|
|
|
|
|
|
by rkangel
1897 days ago
|
|
|
Calling it "decompilation" is misleading. That term implies that you can get your compiled binary and turn it back into C++. No automated tool exists that allows you to do that - too much information is lost in the compilation process. Function names are one things that's mentioned, but the very structure of the program (which functions are in which classes, etc.) is lost. You could infer this based on your knowledge of how compilers usually work, and how developers usually develop but it's all guesswork. Instead what we actually do is 'disassembly'. We just perform the minimal processing to get the human readable form of the assembly instructions that make up the binary. This is very hard to directly get you head round, so 'decompilation tools' are then all assistants that help the manual process of understanding the structure of the program. You can see a very basic example of that in the article where the author is looking for references to an address so they can see which functions reference the string. The gold standard tool in the space is IDA Pro. You can see in these screenshots the visual tool it gives that allows you to group chunks of assembly together into functions and keep track of the linkages to codify the person's understanding as the process continues. |
|
|
The article shows snippets of decompiled C++ code. No, nobody is claiming that it is the "original" code. But it is C++ code derived from the compiled binary. Decompilation.
> Instead what we actually do is 'disassembly'.
Additionally what we do is disassembly.