REC 2.1 - Reverse Engineering Compiler (disponibile anche in italiano)


     

      REC is a portable reverse engineering compiler, or decompiler.

It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.
It is portable because it has been designed to read files produced for many different targets, and it has been compiled on several host systems.

RecStudio offers a modern user interface to REC's interactive mode.
A command line version is still available for Linux and Solaris hosts.

    
 Content
       
Last Update

September 20, 2005

Google
  RecStudio

After a 4 years iatus in the realm of graphical user interfaces, I'm finally back to work on REC.
Version 2 introduces RecStudio, a new user interface for interactive decompilation.
Initially the new user interface is only available on Windows systems. Use Wine or another porting library to execute REC 2 on Linux.
A native Linux, Solaris and MacOS X will initially be limited to batch decompilation through project files.

See the version 2 page for a tour of this new REC version.

  Features of versions 1.x
These are some of REC's features: REC sources are not in the public domain.

Although REC can read Win32 executable (aka PE) files produced by Visual C++ or Visual Basic 5, there are limitations on the output produced. REC will try to use whatever information is present in the .EXE symbol table. If the .EXE file was compiled without debugging information, if a program data base file (.PDB) or Codeview (C7) format was used, or if the optimization option of the compiler was enabled, the output produced will not be very good. Moreover, Visual Basic 5 executable files are a mix of Subroutine code and Form data. It is almost impossible for REC to determine which is which. The only option is to use a .cmd file and manually specify which area is code and which area is data.

In practice, only C executable files produce meaningful decompiled output.

Eventually I will implement a .PDB or Codeview symbolic information parser and a Window's resource decompiler. Until then, the only chance to get high-quality symbolic output is to decompile Linux executables that were compiled with the -gstabs option, or to provide additional symbolic information via the 'symbol:' and 'types:' directives of a REC command file.

  References
Several other decompilers are available from various sources. Look at my reverse engineering page for a list.
Rather surprisingly, the internal architecture of a decompiler is very similar to that of a compiler. High-quality literature exists for both.
The decompilation page has links and documentation related to decompilers in general.

Cristina Cifuentes' Reverse Compilation Techniques PhD thesis describes in details the theory and implementation of the dcc decompiler for 8086 DOS programs.

The optimization page describes some of the techniques used by compilers to optimize machine level code. Decompiling optimized is more difficult because the decompiler must "de-optimize" the input file.

The Wotsit page has links to the specifications of object file formats like COFF and ELF.

Other fundamental books I used during the development are:

The disassemblers used in REC were taken from various sources. The file copyrite in the distribution has a list of credits for each of the disassemblers used in REC. The rest of the code was written by myself during the last 9 years. I will continue to improve REC in my spare time, but I cannot guarantee that I can fix bugs or add new features, processors, or hosts.

  Disclaimer
There is a lot of discussion on the legality of decompilation. Decompiler tools have been available for a variety of platforms for a long time. Decompilers, along with other tools like debuggers, binary editors, disassemblers etc. should only be used when the owner of a program has the legal right to reverse engineer the program.

It has been established by the US and other countries courts that it is legal to use decompilers under the fair use clause of copyright law.

To find out when it is legal to use a decompiler, you should read the text of the following cases:

Also read a discussion on the legality of using an emulator to run a binary program on a different host.

Backer Street Software does not support the use of reverse engineering tools for illegal purposes.


Copyright © 1997 - 2007 Backer Street Software - All rights reserved.

History:
 
6 May 2007  Version 2.1: Added back +batch option to RecStudio; use Ndisasm for i386; better isolation of import data for Windows binaries
20 Sep. 2005  Version 2.0d: More bug fixes for 68k
6 Sep. 2005  Version 2.0c: Support for Linux .o files and improved support for 68k
15 Aug. 2005  Version 2.0b: Maintenance release. Support for Watcom-compiled binaries and wide strings
1 Aug. 2005  Version 2.0a: Maintenance release. Fixed crashes, improved quality with Windows executables
30 May 2005  Version 2.0: Windows GUI and interactive decompilation
19 Sep. 2000  Version 1.6: Added support for SPARC.
16 Mar. 1999  Version 1.5d: Restored detection of switch(). Added support for big-endian MIPS.
6 Mar. 1999  Version 1.5: Support for import/export info in Win95 files; replaced GNU disassemblers with freeware source; fixed many crashes
22 Nov. 1998  Version 1.4a: Fixed endless loop when decompiling Win95 files; added Windows prototype files
15 Nov. 1998  Version 1.4: Added browser capability in interactive mode, and HTML page generation
30 Jul. 1998 
Version 1.3b: Maintenance: fixed crashes and various problems in 68k.
15 Feb. 1998  Version 1.3: Added Motorola 68000 and PowerPC targets.
7 Dec. 1997  Version 1.2: fixed PC's user interface. Now we can load 16 bits DOS executables. More bug fixes.
26 Oct. 1997  Version 1.1: multi-target support (386 + R3000), loading of ELF and PE files, several bugs fixed.
6 Oct. 1997  Ported to Windows in console mode (recr4kpc.zip) and to SunOS (recr4ks4.tar.gz)
20 Sep. 1997  Created to make recr4kl.zip available.


CG's Home Page

Last updated: May 6, 2007