Reverse Engineering Technology (Decompilers and File Formats)

Reverse Engineering is the conversion of information from a low-level format, usually readable only by a computer into a higher level format, which is easily readable by humans. Typical examples of reverse engineering tools are disassemblers and decompilers, which translate an object file produced by some compiler into an ASCII representation.

On this page: Decompilers - Wanted - Object File Formats

Decompilers

Among reverse engineering tools the most useful are decompilers. A decompiler tries to translate an object file into a compilable source file. The following pages are about decompilers:

C language

• Boomerang: an open source C decompiler
• Program Transformation Wiki on Decompiletion
• Dcc: DOS to C decompiler
• REC: CG's C decompiler for Linux, DOS and Windows

Java

• Java decompilers
• Mocha: the Java decompiler
• WingDis: commercial Java decompiler
• Decaf: a java decompiler in ADA

Windows

• HELPDECO: Windows Help decompiler
• DoDi's VisualBasic tools
• Datarescue makes an intelligent disassembler for DOS and Windows

Data Bases (4GL)

• ReFox: FoxPro decompiler
• Valkyrie: Clipper 5.xx decompiler

COBOL

• The Source Recovery Company

Misc

• MrDebug: Clip-4-Win debugger
• Norton Guides database decompiler
• Hacker's Convention
• Andrew Schulman and "The Undocumented Bookstore"
• A page with links to simulation and decompilation terms and tools
• Faase on decompilers (for a limited time only) and the new version.

Object File Formats

Every reverse engineering tool needs to know about object file formats.
The very basic tool for inspecting binary files is the hex editor.

An exceptionally good hex editor for reverse engineering is available from SweetScape: the 010 Editor - Hex Editor understands file format specifications in the form of templates, and makes it easy to impose a structure over binary files.

Several standard formats have specifications on the net.

A very good repository for object file format specifications is The Wotsit's Site.

Specific file format specification links:

• Executable File Formats
  • Microsoft Symbol and Type Information Spec., V1.0.
  • Portable Executable Format Specification for Windows, V1.0. The Portable Executable (PE) format is the format used by Windows NT and Windows 95 executable files (.EXE, .DLL).
  • DJGPP COFF format
  • Relocatable Object Module Format (OMF), V1.1. This is the old Microsoft format for x86 executable files.
  • Executable and Linkable Format (ELF) V1.1. This is the format used by many UNIX System V Release 4 derivatives, including Solaris and Linux.
  • DWARF Debug Information Format, V1.1.This is the portion of an ELF file that describes symbolic information, like variable types. This should be standard on a UNIX System V Release 4 compliant system. Unfortunately, many system that use ELF don't use DWARF: the GNU gcc compiler for Solaris and Linux generates AOUT STABs in place of DWARF.
  • STABS: the BSD AOUT format, like COFF, does not have a separate debug info portion. Instead, special entries in the AOUT symbol table carry symbolic info and line numbers.
• BINHEX format info (Finland)
• From the Graphical Standards Format page:
  • Randy's collection of file format docs
  • MIME
  • TIFF
  • EPSI
  • HDF and hdf at CICA (8kbytes)
  • JPEG and jpg at CICA (14kbytes)
  • MPEG
  • NITF
  • DXF
  • CGM
  • InterFile
  • DICOM
  • Miscellaneous format docs and utilities at x2ftp.oulu.fi
  • Graphics File Formats Links
  • PNG: Portable Network Graphics; successor to GIF
  • Original source for several of the following files:
    ftp://ftp.uu.net/doc/literary/obi/Standards/Graphics/Formats
  • AVHRR.ps PS-Adobe-1.0
  • DCW_DEM.ps PS-Adobe-1.0
  • FTP.SITE
  • Interfile3.3.doc
  • Revisions
  • RCS of Revisions,v
  • SLAR
  • SOURCE
  • acr.nema.ptr.Z
  • adobe.illustrator.format.ps.Z
  • BMP and bmp.doc.Z
  • ccitt.t4.Z
  • cgm.info.Z
  • dxf.doc.Z
  • facesaver.doc.Z
  • FITS (131kbytes) and fits.doc.Z
  • fli.flc.formats.Z
  • fli.format
  • fli.format.Z
  • GIF at CICA (81kbytes)
  • gif87a.doc.Z
  • gif89a.doc.Z
  • gks.ptr.Z
  • grasp.doc.Z
  • hpgl.ptr.Z
  • iff.doc.Z
  • File iges.ptr.Z and IGES
  • jpeg.jfif.doc.1.01.ps.Z
  • jpeg.jfif.doc.1.02.Z
  • jpeg.jfif.doc.1.02.ps.Z
  • jpeg.ptr.Z
  • lzw.and.gif.doc.Z
  • naplps.doc.Z
  • nff.doc.old.Z and NFF and ENFF from CICA
  • DEC's off.doc.Z and OFF from CICA (48kbytes)
  • pcx.doc.Z and PCX from CICA (20kbytes)
  • pcx2.doc.Z
  • renderman.ptr.Z
  • spot.ps PS-Adobe-1.0
  • sun.rasterfile.doc.Z and ras from CICA
  • SGI's rgb from CICA (13kbytes)
  • rla: Wavefrom image raster file from CICA (.ps)
  • targa.doc.ps.Z and TGA from CICA (44kbytes)
  • targa.format.Z
  • targa.ptr.Z
  • targa.table.of.contents.ps.Z
  • tiff.app_o.ps.Z and G3 (16kbytes)
  • tiff.app_p.ps.Z
  • tiff.doc.4.0.Z
  • tiff.doc.5.0.Z
  • tiff.doc.6.0.ps.Z and tiff.doc.6.0.ps from CICA
  • tiff.f.doc.Z
  • turbo.silver.object.format.Z
  • turbo.silver.rgb.format.Z
• Another list of formats
• Animation/movie formats:
  • ANM Deluxe Paint Animation, from CICA (5kbytes)
  • FLI from CICA (10kbytes)
  • GRASP from CICA (44kbytes)
  • RIFF WAVE (.WAV) audio format (from SimTel)
  • MIDI format
  • MUS format

• 3D description formats
  • 3DS Autodesk's 3D-Studio from CICA (55kbytes) and "The unofficial 3DS format"
  • WaveFront's OBJ from CICA (88kbytes)
  • POV introduction from CICA (16kbytes)
  • SGO from CICA (4kbytes)
  • VRML
• Data base formats
  • DB III format (Finland)
• Text and Page description languages
  • RTF Rich Text Format

Other sources for highly technical, not-so much publicized information:

• Comp.sys.ibm.pc.hardware.video FAQ
• Microsoft Windows FAQ
• Shayne's Video Acccelerator Page
• The W windowing system sources (Finland)