Dcc Decompiler

Program-Transformation.Org: The Program Transformation Wiki
dcc is a research decompiler, written as a proof of concept for Cristina Cifuentes' PhD thesis.

A complete distribution of dcc (executable, source, tools to generate signatures, etc) is available. The authors ask users to first read the readme file, before downloading the archive. It may also be worth visiting the dcc home page. Please note that the authors are not currently working on this project so they cannot support any changes to the distribution. The distribution contains known bugs. Only small 80286 DOS programs can be decompiled, and only to C (not C++).

The research done by this group has focused on reconstructing the original control-flow from the assembly instructions. They also have a hash-based recognizing tool for libraries. The program lacks a complete coverage of all instructions (e.g., the floating point instructions are missing), and does not do anything in the area of data type reconstruction.

For tests, see Dcc decompiler tests.

In 2002, André Janz wrote a diploma thesis entitled "Experimente mit einem Decompiler im Hinblick auf die forensische Informatik" ("Experiments with a Decompiler regarding forensic Computer Science"). He modified the source code for dcc to read Win32 Portable Executable (PE) files. With the help of web translation tools, it seems to me that the conclusion was that while a rewrite would be needed to properly represent programs in the 80386 instruction set, reasonable results were obtained. It seems the author even added Win32 signature recognition. I could not find a URL to download the source code.


CategoryDecompilation

Transform.DccDecompiler moved from Transform.DecompilationDcc on 02 Mar 2005 - 07:24 by MikeVanEmmerik - put it back