RE: Decompiler?
Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA 1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DC F'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . I once worked for a company that was asked to reverse engineer a file as the client had lost the original source. The method was to first create lots of simple programs that each contained just one, or few, lines of code, compile it, and then slowly build up a one-to-one map of source to binary. It was _extremely_ tedious the compiler would optimise code and so trial and error guesses had to often be made to try and get the compiler to build a specific chunk of binary. I do not want to ever do that again. However, it can be done. Please note, as others have said, you will not get any object names (variables or procedures) out of this, and you will always have to make educated guesses when data chunks are hard coded in. Regards, Tim. Thanks . As I don't want to completely analyze the whole of the program and I just want to find the exact syntax of an specific command that is being exchanged between my Debian and the remote network element , can you please let me know which de-compiler can I use to de-compiler just that small subroutine segment part ? From your posts it appears you want something that will automatically parse an unknown protocol, with unknown data format and content. Or, automatically decompile a binary executable. The answer that you are being given is - there is NO automatic way to do this. It can be done, but not by a machine, in other words, the decoder/decompiler is YOU. You will need to analyse the data and make sense of it yourself, there simply is no other way. I'm guessing you don't want this to be the answer, but unfortunately it is. Good luck, Tim.
Re: Decompiler?
On Sun February 21 2010 23:42:19 Hadi Motamedi wrote: Thanks . As I don't want to completely analyze the whole of the program and I just want to find the exact syntax of an specific command that is being exchanged between my Debian and the remote network element , can you please let me know which de-compiler can I use to de-compiler just that small subroutine segment part ? If the protocol is open documented, read the documentation. Otherwise if the program is open source, download the source. (Sometimes the source is more accurate than the documentation.) Otherwise see if you can find an open source program that does the same thing, and read its source. Otherwise you're the decompiler (unless you can persuade somebody else to decompile it for you). --Mike Bird -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201002220218.51909.mgb-deb...@yosemite.net
RE: Decompiler?
From: mgb-deb...@yosemite.net To: debian-user@lists.debian.org Subject: Re: Decompiler? Date: Mon, 22 Feb 2010 02:18:51 -0800 On Sun February 21 2010 23:42:19 Hadi Motamedi wrote: Thanks . As I don't want to completely analyze the whole of the program and I just want to find the exact syntax of an specific command that is being exchanged between my Debian and the remote network element , can you please let me know which de-compiler can I use to de-compiler just that small subroutine segment part ? If the protocol is open documented, read the documentation. Otherwise if the program is open source, download the source. (Sometimes the source is more accurate than the documentation.) Otherwise see if you can find an open source program that does the same thing, and read its source. Otherwise you're the decompiler (unless you can persuade somebody else to decompile it for you). --Mike Bird -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201002220218.51909.mgb-deb...@yosemite.net Thank you very much for your reply . It seems that I cannot pursue further from this point on . So please consider this case as closed . Thank you again _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Re: Decompiler?
On Mon, 22 Feb 2010 07:42:19 + Hadi Motamedi motamed...@hotmail.com wrote: [Lots of untrimmed quotes.] Please trim. Celejar -- foffl.sourceforge.net - Feeds OFFLine, an offline RSS/Atom aggregator mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100222092450.a4925644.cele...@gmail.com
RE: Decompiler?
Original Message From: motamed...@hotmail.com To: debian-user@lists.debian.org Subject: RE: Decompiler? Date: Mon, 22 Feb 2010 05:11:07 + Date: Sun, 21 Feb 2010 07:28:01 -0500 From: zlinux...@wowway.com To: debian-user@lists.debian.org Subject: Re: Decompiler? On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA 1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DC F'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.JavaMail.root @md01.wow.synacor.com Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . I think you already got your answer although you may not like it. If the program was written in assembler than a dis-assembler will give you the source code; however even if you have that you still do not have the whole picture (e.g. the symbol tables). If the program was written in a HLL such as C I know of no way to go from the machine code back to the source code. In fact looking at the machine code won't even tell you what HLL the source was written in or what compiler was used. I think you are proceeding down the wrong path. Larry _ Hotmail: Trusted email with Microsofts powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/380-22010222302631...@netptc.net
RE: Decompiler?
From: ow...@netptc.net To: motamed...@hotmail.com; debian-user@lists.debian.org Subject: RE: Decompiler? Date: Mon, 22 Feb 2010 16:26:31 -0800 Original Message From: motamed...@hotmail.com To: debian-user@lists.debian.org Subject: RE: Decompiler? Date: Mon, 22 Feb 2010 05:11:07 + Date: Sun, 21 Feb 2010 07:28:01 -0500 From: zlinux...@wowway.com To: debian-user@lists.debian.org Subject: Re: Decompiler? On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA 1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DC F'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.JavaMail.root @md01.wow.synacor.com Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . I think you already got your answer although you may not like it. If the program was written in assembler than a dis-assembler will give you the source code; however even if you have that you still do not have the whole picture (e.g. the symbol tables). If the program was written in a HLL such as C I know of no way to go from the machine code back to the source code. In fact looking at the machine code won't even tell you what HLL the source was written in or what compiler was used. I think you are proceeding down the wrong path. Larry _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 Thank you for your reply . It seems that this case is closed
Re: Decompiler?
On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DCF'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com
RE: Decompiler?
Date: Sun, 21 Feb 2010 07:28:01 -0500 From: zlinux...@wowway.com To: debian-user@lists.debian.org Subject: Re: Decompiler? On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA 1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DC F'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re: Decompiler?
On Mon, Feb 22, 2010 at 05:11:07AM +, Hadi Motamedi wrote: [... snip nice explanation of why this won't work...] So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . basically it can't be done. It's a one-way operation. Picture this -- within C there are several ways to print a value to the screen. These all likely produce similar machine code where a register is loaded with the address of the value to print and then a print routine is called. The question when decompiling is: how do you know *which* method of printing a string to decompile to? You can't know. Throw in the fact that code and data are indistinguishable at the machine level, and it's basically impossible. Now remember that there are many many many languages that compile to machine code. How do you even know which language it was originally written in? What language do you target for the decompilation? The transformation of high-level code into machine code is not an isomorphism. It cannot be reversed. That said, there my be ways to make some reasonable guess as to what the code is doing and de-compile to some psuedo-language, but this will still largely be guesswork. If you can make it work even remotely reliably, you could probably get a PhD for the work... A signature.asc Description: Digital signature
RE: Decompiler?
Date: Sun, 21 Feb 2010 07:28:01 -0500 From: zlinux...@wowway.com To: debian-user@lists.debian.org Subject: Re: Decompiler? On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA 1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DC F'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . _ Hotmail: Trusted email with Microsofts powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 I once worked for a company that was asked to reverse engineer a file as the client had lost the original source. The method was to first create lots of simple programs that each contained just one, or few, lines of code, compile it, and then slowly build up a one-to-one map of source to binary. It was _extremely_ tedious the compiler would optimise code and so trial and error guesses had to often be made to try and get the compiler to build a specific chunk of binary. I do not want to ever do that again. However, it can be done. Please note, as others have said, you will not get any object names (variables or procedures) out of this, and you will always have to make educated guesses when data chunks are hard coded in. Regards, Tim. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5ebd1c701d43edd6bb09531a2cea4dac.squir...@192.168.1.100
RE: Decompiler?
Date: Sun, 21 Feb 2010 22:41:46 -0800 From: and...@farwestbilliards.com To: debian-user@lists.debian.org Subject: Re: Decompiler? On Mon, Feb 22, 2010 at 05:11:07AM +, Hadi Motamedi wrote: [... snip nice explanation of why this won't work...] So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . basically it can't be done. It's a one-way operation. Picture this -- within C there are several ways to print a value to the screen. These all likely produce similar machine code where a register is loaded with the address of the value to print and then a print routine is called. The question when decompiling is: how do you know *which* method of printing a string to decompile to? You can't know. Throw in the fact that code and data are indistinguishable at the machine level, and it's basically impossible. Now remember that there are many many many languages that compile to machine code. How do you even know which language it was originally written in? What language do you target for the decompilation? The transformation of high-level code into machine code is not an isomorphism. It cannot be reversed. That said, there my be ways to make some reasonable guess as to what the code is doing and de-compile to some psuedo-language, but this will still largely be guesswork. If you can make it work even remotely reliably, you could probably get a PhD for the work... A Thank you for your reply . The dis-assembled code is in x86 assembly language and the original code in written with c++ running on my Debian server . Can you please let me know if it can helps finding a dis-compiler to have some sort of higher level language code to see if I am still lucky to find the logic behind ? _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969
RE: Decompiler?
Date: Mon, 22 Feb 2010 18:10:08 +1100 Subject: RE: Decompiler? From: t...@clewlow.org To: debian-user@lists.debian.org Date: Sun, 21 Feb 2010 07:28:01 -0500 From: zlinux...@wowway.com To: debian-user@lists.debian.org Subject: Re: Decompiler? On Sun, 21 Feb 2010 05:06:21 -0500 (EST), Hadi Motamedi wrote: Dear All I have disassembled the object file on my Debian server , by the following : #objdump wmain In the output , I have recognized the intended subroutine that I need to find the exact command syntax that it sends out. To this end, I asked you guys on how to capture it through 'tcpdump' but didn't success. I read this segment assembly language code but it is somewhat difficult to decode. Can you please let me know what Debian decompiler is suitable for this case? I tried with 'decompyle' but it didn't get through. First, let me make sure I understand what you are asking. You have some binary object code and you want to transform it back into the C source code that it came from. Is that right? Or did I misunderstand you? If that is what you want, then I doubt that it is possible. I've never heard of a decompiler. I have heard of a disassembler, but even they have their limitations. I myself have done extensive work as a programmer on a disassembler for the s390 platform. It happens to be the disassembler resident in the TRACK for z/VM freeware program. So I am speaking from experience here. Even a disassembler is a guess. Here are some things that you lose, even in a disassembler: 1. All comments. 2. The names of all variables 3. The distinction between code and data For example, if I encounter the hex string '41101004' that could be a LA 1,4(,1) instruction. But it might not be an instruction. It might be data. It might be DC F'1091571716' Or maybe it's a floating point number in traditional s390 hexadecimal floating point format. Or maybe it's part of an escape sequence of codes to be sent to a printer. You can never be sure. All these uncertainties are present in a disassembler. In assembly language, there is pretty much a one-to-one correspondence between assembler instructions and machine instructions. But in a high-level language, that is not so. A single statement in source code may generate a long sequence of machine instructions. How do you know where one statement ends and another begins? In short, I doubt if it is possible. Even if you do find something that purports to be a decompiler, its output will almost certainly not match the original input. Compilation is a one-way process. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1425884921.13942331266755281555.javamail.r...@md01.wow.synacor.com Thank you for your reply . Actually my Debian server is running an application program that sends commands toward an attached network element . The commands deal with 'profile read' , 'profile modify' , and 'profile delete' issues . On the application gui , there is an option to try for 'profile replace' that I cannot find the related command . As there is a need to try for this 'profile replace' in batch file , so I need to find the exact command syntax for this purpose . I tried to capture it through tracing with 'tcpdump' but it was un-successful . So I dis-assembled the code and I was lucky to find the related subroutine . It is short in length but I cannot decode it to find the logic in behind . So I need to find a de-compiler to de-compile it to some sort of higher level languages to see if I can understand the login behind . Please give me a hint on how to accomplish this . _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969 I once worked for a company that was asked to reverse engineer a file as the client had lost the original source. The method was to first create lots of simple programs that each contained just one, or few, lines of code, compile it, and then slowly build up a one-to-one map of source to binary. It was _extremely_ tedious the compiler would optimise code and so trial and error guesses had to often be made to try and get the compiler to build a specific chunk of binary. I do not want to ever do that again. However, it can be done. Please note, as others have said, you will not get any object names (variables or procedures) out of this, and you will always have to make educated guesses when data chunks are hard coded in. Regards, Tim. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe