|
|
Decompilers
A decompiler tries to translate an object file into a compilable
source file. There are many decompilers for C# or Java,
but only a few for C/C++. See in particular:
-
Boomerang:
open source C decompiler. Very advanced set of analyses
that attempt to solve the most difficult problems
facing decompilers. The generated code quality varies greatly:
some functions are almost perfect in their representation of code
structure, local variables and types. Other functions look highly
obfuscated by the number of variables and their uses.
It's also rather fragile, as it often crashes with big programs.
-
REC:
My own C decompiler for Linux, DOS and Windows.
The first decompiler to work on multiple platforms and that supports
multiple processors (x86 16 and 32-bits, MIPS, 680x0, PowerPC).
It's very stable, as it's been tested with hundreds of programs.
The quality of the output is not as good as Boomerang's,
since its implementation is based on 20 years old coding style
(read very difficult to extend). I'm working on a complete new version,
RecStudio 4, which will support 64-bit executables, but that's still a ways to go.
-
Hex Rays:
a decompiler plug-in for IDA Pro. The combination
with IDA's advanced disassembly capabilities and run-time debugger
make it the ideal choice. However it's still very new, and requires IDA Pro.
Unlike the others decopilers, it's not free.
It also has to stand the test of time in terms of stability. Very promising.
-
Dcc:
DOS to C decompiler. One of the first decompilers. It shows its age,
but it's still referenced by many other decompilers for its
structuring abilities. Only supports 8086 (16 bits) programs.
-
More on other decompilers at the
Program Transformation Wiki on Decompilation
Here's a comparison of the various decompilers:
| Boomerang |
Windows/Linux |
IA32
MIPS
PPC |
ELF
PE-COFF
Mac-OS |
Batch with
GUI front-end |
No |
Very good |
Good |
Very good |
|
| REC |
Windows/Linux |
IA32
MIPS
PPC
mc68k |
ELF
PE-COFF
AOUT
RAW
PS-X |
Batch / Interactive |
No |
Good |
Fair |
Partial |
|
| dcc |
Windows |
8086 |
DOS .com |
Batch |
No |
Good |
Fair |
Poor |
|
| Hex Rays |
Windows |
? |
? |
Interactive |
? |
? |
? |
? |
|
Testing Decompilers
The quality of a decompiler is based on how good the code it generates is,
and how well it performs in the presence of "unexpected" input.
Particularly difficult problems are posed by the use of compiler optimizations
which make the input code highly unstructured and difficult to understand, even
for a human. Handling the following cases defines the quality of a decompiler:
No information on symbol names in the binary file (stripped executable)
Static vs. dynamically linked executable files (use pattern matching vs.
dynamic linker information to identify access to library functions)
|
|