[Problem] How to extract the source code of any program

[m0l0ko]

I know how to decompile java .class files but how would I go about decompiling a .exe file? Can I find out what language was used to code the app then go from there?

[namespace7]

Well its a bit complex.
For some languages you can use decompilers like VB decompiler or DeDe for delphi.
C also has a decompiler but its expensive as hell and hard to get. Google HexRays.
Also do some reading about Boomerang. It is an interesting project but I personally couldn't get it to work properly.

However, if you fail to find a decompiler for your exe program, you can still dissasemble it. Modern disasemblers make it rather easy to debug and analyze assembly code. I recommend OllyDbg.

[Kulverstukas]

Can I find out what language was used to code the app?

Yes, you can determine the language and sometimes even a compiler from the PE header.
PE header is embedded in every EXE by the compiler, unless the EXE was scrambled with a crypter or obfuscator of some sort or a packer (if UPX then you can depack the EXE with UPX as well).
There is also a tool for that here: http://www.woodmann.com/collaborative/tools/index.php/ExeInfo_PE

[m0l0ko]

I can't get the linux version of boomerang to work myself either.

[p_2001]

Yes, you can determine the language and sometimes even a compiler from the PE header.
PE header is embedded in every EXE by the compiler, unless the EXE was scrambled with a crypter or obfuscator of some sort or a packer (if UPX then you can depack the EXE with UPX as well).
There is also a tool for that here: http://www.woodmann.com/collaborative/tools/index.php/ExeInfo_PE

this, or you can look at the registers and see how the packer works and manually unpack the file...
the theory is simple enough and that's why programs still get cracked ; D

[namespace7]

this, or you can look at the registers and see how the packer works and manually unpack the file...
the theory is simple enough and that's why programs still get cracked ; D

Yeah, crackers dont even bother what language the program was written in, because its easy to crack binary software by disassembling it and simply debugging the binary in run time and changing some logic operations that do the "bouncer" work. The problem is, these days software developers are making it harder to correctly debug the code by introducing new protection methods, like VM/disasembler/debugger detection and so on.

[strong115]

namespace7

your tutorial is very powerful and instructive i like it and thank you very much

after reading your tutorial i can sum it up in 3 ideas

1) decompiling does not give the exact program code
2) as a consequence of one the resulting source code will be very complicated and hard to deal with and it will take a lot of time and cost a lot of energy especially for thousands of lines to understand and grasp
3)some programs are immunized against decompiling

so disassembling is the best way to work with a program
this is good

[evensteven]

OP


Ida pro is pretty good.....pretty expensive if you buy it tho

[Alin]

OP


Ida pro is pretty good.....pretty expensive if you buy it tho

Though I've heard the "Swedish AppStore" has it on sale.. If your lucky it includes free malware, so better run it in a virtual machine.


Hex-Rays's compiler, which is included in some Ida pro versions, actually does a great job decompiling. I've been told by friends that Hopper [1] is getting decent, but I have no experience with it. It's also well priced, compared to Hex-Rays!


[1] http://www.hopperapp.com/