RE: Decompiler?
>> >> > Dear All
>> >> >
>> >> > I have disassembled the object file on my Debian server , by
>> the
>> >> following :
>> >> >
>> >> > #objdump wmain
>> >> >
>> >> > In the output , I have recognized the intended subroutine
>> that I
>> >> need to
>> >> > find the exact command syntax that it sends out. To this end,
>> I
>> >> asked
>> >> > you guys on how to capture it through 'tcpdump' but didn't
>> >> success. I
>> >> > read this segment assembly language code but it is somewhat
>> >> difficult to
>> >> > decode. Can you please let me know what Debian decompiler is
>> >> suitable for
>> >> > this case? I tried with 'decompyle' but it didn't get
>> through.
>> >>
>> >> First, let me make sure I understand what you are asking. You
>> have
>> >> some
>> >> binary object code and you want to transform it back into the C
>> >> source
>> >> code that it came from. Is that right? Or did I misunderstand
>> you?
>> >>
>> >> If that is what you want, then I doubt that it is possible.
>> I've
>> >> never
>> >> heard of a decompiler. I have heard of a disassembler, but even
>> >> they
>> >> have their limitations. I myself have done extensive work as a
>> >> programmer
>> >> on a disassembler for the s390 platform. It happens to be the
>> >> disassembler
>> >> resident in the TRACK for z/VM freeware program. So I am
>> speaking
>> >> from
>> >> experience here. Even a disassembler is a guess. Here are some
>> >> things that
>> >> you lose, even in a disassembler:
>> >>
>> >> 1. All comments.
>> >> 2. The names of all variables
>> >> 3. The distinction between code and data
>> >>
>> >> For example, if I encounter the hex string '41101004' that
>> could
>> >> be a
>> >>
>> >> LA 1,4(,1)
>> >>
>> >> instruction. But it might not be an instruction. It might be
>> data.
>> >> It
>> >> might be
>> >>
>> >> DC F'1091571716'
>> >>
>> >> Or maybe it's a floating point number in traditional s390
>> >> hexadecimal
>> >> floating point format. Or maybe it's part of an escape sequence
>> of
>> >> codes
>> >> to be sent to a printer. You can never be sure. All these
>> >> uncertainties
>> >> are present in a disassembler. In assembly language, there is
>> >> pretty much
>> >> a one-to-one correspondence between assembler instructions and
>> >> machine
>> >> instructions. But in a high-level language, that is not so. A
>> >> single
>> >> statement in source code may generate a long sequence of
>> machine
>> >> instructions.
>> >> How do you know where one statement ends and another begins?
>> >>
>> >> In short, I doubt if it is possible. Even if you do find
>> something
>> >> that
>> >> purports to be a decompiler, its output will almost certainly
>> not
>> >> match
>> >> the original input. Compilation is a one-way process.
>> >>
>> >
>> >
>> >
>> > Thank you for your reply . Actually my Debian server is running
>> an
>> > application program that sends commands toward an attached
>> network
>> > element . The commands deal with 'profile read' , 'profile
>> modify' ,
>> > and 'profile delete' issues . On the application gui , there is
>> an
>> > option to try for 'profile replace' that I cannot find the
>> related
>> > command . As there is a need to try for this 'profile replace'
>> in
>> > batch file , so I need to find the exact command syntax for this
>> > purpose . I tried to capture it through tracing with 'tcpdump'
>> but
>> > it was un-successful . So I dis-assembled the code and I was
>> lucky
>> > to find the related subroutine . It is short in length but I
>> cannot
>> > decode it to find the logic in behind . So I need to find a
>> > de-compiler to de-compile it to some sort of higher level
>> languages
>> > to see if I can understand the login behind . Please give me a
>> hint
>> > on how to accomplish this .
>> >
>> >
>>
>> I once worked for a company that was asked to reverse engineer a
>> file as the client had lost the original source. The method was to
>> first create lots of simple programs that each contained just one,
>> or few, lines of code, compile it, and then slowly build up a
>> one-to-one map of source to binary. It was _____extremely_____
>> tedious the compiler would optimise code and so trial and error
>> guesses had to often be made to try and get the compiler to build
>> a
>> specific chunk of binary. I do not want to ever do that again.
>> However, it can be done.
>>
>> Please note, as others have said, you will not get any object
>> names
>> (variables or procedures) out of this, and you will always have to
>> make educated guesses when data chunks are hard coded in.
>>
>> Regards, Tim.
>>
>
>
> Thanks . As I don't want to completely analyze the whole of the
> program and I just want to find the exact syntax of an specific
> command that is being exchanged between my Debian and the remote
> network element , can you please let me know which de-compiler can I
> use to de-compiler just that small subroutine segment part ?
>
>From your posts it appears you want something that will
automatically parse an unknown protocol, with unknown data format
and content. Or, automatically decompile a binary executable. The
answer that you are being given is - there is NO automatic way to do
this.
It can be done, but not by a machine, in other words, the
decoder/decompiler is YOU. You will need to analyse the data and
make sense of it yourself, there simply is no other way. I'm
guessing you don't want this to be the answer, but unfortunately it
is.
Good luck, Tim.
Reply to: