> they
> >> have the ir limitations. I myself have done extensive work as a
> >> programmer
> >> on a disassembler for the s390 platform. It happens to be the
> >> disassembler
> >> resident in the TRACK for z/VM freeware program. So I am speaking
> >> from
> >> experience here. Even a disassembler is a guess. Here are some
> >> things that
> >> you lose, even in a disassembler:
> >>
> >> 1. All comments.
> >> 2. The names of all variables
> >> 3. The distinction between code and data
> >>
> >> For example, if I encounter the hex string '41101004' that could
> >> be a
> >>
> >> LA 1,4(,1)
> >>
> >> instruction. But it might not be an instruction. It might be data.
> >> It
> >> might be
> >>
> >> DC F'1091571716'
> > >
> >> Or maybe it's a floating point number in traditional s390
> >> hexadecimal
> >> floating point format. Or maybe it's part of an escape sequence of
> >> codes
> >> to be sent to a printer. You can never be sure. All these
> >> uncertainties
> >> are present in a disassembler. In assembly language, there is
> >> pretty much
> >> a one-to-one correspondence between assembler instructions and
> >> machine
> >> instructions. But in a high-level language, that is not so. A
> >> single
> >> statement in source code may generate a long sequence of machine
> >> instructions.
> >> How do you know where one statement ends and another begins?
> >>
> >> In short, I doubt if it is possible. Even if you do find something
> >> that
> >> purports to be a dec ompiler, its output will almost certainly not
> >> match
> >> the original input. Compilation is a one-way process.
> >>
> >>
> >>
> >> --
> >> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> >> with a subject of "unsubscribe". Trouble? Contact
> >> listmaster@lists.debian.org
> >> Archive:
> >> http://lists.debian.org/1425884921.13942331266755281555.JavaMail.root@md01.wow.synacor.com
> >>
> >
> >
> >
> > Thank you for your reply . Actually my Debian server is running an
> > application program that sends commands toward an attached network
> > element . The commands deal with 'profile read' , 'profile modify' ,
> > and 'profile delete' issues . On the application gui , there is an
> > option to try for 'profile replace' that I cannot find the rel ated
> > command . As there is a need to try for this 'profile replace' in
> > batch file , so I need to find the exact command syntax for this
> > purpose . I tried to capture it through tracing with 'tcpdump' but
> > it was un-successful . So I dis-assembled the code and I was lucky
> > to find the related subroutine . It is short in length but I cannot
> > decode it to find the logic in behind . So I need to find a
> > de-compiler to de-compile it to some sort of higher level languages
> > to see if I can understand the login behind . Please give me a hint
> > on how to accomplish this .
> >
> >
> >
> >
> > _________________________________________________________________
> > Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
> > https://signup.live.com/signup.aspx?id=60969
>
> I once worked for a compa ny that was asked to reverse engineer a
> file as the client had lost the original source. The method was to
> first create lots of simple programs that each contained just one,
> or few, lines of code, compile it, and then slowly build up a
> one-to-one map of source to binary. It was _____extremely_____
> tedious the compiler would optimise code and so trial and error
> guesses had to often be made to try and get the compiler to build a
> specific chunk of binary. I do not want to ever do that again.
> However, it can be done.
>
> Please note, as others have said, you will not get any object names
> (variables or procedures) out of this, and you will always have to
> make educated guesses when data chunks are hard coded in.
>
> Regards, Tim.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble ? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/5ebd1c701d43edd6bb09531a2cea4dac.squirrel@192.168.1.100
>
 
Thanks . As I don't want to completely analyze the whole of the program and I just want to find the exact syntax of an specific command that is being exchanged between my Debian and the remote network element , can you please let me know which de-compiler can I use to de-compiler just that small subroutine segment part ?

 


Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.

Reply to: