Author Topic: Decompilation (fun with decompilers) (Read 2216 times)

Holy_Diver · « **on:** October 11, 2009, 09:56:43 am »

I don't have time to be bothered with this myself, but I'd like to encourage some of you guys to give this a shot:

http://www.backerstreet.com/decompiler/decompilers.htm

If any of you can convert SOM into readable C or C++ code, I think I could put this to a number of uses. I don't personally see much point in trying to rebuild SOM, but I think this could reveal the location of a number of valuable addresses in SOM's exe image, and might be useful for unraveling file formats if we can really make sense of what is going on. There are probably other advantages as well.

After we ever decompile the beasty we could go about assigning logical names to some of the variables involved as part of an ongoing effort (just in case anyone gets bored)

Holy_Diver · « **Reply #1 on:** October 13, 2009, 03:01:17 am »

I'm playing with this stuff as we speak...

Boomerang is working on som_db.exe. It will probably be a while before it finishes, if it does.

Holy_Diver · « **Reply #2 on:** October 13, 2009, 03:58:15 am »

^Actually it was just stuck because I'd let it go into debug mode. Unfortunately Boomerange gummed up before getting to the decompile step, and the Boomerang project appears to be dead since 2006. Which makes me wonder if anyone is working on decompilers these days

The Rec decompiler seemed ok, and definitely geared toward older PE files like SOM. But it's features were really not there, so it didn't seem usable as such.

dmpdesign · « **Reply #3 on:** October 13, 2009, 07:18:37 pm »

I plan on learning a bit of C# soon, and maybe a tad of C++. Since I am currently a complete noob of both, would there be a chance that it may be decompilable in C#?

I would rather try to play around with it in a program I am going to know more about.

Holy_Diver · « **Reply #4 on:** October 13, 2009, 10:33:21 pm »

Personally I never plan on learning C#. Not only does it seem completely unnecessary (to me) afaik it's a Microsoft pet project deal (meaning no serious programmers will touch it with a 10 foot pole)

Just doing a Bing search (this link is in no way conclusive) this comes up (http://cplus.about.com/od/glossar1/g/GCC.htm)

If GCC doesn't support it, you definitely should think really hard about investing time in it... unless like your employer thinks it would be a good idea.

No decompiler other than MS would support C# (and it's hard to imagine MS selling a decompiler)

In general it seems like decompilers are a sort of mythical beast. At best it looks like an infant field of study with no practical applications. There might be a really good commercial decompiler out there (commercial stuff is usually not on my radar) but there doesn't seem to be.

So in conclusion I think any chance of decompiling SOM seems pretty hopeless. It would be nice though. Still I don't think it's a must for anything on the horizon (at least which I can dream up)

PS: I could be wrong, but I think C++ is a subset of C#. Though many C++ type operations require special care with C#. I just don't see MS taking over the world with C#.

News:

Author Topic: Decompilation (fun with decompilers) (Read 2216 times)

Holy_Diver

Decompilation (fun with decompilers)

Holy_Diver

Re: Decompilation (fun with decompilers)

Holy_Diver

Re: Decompilation (fun with decompilers)

dmpdesign

Re: Decompilation (fun with decompilers)

Holy_Diver

Re: Decompilation (fun with decompilers)