Decompilation Resources

Program-Transformation.Org: The Program Transformation Wiki
This page contains links to projects peripherally related to decompilation.

Binary files

The format of Executable files

  • Win32PE (An In-Depth Look into the Win32 Portable Executable File Format)
  • Pc Exe Format from The Interrupt List by Ralph Brown
  • Ne Format (the NE (New Executable) format (16 bit Windows))
  • ExeFmt A description of the New Executable (NE) 16-bit Windows format.
  • Pe Dump (PE dump program)
  • VXPE (VX Portable Executable Viewer)
  • PE Explorer (Commercial tool)
  • Manuals on several executable file formats (OMF, PE, ELF, Dwarf, etc)

Tool generator tools

These tools generate tools such as disassemblers, code generators, perhaps even architecture simulators from specification files.
  • Njmc Tk The New Jersey Machine-Code Toolkit
  • Sim-nML might be considered a competitor to the NJMC toolkit. Using specifications, you can generate disassemblers, code generators, simulators, etc.
  • CGen is a framework for developing generators of CPU-related tools such as assemblers, disassemblers and simulators.
  • ISDL (Instruction Set Description Language) may also be applicable.
  • This page from Obsidian Software has a great list of options and survey papers.

Resource extractors

Resource extractors specialised for Visual Basic, .NET, etc are in other pages.
  • Resource-Grabber, a tool that scans and extracts from PE binaries useful resources such as icons, bitmaps, sound files and more.

Fenris tools

Fenris is a multipurpose tracer, GUI debugger, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics. One of the tools, dress, can attempt to restore a symbol table in a stripped executable file (adding symbols for statically linked libraries that it recognises). It seems that this tool only supports gcc at present, but the idea is interesting. GPL'd and downloadable from the web page. Linux/x86 only.

Binary file decompilation

  • Decompilation of executables (http://www.debugmode.com/dcompile), is a first-timer's tutorial into the process of decompilation and ethics. Also has the code for DisC, a simple decompiler for DOS Turbo C compiler generated executables.

  • The Revenge project aims to produce a sort of dynamic decompiler, which records instruction executions, and learns the actual values taken by variables in running the project. As of January 2004, this project is still in the planning stages.

Java and .NET related

See Java Decompilers links or Dot Net Decompilers links.

Delphi related

  • DeDe reproduces aspects of a Delphi compiled program. It also has a DCU Dumper to "retrieve near to pascal code of your DCU files".

Conferences and workshops

  • The Working Conference on Reverse Engineering (WCRE) has decompilation in its list of relevant topics.

  • ACM SIGPLAN Symposium on Partial Evaluation and Program Manipulation - (PEPM). Specifically includes decompilation in its topics of interest.

  • The workshop on Source Code Analysis and Modification (SCAM) also lists decompilation in its list of relevant topics.

  • The European Conference on Software Maintenance and Reengineering (CSMR) includes topics such as "reverse engineering of embedded systems". Non European contributions are welcome. See CSMR 2005, or http://reengineer.org.

  • The International Conference on Software Maintenance (ICSM) publishes some papers related to decompilation.

Decompilation Papers

  • "Using a Decompiler for Real World Source Recovery", Mike Van Emmerik and Trent Waddington. Proc. Working Conf. on Reverse Engineering. IEEE-CS Press, 2004. An extended version is available here.

  • "Fast Decompilation of Compiled Prolog Clauses", Kevin A. Buettner. In Proceedings of the 3rd Int'l Conf. on Logic Programming, Springer Verlag (225) 663-679, 1986.

Decompilation Books

There are at present no books specifically on the subject of native executable decompilation.

  • "Security Warrior" by Cyrus Peikari and Anton Chuvakin (O'Reilly 2004) has chapters on reverse engineering of machine code Windows (online chapter), Linux, Windows CE, and more.

  • "Exploiting Software : How to Break Code" by Greg Hoglund and Gary McGraw has a short section on disassembling and decompiling. Unfortunately, the authors confuse these two processes, and make statements like "REC provides 100% C source code recovery for some kinds of binary executables" (not true; it produces C-like output). Addison-Wesley 2004, ISBN 0201786958.

Online Collaborative Books

Miscellaneous

  • Hexblog, by Ilfak Guilfanov (author of IDA Pro), has a decompilation category. Other categories, such as the IDA Pro category, are often of interest.

  • You can use the dllman32 Windows Dynamic Link Library Investigator for finding dependencies among DLL's.

  • Fravia's page of Reverse engineering has a cracker's viewpoint, including a page on the legality of reverse engineering. The URL keeps changing; just search for it.

  • The static recompilers Yahoo group have the goal of statically translating binary code (mostly old arcade games) from one architecture to another. There is a tool called Orion that emits a sort of unrolled interpreter of input machine instructions into C code. It's basically static binary translation, so the output is hard to read, and the original machine's instructions are very visible. Works on code from Z80, 6502, and a few other architectures.

  • Unconfirmed: John Banning and Hans Pufal's NLZ program, said to be part of Hunter Systems's XDOS suite. It was reportedly able to decompile PC applications and help port them to Unix workstations. Original contact: Hunter Systems, since acquired by Miltiport of Mountain View, CA, USA.


CategoryDecompilation

Transform.DecompilationResources moved from Transform.DeCompilationResources on 13 Feb 2003 - 22:28 by MikeVanEmmerik - put it back