Anatomizer Decompiler
Program-Transformation.Org: The Program Transformation Wiki
Web sites (all in Japanese):
This binary decompiler for Win32 executables seems to have been around at least since early 2002.
The web pages are entirely in Japanese, which I cannot read.
I have found a few clues from the fragments of English interspersed with Japanese, along with a
Babelfish translation.
There seem to be three binaries available for download:
The C++ versions require MFC71.DLL, MSVCR71.DLL and MSVCP71.DLL. I could not get the alpha version to decompile anything, not even the
sample program from the web site. The VB version seems to take a very long time intitialising after loading larger program files. The 1.5B3 version seems to have severe output windows clipping problems. So the VB program would appear to be the best one to use, despite being a bit slow to start (and sometimes seems to just crash silently immediately after loading.)
The way to get a decompilation seems to be to open an executable (control-O on the 2004 version), choose an entry point (the upper option seems to work so far, (E) on some versions), then from the (R) menu choose (D) (control-D on the 2004 version) to get a list of procedures, select one, and from the (R) menu, choose (A) (control-A on the 2004 version) to see a decompilation. You can highlight the decompiled output and copy to the clipboard with control-C, or use the right mouse menu to select all, copy, etc. There is an option in the decompilation window to print the address of each basic block as a comment (left of 2 check boxes). Once you have done one decompilation, you can double click on a procedure in the procedure window to decompile it, replacing the existing decompilation.
Here is a small sample of output, from Boomerang's test/windows/lpq.exe. The disassembly is from objdump; I can't figure out how to copy the disassembly output to the clipboard as yet.
18c11f7: 8b 44 24 08 mov 0x8(%esp),%eax
18c11fb: 23 44 24 04 and 0x4(%esp),%eax
18c11ff: 2b 44 24 08 sub 0x8(%esp),%eax
18c1203: 83 f8 01 cmp $0x1,%eax
18c1206: 1b c0 sbb %eax,%eax
18c1208: f7 d8 neg %eax
18c120a: c2 08 00 ret $0x8
long proc_0002(void arg1, void arg2)
/* 018C11F7 - 018C120C
* Size : 22 ( 0x00000016 )
* Takes 8 Bytes parameters.
* Pascal calling convention.
* Call from proc_0001.
*/
{
register long loc1; /* EAX */
loc1 = (arg2 & arg1) - arg2;
/* Unsupported operation. */
_asm{018C1206 1BC0 SBB EAX,EAX};
return (!loc1);
}
The register variable is declared, and the AND and SUB instructions are combined into a suitable expression.
Unfortunately, the SBB idiom is not recognised, and the NEG instruction is dubiously translated into a ! (C not) operator.
Parameters are declared but not typed, so this code would not compile. The return value is typed, and the return value is used sensibly in proc_0001 (with
if (proc_0002() = 0) {).
For larger examples, see
Anatomizer Decompiler Test.
--
MikeVanEmmerik - 01 Aug 2005