RE: Decompiler?
> From: ow...@netptc.net > To: motamed...@hotmail.com; debian-user@lists.debian.org > Subject: RE: Decompiler? > Date: Mon, 22 Feb 2010 16:26:31 -0800 > > > > > > > > > Original Message > >From: motamed...@hotmail.com > >To: debian-user@lists.debian.org > >Subject: RE: Decompiler? > >Date: Mon, 22 Feb 2010 05:11:07 + > > > >> > >> > >> > >> > >>> Date: Sun, 21 Feb 2010 07:28:01 -0500 > >>> From: zlinux...@wowway.com > >>> To: debian-user@lists.debian.org > >>> Subject: Re: Decompiler? > >>> > >>> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: > >>> > > >>> > Dear All > >>> > > >>> > I have disassembled the object file on my Debian server , by the > >following : > >>> > > >>> > #objdump wmain > >>> > > >>> > In the output , I have recognized the intended subroutine that I > >need to > >>> > find the exact command syntax that it sends out. To this end, I > >asked > >>> > you guys on how to capture it through 'tcpdump' but didn't > >success. I > >>> > read this segment assembly language code but it is somewhat > >difficult to > >>> > decode. Can you please let me know what Debian decompiler is > >suitable for > >>> > this case? I tried with 'decompyle' but it didn't get through. > >>> > >>> First, let me make sure I understand what you are asking. You have > >some > >>> binary object code and you want to transform it back into the C > >source > >>> code that it came from. Is that right? Or did I misunderstand you? > >>> > >>> If that is what you want, then I doubt that it is possible. I've > >never > >>> heard of a decompiler. I have heard of a disassembler, but even > >they > >>> have their limitations. I myself have done extensive work as a > >programmer > >>> on a disassembler for the s390 platform. It happens to be the > >disassembler > >>> resident in the TRACK for z/VM freeware program. So I am speaking > >from > >>> experience here. Even a disassembler is a guess. Here are some > >things that > >>> you lose, even in a disassembler: > >>> > >>> 1. All comments. > >>> 2. The names of all variables > >>> 3. The distinction between code and data > >>> > >>> For example, if I encounter the hex string '41101004' that could > >be a > >>> > >>> LA 1,4(,1) > >>> > >>> instruction. But it might not be an instruction. It might be data. > >It > >>> might be > >>> > >>> DC F'1091571716' > >>> > >>> Or maybe it's a floating point number in traditional s390 > >hexadecimal > >>> floating point format. Or maybe it's part of an escape sequence of > >codes > >>> to be sent to a printer. You can never be sure. All these > >uncertainties > >>> are present in a disassembler. In assembly language, there is > >pretty much > >>> a one-to-one correspondence between assembler instructions and > >machine > >>> instructions. But in a high-level language, that is not so. A > >single > >>> statement in source code may generate a long sequence of machine > >instructions. > >>> How do you know where one statement ends and another begins? > >>> > >>> In short, I doubt if it is possible. Even if you do find something > >that > >>> purports to be a decompiler, its output will almost certainly not > >match > >>> the original input. Compilation is a one-way process. > >>> > >>> > >>> > >>> -- > >>> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > >>> with a subject of "unsubscribe". Trouble? Contact > >listmas...@lists.debian.org > >>> Archive: > >http://lists.debian.org/1425884921.13942331266755281555.JavaMail.root > >@md01.wow.synacor.com > >>> > >> > >> > >> > >>Thank you for your reply . Actually my Debian server is running an > >application program that sends commands toward an attached network > >element . The commands deal with 'profile read' , 'prof
RE: Decompiler?
> > > > Original Message >From: motamed...@hotmail.com >To: debian-user@lists.debian.org >Subject: RE: Decompiler? >Date: Mon, 22 Feb 2010 05:11:07 + > >> >> >> >> >>> Date: Sun, 21 Feb 2010 07:28:01 -0500 >>> From: zlinux...@wowway.com >>> To: debian-user@lists.debian.org >>> Subject: Re: Decompiler? >>> >>> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: >>> > >>> > Dear All >>> > >>> > I have disassembled the object file on my Debian server , by the >following : >>> > >>> > #objdump wmain >>> > >>> > In the output , I have recognized the intended subroutine that I >need to >>> > find the exact command syntax that it sends out. To this end, I >asked >>> > you guys on how to capture it through 'tcpdump' but didn't >success. I >>> > read this segment assembly language code but it is somewhat >difficult to >>> > decode. Can you please let me know what Debian decompiler is >suitable for >>> > this case? I tried with 'decompyle' but it didn't get through. >>> >>> First, let me make sure I understand what you are asking. You have >some >>> binary object code and you want to transform it back into the C >source >>> code that it came from. Is that right? Or did I misunderstand you? >>> >>> If that is what you want, then I doubt that it is possible. I've >never >>> heard of a decompiler. I have heard of a disassembler, but even >they >>> have their limitations. I myself have done extensive work as a >programmer >>> on a disassembler for the s390 platform. It happens to be the >disassembler >>> resident in the TRACK for z/VM freeware program. So I am speaking >from >>> experience here. Even a disassembler is a guess. Here are some >things that >>> you lose, even in a disassembler: >>> >>> 1. All comments. >>> 2. The names of all variables >>> 3. The distinction between code and data >>> >>> For example, if I encounter the hex string '41101004' that could >be a >>> >>> LA 1,4(,1) >>> >>> instruction. But it might not be an instruction. It might be data. >It >>> might be >>> >>> DC F'1091571716' >>> >>> Or maybe it's a floating point number in traditional s390 >hexadecimal >>> floating point format. Or maybe it's part of an escape sequence of >codes >>> to be sent to a printer. You can never be sure. All these >uncertainties >>> are present in a disassembler. In assembly language, there is >pretty much >>> a one-to-one correspondence between assembler instructions and >machine >>> instructions. But in a high-level language, that is not so. A >single >>> statement in source code may generate a long sequence of machine >instructions. >>> How do you know where one statement ends and another begins? >>> >>> In short, I doubt if it is possible. Even if you do find something >that >>> purports to be a decompiler, its output will almost certainly not >match >>> the original input. Compilation is a one-way process. >>> >>> >>> >>> -- >>> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >>> with a subject of "unsubscribe". Trouble? Contact >listmas...@lists.debian.org >>> Archive: >http://lists.debian.org/1425884921.13942331266755281555.JavaMail.root >@md01.wow.synacor.com >>> >> >> >> >>Thank you for your reply . Actually my Debian server is running an >application program that sends commands toward an attached network >element . The commands deal with 'profile read' , 'profile modify' , >and 'profile delete' issues . On the application gui , there is an >option to try for 'profile replace' that I cannot find the related >command . As there is a need to try for this 'profile replace' in >batch file , so I need to find the exact command syntax for this >purpose . I tried to capture it through tracing with 'tcpdump' but it >was un-successful . So I dis-assembled the code and I was lucky to >find the related subroutine . It is short in length but I cannot >decode it to find the logic in behind . So I need to find a >de-compiler to de-compile it to some sort of higher level languages >to see if I can understand the login behind
Re: Decompiler?
On Mon, 22 Feb 2010 07:42:19 + Hadi Motamedi wrote: [Lots of untrimmed quotes.] Please trim. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100222092450.a4925644.cele...@gmail.com
RE: Decompiler?
> From: mgb-deb...@yosemite.net > To: debian-user@lists.debian.org > Subject: Re: Decompiler? > Date: Mon, 22 Feb 2010 02:18:51 -0800 > > On Sun February 21 2010 23:42:19 Hadi Motamedi wrote: > > Thanks . As I don't want to completely analyze the whole of the program and > > I just want to find the exact syntax of an specific command that is being > > exchanged between my Debian and the remote network element , can you please > > let me know which de-compiler can I use to de-compiler just that small > > subroutine segment part ? > > If the protocol is open documented, read the documentation. > > Otherwise if the program is open source, download the source. > (Sometimes the source is more accurate than the documentation.) > > Otherwise see if you can find an open source program that does > the same thing, and read its source. > > Otherwise you're the decompiler (unless you can persuade somebody > else to decompile it for you). > > --Mike Bird > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/201002220218.51909.mgb-deb...@yosemite.net > Thank you very much for your reply . It seems that I cannot pursue further from this point on . So please consider this case as closed . Thank you again _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Re: Decompiler?
On Sun February 21 2010 23:42:19 Hadi Motamedi wrote: > Thanks . As I don't want to completely analyze the whole of the program and > I just want to find the exact syntax of an specific command that is being > exchanged between my Debian and the remote network element , can you please > let me know which de-compiler can I use to de-compiler just that small > subroutine segment part ? If the protocol is open documented, read the documentation. Otherwise if the program is open source, download the source. (Sometimes the source is more accurate than the documentation.) Otherwise see if you can find an open source program that does the same thing, and read its source. Otherwise you're the decompiler (unless you can persuade somebody else to decompile it for you). --Mike Bird -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201002220218.51909.mgb-deb...@yosemite.net
RE: Decompiler?
>> >> > Dear All >> >> > >> >> > I have disassembled the object file on my Debian server , by >> the >> >> following : >> >> > >> >> > #objdump wmain >> >> > >> >> > In the output , I have recognized the intended subroutine >> that I >> >> need to >> >> > find the exact command syntax that it sends out. To this end, >> I >> >> asked >> >> > you guys on how to capture it through 'tcpdump' but didn't >> >> success. I >> >> > read this segment assembly language code but it is somewhat >> >> difficult to >> >> > decode. Can you please let me know what Debian decompiler is >> >> suitable for >> >> > this case? I tried with 'decompyle' but it didn't get >> through. >> >> >> >> First, let me make sure I understand what you are asking. You >> have >> >> some >> >> binary object code and you want to transform it back into the C >> >> source >> >> code that it came from. Is that right? Or did I misunderstand >> you? >> >> >> >> If that is what you want, then I doubt that it is possible. >> I've >> >> never >> >> heard of a decompiler. I have heard of a disassembler, but even >> >> they >> >> have their limitations. I myself have done extensive work as a >> >> programmer >> >> on a disassembler for the s390 platform. It happens to be the >> >> disassembler >> >> resident in the TRACK for z/VM freeware program. So I am >> speaking >> >> from >> >> experience here. Even a disassembler is a guess. Here are some >> >> things that >> >> you lose, even in a disassembler: >> >> >> >> 1. All comments. >> >> 2. The names of all variables >> >> 3. The distinction between code and data >> >> >> >> For example, if I encounter the hex string '41101004' that >> could >> >> be a >> >> >> >> LA 1,4(,1) >> >> >> >> instruction. But it might not be an instruction. It might be >> data. >> >> It >> >> might be >> >> >> >> DC F'1091571716' >> >> >> >> Or maybe it's a floating point number in traditional s390 >> >> hexadecimal >> >> floating point format. Or maybe it's part of an escape sequence >> of >> >> codes >> >> to be sent to a printer. You can never be sure. All these >> >> uncertainties >> >> are present in a disassembler. In assembly language, there is >> >> pretty much >> >> a one-to-one correspondence between assembler instructions and >> >> machine >> >> instructions. But in a high-level language, that is not so. A >> >> single >> >> statement in source code may generate a long sequence of >> machine >> >> instructions. >> >> How do you know where one statement ends and another begins? >> >> >> >> In short, I doubt if it is possible. Even if you do find >> something >> >> that >> >> purports to be a decompiler, its output will almost certainly >> not >> >> match >> >> the original input. Compilation is a one-way process. >> >> >> > >> > >> > >> > Thank you for your reply . Actually my Debian server is running >> an >> > application program that sends commands toward an attached >> network >> > element . The commands deal with 'profile read' , 'profile >> modify' , >> > and 'profile delete' issues . On the application gui , there is >> an >> > option to try for 'profile replace' that I cannot find the >> related >> > command . As there is a need to try for this 'profile replace' >> in >> > batch file , so I need to find the exact command syntax for this >> > purpose . I tried to capture it through tracing with 'tcpdump' >> but >> > it was un-successful . So I dis-assembled the code and I was >> lucky >> > to find the related subroutine . It is short in length but I >> cannot >> > decode it to find the logic in behind . So I need to find a >> > de-compiler to de-compile it to some sort of higher level >> languages >> > to see if I can understand the login behind . Please give me a >> hint >> > on how to accomplish this . >> > >> > >> >> I once worked for a company that was asked to reverse engineer a >> file as the client had lost the original source. The method was to >> first create lots of simple programs that each contained just one, >> or few, lines of code, compile it, and then slowly build up a >> one-to-one map of source to binary. It was _extremely_ >> tedious the compiler would optimise code and so trial and error >> guesses had to often be made to try and get the compiler to build >> a >> specific chunk of binary. I do not want to ever do that again. >> However, it can be done. >> >> Please note, as others have said, you will not get any object >> names >> (variables or procedures) out of this, and you will always have to >> make educated guesses when data chunks are hard coded in. >> >> Regards, Tim. >> > > > Thanks . As I don't want to completely analyze the whole of the > program and I just want to find the exact syntax of an specific > command that is being exchanged between my Debian and the remote > network element , can you please let me know which de-compiler can I > use to de-compiler just that small subroutine segment part ? > >From your posts it appears you want something that will automatically
RE: Decompiler?
> Date: Mon, 22 Feb 2010 18:10:08 +1100 > Subject: RE: Decompiler? > From: t...@clewlow.org > To: debian-user@lists.debian.org > > > > > > > > > > > >> Date: Sun, 21 Feb 2010 07:28:01 -0500 > >> From: zlinux...@wowway.com > >> To: debian-user@lists.debian.org > >> Subject: Re: Decompiler? > >> > >> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: > >> > > >> > Dear All > >> > > >> > I have disassembled the object file on my Debian server , by the > >> following : > >> > > >> > #objdump wmain > >> > > >> > In the output , I have recognized the intended subroutine that I > >> need to > >> > find the exact command syntax that it sends out. To this end, I > >> asked > >> > you guys on how to capture it through 'tcpdump' but didn't > >> success. I > >> > read this segment assembly language code but it is somewhat > >> difficult to > >> > decode. Can you please let me know what Debian decompiler is > >> suitable for > >> > this case? I tried with 'decompyle' but it didn't get through. > >> > >> First, let me make sure I understand what you are asking. You have > >> some > >> binary object code and you want to transform it back into the C > >> source > >> code that it came from. Is that right? Or did I misunderstand you? > >> > >> If that is what you want, then I doubt that it is possible. I've > >> never > >> heard of a decompiler. I have heard of a disassembler, but even > >> they > >> have their limitations. I myself have done extensive work as a > >> programmer > >> on a disassembler for the s390 platform. It happens to be the > >> disassembler > >> resident in the TRACK for z/VM freeware program. So I am speaking > >> from > >> experience here. Even a disassembler is a guess. Here are some > >> things that > >> you lose, even in a disassembler: > >> > >> 1. All comments. > >> 2. The names of all variables > >> 3. The distinction between code and data > >> > >> For example, if I encounter the hex string '41101004' that could > >> be a > >> > >> LA 1,4(,1) > >> > >> instruction. But it might not be an instruction. It might be data. > >> It > >> might be > >> > >> DC F'1091571716' > >> > >> Or maybe it's a floating point number in traditional s390 > >> hexadecimal > >> floating point format. Or maybe it's part of an escape sequence of > >> codes > >> to be sent to a printer. You can never be sure. All these > >> uncertainties > >> are present in a disassembler. In assembly language, there is > >> pretty much > >> a one-to-one correspondence between assembler instructions and > >> machine > >> instructions. But in a high-level language, that is not so. A > >> single > >> statement in source code may generate a long sequence of machine > >> instructions. > >> How do you know where one statement ends and another begins? > >> > >> In short, I doubt if it is possible. Even if you do find something > >> that > >> purports to be a decompiler, its output will almost certainly not > >> match > >> the original input. Compilation is a one-way process. > >> > >> > >> > >> -- > >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > >> with a subject of "unsubscribe". Trouble? Contact > >> listmas...@lists.debian.org > >> Archive: > >> http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com > >> > > > > > > > > Thank you for your reply . Actually my Debian server is running an > > application program that sends commands toward an attached network > > element . The commands deal with 'profile read' , 'profile modify' , > > and 'profile delete' issues . On the application gui , there is an > > option to try for 'profile replace' that I cannot find the related > > command . As there is a need to try for this 'profile replace' in > > batch file , so I need to find the exact command syntax for this > > purpose . I tried to capture it through tracing with 'tcpdump' but >
RE: Decompiler?
> Date: Sun, 21 Feb 2010 22:41:46 -0800 > From: and...@farwestbilliards.com > To: debian-user@lists.debian.org > Subject: Re: Decompiler? > > On Mon, Feb 22, 2010 at 05:11:07AM +, Hadi Motamedi wrote: > [... snip nice explanation of why this won't work...] > > > So I dis-assembled the code and I was lucky to find the related > > subroutine . It is short in length but I cannot decode it to find the > > logic in behind . So I need to find a de-compiler to de-compile it to > > some sort of higher level languages to see if I can understand the > > login behind . Please give me a hint on how to accomplish this . > > basically it can't be done. It's a one-way operation. Picture this -- > within C there are several ways to print a value to the screen. These > all likely produce similar machine code where a register is loaded > with the address of the value to print and then a print routine is > called. The question when decompiling is: how do you know *which* > method of printing a string to decompile to? You can't know. Throw in > the fact that code and data are indistinguishable at the machine > level, and it's basically impossible. Now remember that there are many > many many languages that compile to machine code. How do you even know > which language it was originally written in? What language do you > target for the decompilation? > > The transformation of high-level code into machine code is not an > isomorphism. It cannot be reversed. > > That said, there my be ways to make some reasonable guess as to what > the code is doing and de-compile to some psuedo-language, but this > will still largely be guesswork. If you can make it work even remotely > reliably, you could probably get a PhD for the work... > > A Thank you for your reply . The dis-assembled code is in x86 assembly language and the original code in written with c++ running on my Debian server . Can you please let me know if it can helps finding a dis-compiler to have some sort of higher level language code to see if I am still lucky to find the logic behind ? _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969
RE: Decompiler?
> > > > >> Date: Sun, 21 Feb 2010 07:28:01 -0500 >> From: zlinux...@wowway.com >> To: debian-user@lists.debian.org >> Subject: Re: Decompiler? >> >> On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: >> > >> > Dear All >> > >> > I have disassembled the object file on my Debian server , by the >> following : >> > >> > #objdump wmain >> > >> > In the output , I have recognized the intended subroutine that I >> need to >> > find the exact command syntax that it sends out. To this end, I >> asked >> > you guys on how to capture it through 'tcpdump' but didn't >> success. I >> > read this segment assembly language code but it is somewhat >> difficult to >> > decode. Can you please let me know what Debian decompiler is >> suitable for >> > this case? I tried with 'decompyle' but it didn't get through. >> >> First, let me make sure I understand what you are asking. You have >> some >> binary object code and you want to transform it back into the C >> source >> code that it came from. Is that right? Or did I misunderstand you? >> >> If that is what you want, then I doubt that it is possible. I've >> never >> heard of a decompiler. I have heard of a disassembler, but even >> they >> have their limitations. I myself have done extensive work as a >> programmer >> on a disassembler for the s390 platform. It happens to be the >> disassembler >> resident in the TRACK for z/VM freeware program. So I am speaking >> from >> experience here. Even a disassembler is a guess. Here are some >> things that >> you lose, even in a disassembler: >> >> 1. All comments. >> 2. The names of all variables >> 3. The distinction between code and data >> >> For example, if I encounter the hex string '41101004' that could >> be a >> >> LA 1,4(,1) >> >> instruction. But it might not be an instruction. It might be data. >> It >> might be >> >> DC F'1091571716' >> >> Or maybe it's a floating point number in traditional s390 >> hexadecimal >> floating point format. Or maybe it's part of an escape sequence of >> codes >> to be sent to a printer. You can never be sure. All these >> uncertainties >> are present in a disassembler. In assembly language, there is >> pretty much >> a one-to-one correspondence between assembler instructions and >> machine >> instructions. But in a high-level language, that is not so. A >> single >> statement in source code may generate a long sequence of machine >> instructions. >> How do you know where one statement ends and another begins? >> >> In short, I doubt if it is possible. Even if you do find something >> that >> purports to be a decompiler, its output will almost certainly not >> match >> the original input. Compilation is a one-way process. >> >> >> >> -- >> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmas...@lists.debian.org >> Archive: >> http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com >> > > > > Thank you for your reply . Actually my Debian server is running an > application program that sends commands toward an attached network > element . The commands deal with 'profile read' , 'profile modify' , > and 'profile delete' issues . On the application gui , there is an > option to try for 'profile replace' that I cannot find the related > command . As there is a need to try for this 'profile replace' in > batch file , so I need to find the exact command syntax for this > purpose . I tried to capture it through tracing with 'tcpdump' but > it was un-successful . So I dis-assembled the code and I was lucky > to find the related subroutine . It is short in length but I cannot > decode it to find the logic in behind . So I need to find a > de-compiler to de-compile it to some sort of higher level languages > to see if I can understand the login behind . Please give me a hint > on how to accomplish this . > > > > > _ > Hotmail: Trusted email with MicrosoftÂ’s powerful SPAM protection. > https://signup.live.com/signup.aspx?id=60969 I once worked for a company that was asked to reverse engineer a file as the client had l
Re: Decompiler?
On Mon, Feb 22, 2010 at 05:11:07AM +, Hadi Motamedi wrote: [... snip nice explanation of why this won't work...] > So I dis-assembled the code and I was lucky to find the related > subroutine . It is short in length but I cannot decode it to find the > logic in behind . So I need to find a de-compiler to de-compile it to > some sort of higher level languages to see if I can understand the > login behind . Please give me a hint on how to accomplish this . basically it can't be done. It's a one-way operation. Picture this -- within C there are several ways to print a value to the screen. These all likely produce similar machine code where a register is loaded with the address of the value to print and then a print routine is called. The question when decompiling is: how do you know *which* method of printing a string to decompile to? You can't know. Throw in the fact that code and data are indistinguishable at the machine level, and it's basically impossible. Now remember that there are many many many languages that compile to machine code. How do you even know which language it was originally written in? What language do you target for the decompilation? The transformation of high-level code into machine code is not an isomorphism. It cannot be reversed. That said, there my be ways to make some reasonable guess as to what the code is doing and de-compile to some psuedo-language, but this will still largely be guesswork. If you can make it work even remotely reliably, you could probably get a PhD for the work... A signature.asc Description: Digital signature
RE: Decompiler?
> Date: Sun, 21 Feb 2010 07:28:01 -0500 > From: zlinux...@wowway.com > To: debian-user@lists.debian.org > Subject: Re: Decompiler? > > On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: > > > > Dear All > > > > I have disassembled the object file on my Debian server , by the following : > > > > #objdump wmain > > > > In the output , I have recognized the intended subroutine that I need to > > find the exact command syntax that it sends out. To this end, I asked > > you guys on how to capture it through 'tcpdump' but didn't success. I > > read this segment assembly language code but it is somewhat difficult to > > decode. Can you please let me know what Debian decompiler is suitable for > > this case? I tried with 'decompyle' but it didn't get through. > > First, let me make sure I understand what you are asking. You have some > binary object code and you want to transform it back into the C source > code that it came from. Is that right? Or did I misunderstand you? > > If that is what you want, then I doubt that it is possible. I've never > heard of a decompiler. I have heard of a disassembler, but even they > have their limitations. I myself have done extensive work as a programmer > on a disassembler for the s390 platform. It happens to be the disassembler > resident in the TRACK for z/VM freeware program. So I am speaking from > experience here. Even a disassembler is a guess. Here are some things that > you lose, even in a disassembler: > > 1. All comments. > 2. The names of all variables > 3. The distinction between code and data > > For example, if I encounter the hex string '41101004' that could be a > > LA 1,4(,1) > > instruction. But it might not be an instruction. It might be data. It > might be > > DC F'1091571716' > > Or maybe it's a floating point number in traditional s390 hexadecimal > floating point format. Or maybe it's part of an escape sequence of codes > to be sent to a printer. You can never be sure. All these uncertainties > are present in a disassembler. In assembly language, there is pretty much > a one-to-one correspondence between assembler instructions and machine > instructions. But in a high-level language, that is not so. A single > statement in source code may generate a long sequence of machine instructions. > How do you know where one statement ends and another begins? > > In short, I doubt if it is possible. Even if you do find something that > purports to be a decompiler, its output will almost certainly not match > the original input. Compilation is a one-way process. > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com > Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re: Decompiler?
On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: > > Dear All > > I have disassembled the object file on my Debian server , by the following : > > #objdump wmain > > In the output , I have recognized the intended subroutine that I need to > find the exact command syntax that it sends out. To this end, I asked > you guys on how to capture it through 'tcpdump' but didn't success. I > read this segment assembly language code but it is somewhat difficult to > decode. Can you please let me know what Debian decompiler is suitable for > this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DCF'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com
