EvilZone

Hacking and Security => Reverse Engineering => : m0l0ko January 04, 2013, 07:29:27 AM

: Reverse engineering an executable
: m0l0ko January 04, 2013, 07:29:27 AM

Does one have to first disassemble it then convert the assembly code into a higher level language (i.e. C++) or is there a way to decompile the executable directly into the code that was used to compile it?

: Re: Reverse engineering an executable
: Mike245 January 04, 2013, 07:42:05 AM

I would like to point out that it is impossible to get the original source code from a executable. Once a program is compiled it loses a lot of the original code and there is no way to get it back perfectly. Once a program is reverse engineered into assembly there are programs to try and construct it into code for a high level language though. Not sure exactly of the names of the programs.

: Re: Reverse engineering an executable
: TeamVega January 04, 2013, 09:31:58 AM

It helps if you know what language the exe was written in as there are loads of de-compiler software to help in getting some of the source code.

: Re: Reverse engineering an executable
: m0l0ko January 04, 2013, 11:51:42 AM

I found a pretty good article on all this:
http://www.debugmode.com/dcompile/

: Re: Reverse engineering an executable
: zWaR January 04, 2013, 08:02:12 PM

Short answer is yes! It is possible to retrieve the source code from an executable. But the process might be a bit different as you would expect. In general there is no tool which would take your executable and spit out it's source code. However, what you can do is decompile the executable, analyze the assembly and try to understand what it does, then based on this analysis write the source code of the application. Malware analaysis can be performed that way for example. Unfortuately in most of the cases it is not trivial. m0l0ko's reference only scratches the surface to get you an general idea of how this can be done.

If you'd like to learn more here are some suggestions:

• There are 2 different widely used syntaxes for the assembly representation. Intel syntax which you will meet on windows and AT&T syntax, which you will meet on linux. On the beginning it is probably better to start with the Intel syntax. But I suggest to get acquainted with both.
• Check out the reverse engineering section on evilzone it has a lot of material which will help you for sure.
• A quite decent book on asembly (it uses AT&T syntax though): http://evilzone.org/ebooks/professional-assembly-programming%28programmer-to-programmer%29/msg41570/#msg41570 (http://evilzone.org/ebooks/professional-assembly-programming%28programmer-to-programmer%29/msg41570/#msg41570)
• And finaly I'd suggest this site to learn more about it: http://opensecuritytraining.info (http://opensecuritytraining.info)

: Re: Reverse engineering an executable
: Super_mario666 January 05, 2013, 06:03:29 AM

nope the source file is long gone. the best you can do is run a trace of the executable, figure out how it works and write the code your yourself or directly change the assembly code and make it do what you want that way.

: Re: Reverse engineering an executable
: proxx January 05, 2013, 12:20:46 PM

http://www.digitalbodyguard.com/GrayWolf.html

I recently watched this guys defcon or blackhat talk, cant remember.
But this is some really cool stuff.
Its designed for .net applications.
Did I mention this is really good.

: Re: Reverse engineering an executable
: zWaR January 05, 2013, 12:50:32 PM

: proxx  January 05, 2013, 12:20:46 PM

http://www.digitalbodyguard.com/GrayWolf.html

I recently watched this guys defcon or blackhat talk, cant remember.
But this is some really cool stuff.
Its designed for .net applications.
Did I mention this is really good.

Interesting. Did you try it?

Hope it's really going to be open source in the future...