anyone interested in decompilation | |
Decompilation is the process of recovering human readable source code
from a program executable. Many decompilers exist for Java and .NET as
the program executables (class files) maintain much of the information
found in the source code. This is not true for machine code
executables however.
In recent years decompilation for machine code has moved from the
domain of crackpots and academic hopefuls to a number of real
technologies that are available to the general public. Decompilers for
machine code now exist which produce output that rivals disassemblers
as a tool for analysing programs for security flaws, malware or just
simply to see how something works. Full source code recovery that is
economically attainable will soon be a reality.
The legal challenges posed by this technology differs country to
country. As such, much research is being done in secret in countries
that prohibit some uses of the technology, whereas some research is
being done more publicly in countries that have laws which support the
technology (Australia, for example).
Boomerang is an open source decompiler written (primarily) by two
Australian researchers. Open source projects need contributors. If
you have an interest in decompilation, we'd like to hear from you.
We're not only interested in talking to programmers. The project
suffers from a lack of documentation, tutorials and community. There
are many tasks that can be performed by users with minor technical
knowledge.
For more information on machine code decompilation see the Boomerang
web site ( http://boomerang.sourceforge.net/). For interesting
technical commentary on machine code decompilation, see my blog
( http://quantumg.blotspot.com/).
Thanks for reading this message,
QuantumG | | | | re: anyone interested in decompilation
On 2 Aug 2006 01:23:52 -0700, "QuantumG" <qg@biodome.orgwrote: Quote:
>Decompilation is the process of recovering human readable source code
>from a program executable.
And the human readable source code looks something like this:
int V00000001;
V00000001 = function_that_returns_int();
if ( V00000001 9 )
{
/* do something */
}
else
{
/* do something else */
} Quote:
>Many decompilers exist for Java and .NET as
>the program executables (class files) maintain much of the information
>found in the source code. This is not true for machine code
>executables however.
Whether or not Java or .NET produce program excutables that maintain
information that is "found in the source code" has no bearing on
whether Standard C does the same. Nor should it have any bearing on
whether other languages such as Ada or Basic or C++ do the same. Quote:
>In recent years decompilation for machine code has moved from the
>domain of crackpots and academic hopefuls to a number of real
>technologies that are available to the general public. Decompilers for
>machine code now exist which produce output that rivals disassemblers
>as a tool for analysing programs for security flaws, malware or just
>simply to see how something works. Full source code recovery that is
>economically attainable will soon be a reality.
And some would still claim that anyone who wrote a decompiler and used
variable names like V00000001, when the original name was
reactor_overflow, could arguably be labeled a "crackpot". Quote:
>The legal challenges posed by this technology differs country to
>country. As such, much research is being done in secret in countries
>that prohibit some uses of the technology, whereas some research is
>being done more publicly in countries that have laws which support the
>technology (Australia, for example).
Can you tell us what countries cuurently ban the
"turn-hamburger-into-cow" tool? Quote:
>Boomerang is an open source decompiler written (primarily) by two
>Australian researchers. Open source projects need contributors. If
>you have an interest in decompilation, we'd like to hear from you.
>We're not only interested in talking to programmers. The project
>suffers from a lack of documentation, tutorials and community. There
>are many tasks that can be performed by users with minor technical
>knowledge.
(I hope the source is written in C.)
Did you have a question about C?
--
ja7 | | | | re: anyone interested in decompilation
QuantumG said:
<snip> Quote:
Boomerang is an open source decompiler written (primarily) by two
Australian researchers.
When you diff(1) the output of Boomerang on itself with the input to the
compiler and get no differences, call again. :-)
<snip>
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously) | | | | re: anyone interested in decompilation
"QuantumG" <qg@biodome.orgwrites: Quote:
Decompilation is the process of recovering human readable source code
from a program executable. Many decompilers exist for Java and .NET as
the program executables (class files) maintain much of the information
found in the source code. This is not true for machine code
executables however.
[...] Quote:
Thanks for reading this message,
Which, as far as I can tell, has nothing to do with the C programming
language, the topic of this newsgroup. Perhaps this would be topical
in comp.compilers.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this. | | | | re: anyone interested in decompilation
jaysome wrote: Quote:
And the human readable source code looks something like this:
int V00000001;
<snip>
And some would still claim that anyone who wrote a decompiler and used
variable names like V00000001, when the original name was
reactor_overflow, could arguably be labeled a "crackpot".
It sure does. There isn't really a good name for this kind of "source
code". Some might use the term "obsfucated" but that implies that a
deliberate effort has been made to make the source code unreadable,
whereas this kind of output is typically generated by tools which are
trying to do the opposite. Another possible name is "symbol stripped"
but this is typically a term used to refer to a process performed on
binaries, not source code, and can therefore be confusing.
I've been thinking recently about a new term: the "compiler view" of
source code. To a compiler it really doesn't matter if a variable is
called reactor_overflow or V00000001. Armed with this new terminology
we can say something very insightful: the best output you can hope for
from an automatic decompiler which you have given a symbol stripped
binary is the compiler view of the original source code.
To get from the compiler view to the programmer view you need a lot of
user input - specifically, the user must supply domain knowledge. As
this is essentially a source-to-source transformation one can argue
that it is not really what a decompiler is for - after all, you could
do this with your favourite text editor - but some kind of tool support
will certainly help the reverse engineer out, and the core of those
tools will most likely be very similar to the core of a decompiler, so
why not integrate? Quote:
Can you tell us what countries cuurently ban the
"turn-hamburger-into-cow" tool?
Certain uses of decompilation are indeed banned in a lot of countries
of the world, making the development of decompilers suspect in those
countries. But as I cannot give any specific examples of people
secretly developing decompilers in these countries without violating
their trust, I guess I'll just drop the assertion. Sorry I brought it
up. Quote:
(I hope the source is written in C.)
>
Did you have a question about C?
We generate C. :) I want to talk about decompilers. If you don't
want to talk about decompilers, don't reply to a thread that is clearly
about decompilers. If, on the other hand, you're somehow trying to
"police" this newsgroup for off-topic discussions, allow me to suggest
that you might be more at home in a moderated newsgroup.
QuantumG | | | | re: anyone interested in decompilation
Keith Thompson wrote: Quote:
Which, as far as I can tell, has nothing to do with the C programming
language, the topic of this newsgroup. Perhaps this would be topical
in comp.compilers.
Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
moderated newsgroup. I'll talk about whatever the hell I like. If you
don't want to talk about decompilers, don't reply to a thread which is
clearly about decompilers.
QuantumG | | | | re: anyone interested in decompilation
Richard Heathfield wrote: Quote:
When you diff(1) the output of Boomerang on itself with the input to the
compiler and get no differences, call again. :-)
Maybe one day, if the binary includes symbol information, that will be
possible. But it won't be done with an open source decompiler unless
people who want such a tool start contributing to its creation. More
likely is that you'll be able to use a commercially guarded decompiler
to decompile itself, but only after manually removing any binary
protection layers that have been wrapped around the output of the
compiler.
QuantumG | | | | re: anyone interested in decompilation
Quote:
Richard Heathfield wrote: Quote:
>When you diff(1) the output of Boomerang on itself with the input
>to the
>compiler and get no differences, call again. :-)
>
Maybe one day, if the binary includes symbol information, that will
be
possible.
How would one be so stupid as to put symbolic information in an
executable? I mean: What's the deal of a compiler then?
Turning a C executable back into C code is like turning a hamburger
into a cow. Period. | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
moderated newsgroup. I'll talk about whatever the hell I like.
Way to go, moron. You want to advertise a product in an inappropriate
place, get people interested, and then abuse them. Your right, this is
not a moderated group, and you are one of the reasons moderated groups
exist. | | | | re: anyone interested in decompilation
Gernot Frisch wrote: Quote:
Turning a C executable back into C code is like turning a hamburger
into a cow. Period.
Seems to me that all you're saying is recoving symbols from a program
with no symbols is an impossible proposition. Ya know, we can test
this today, we don't even need a decompiler. Just take any old program
written in C, run the C preprocessor over it, replace any fancy for
loops with not-as-pretty while loops and replace every symbol with a
generic one (local1, global22, param4). There you go, you have the
absolute best output you could ever expect from a decompiler.
Now, are you honestly telling me that someone who hasn't seen the
original source code couldn't come up with sensible symbols, redo the
fancy for loops and add any C preprocessor macros that are appropriate?
That *really* doesn't sound that hard to me. Not when you consider
that people do the same thing with the output of disassemblers.
QuantumG | | | | re: anyone interested in decompilation
MQ wrote: Quote:
Way to go, moron. You want to advertise a product in an inappropriate
place, get people interested, and then abuse them. Your right, this is
not a moderated group, and you are one of the reasons moderated groups
exist.
Everyone thinks they're a traffic cop.
If you don't like it don't read the thread.
QuantumG | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
Everyone thinks they're a traffic cop.
No, like any community, we expect those who enter to respect the
protocol of the people who are in that community. I can't stop you
ranting on about decompilers, but there are much better places to do
it. It's just basic manners. Think about that next time someone
pushes in front of you when you are in a queue. Quote:
If you don't like it don't read the thread.
I was interested, I read your thread in alt.lang.asm. But it is
offensive the way you have treated some of the people here
MQ | | | | re: anyone interested in decompilation
MQ wrote: Quote:
QuantumG wrote: Quote:
Everyone thinks they're a traffic cop.
>
No, like any community, we expect those who enter to respect the
protocol of the people who are in that community. I can't stop you
I have been a member of this community and other C language
communities. Our protocol is to push out anyone with any actual
*interest* in the language and attact newbies who want their
programming homework done. I believe some of the people left in this
community are interested in decompilers and would like to talk about
them, but they feel they will be shouted down because it is off topic.
If all the traffic cops would just lighten up we'd have a much better
time of it. After all, I'm not talking about racing cars here. Quote:
I was interested, I read your thread in alt.lang.asm. But it is
offensive the way you have treated some of the people here
Well, that's your opinion. Grow a thicker skin.
QuantumG | | | | re: anyone interested in decompilation
MQ wrote: Quote:
QuantumG wrote: Quote:
Everyone thinks they're a traffic cop.
>
No, like any community, we expect those who enter to respect the
protocol of the people who are in that community. I can't stop you
I have been a member of this community and other C language
communities. Our protocol is to push out anyone with any actual
*interest* in the language and attact newbies who want their
programming homework done. I believe some of the people left in this
community are interested in decompilers and would like to talk about
them, but they feel they will be shouted down because it is off topic.
If all the traffic cops would just lighten up we'd have a much better
time of it. After all, I'm not talking about racing cars here. Quote:
I was interested, I read your thread in alt.lang.asm. But it is
offensive the way you have treated some of the people here
Well, that's your opinion. Grow a thicker skin.
QuantumG | | | | re: anyone interested in decompilation
"Gernot Frisch" <Me@Privacy.netwrote in message
news:4jbbrtF70hijU1@individual.net...
: Richard Heathfield wrote:
: >When you diff(1) the output of Boomerang on itself with the input
: >to the
: >compiler and get no differences, call again. :-)
: >
: Maybe one day, if the binary includes symbol information, that will
: be
: possible.
:
: How would one be so stupid as to put symbolic information in an
: executable? I mean: What's the deal of a compiler then?
:
: Turning a C executable back into C code is like turning a hamburger
: into a cow.
: Period.
You mean, like extracting DNA from the hamburger cells
to generate a clone ?
Provided you can make some reasonable assumptions about
the way that the hamburger was created, and that your
expectation for the reverse-engineered cow are not too
high, the biotech is not that far from that ... :D
Ivan
-- http://ivan.vecerina.com/contact/?subject=NG_POST <- email contact form | | | | re: anyone interested in decompilation
In article <1154515218.989978.320470@i42g2000cwa.googlegroups .com>,
QuantumG <qg@biodome.orgwrote: Quote:
>
>MQ wrote: Quote:
>QuantumG wrote: Quote:
Everyone thinks they're a traffic cop.
>>
>No, like any community, we expect those who enter to respect the
>protocol of the people who are in that community. I can't stop you
>
>I have been a member of this community and other C language
>communities. Our protocol is to push out anyone with any actual
>*interest* in the language and attact newbies who want their
>programming homework done. I believe some of the people left in this
>community are interested in decompilers and would like to talk about
>them, but they feel they will be shouted down because it is off topic.
>If all the traffic cops would just lighten up we'd have a much better
>time of it. After all, I'm not talking about racing cars here.
You are so totally dead bang on, it is scary. In particular, it is
exactly right that they've set things up so that the only thing that can
be done is abusing the newbies.
But it won't do you any good. You see, the regs here are so totally
devoid of lives that this is all they have. And you're trying to take
it away from them. For shame! | | | | re: anyone interested in decompilation
In article <a7de5$44d08395$3e028af2$32051@news.hispeed.ch>,
Ivan Vecerina <INVALID_use_webform@ivan.vecerina.comwrote:
.... Quote:
>You mean, like extracting DNA from the hamburger cells
>to generate a clone ?
>
>Provided you can make some reasonable assumptions about
>the way that the hamburger was created, and that your
>expectation for the reverse-engineered cow are not too
>high, the biotech is not that far from that ... :D
Good point. The regs are going to have to come up with a new metaphor. | | | | re: anyone interested in decompilation
Gernot Frisch wrote: Quote:
How would one be so stupid as to put symbolic information in an
executable? I mean: What's the deal of a compiler then?
That remarkable feature is called 'debugging'. You know, when you fire
up your debugger, it knows that at some point, a certains variable
exists, and how it's called. Quote:
Turning a C executable back into C code is like turning a hamburger
into a cow. Period.
Ah well... We have a brainfucked instance here called 'UWV' that can
probably do that.
Igmar | | | | re: anyone interested in decompilation
We generate C. :) I want to talk about decompilers. If you don't Quote:
want to talk about decompilers, don't reply to a thread that is clearly
about decompilers. If, on the other hand, you're somehow trying to
"police" this newsgroup for off-topic discussions, allow me to suggest
that you might be more at home in a moderated newsgroup.
You must be new round here. comp.lang.c is unmoderated, but that doesn't
mean it doesn't have an accepted remit. If you aren't going to talk about
the C language, you will get killfiled, ignored, and mocked, depending on
the poster. I'm not sure this is what you were trying to achieve.
Can I suggest you move to somewhere like comp.programming.misc? | | | | re: anyone interested in decompilation
In article <eaq1fn$lhu1@cliff.xsj.xilinx.com>,
Philip Potter <philip.potter@xilinx.comwrote: Quote: Quote:
>We generate C. :) I want to talk about decompilers. If you don't
>want to talk about decompilers, don't reply to a thread that is clearly
>about decompilers. If, on the other hand, you're somehow trying to
>"police" this newsgroup for off-topic discussions, allow me to suggest
>that you might be more at home in a moderated newsgroup.
>
>You must be new round here. comp.lang.c is unmoderated, but that doesn't
>mean it doesn't have an accepted remit. If you aren't going to talk about
>the C language, you will get killfiled, ignored, and mocked, depending on
>the poster. I'm not sure this is what you were trying to achieve.
Thank you for proving all of Q's points. | | | | re: anyone interested in decompilation
Philip Potter wrote: Quote:
Can I suggest you move to somewhere like comp.programming.misc?
Can I suggest you move to comp.lang.c.moderated? That *is* what it is
for.
QuantumG | | | | re: anyone interested in decompilation
"Ivan Vecerina" <INVALID_use_webform@ivan.vecerina.comwrote: Quote:
"Gernot Frisch" <Me@Privacy.netwrote in message
news:4jbbrtF70hijU1@individual.net...
: Turning a C executable back into C code is like turning a hamburger
: into a cow.
: Period.
>
You mean, like extracting DNA from the hamburger cells
to generate a clone ?
Cooked hamburger, yes.
Richard | | | | re: anyone interested in decompilation
Richard Bos wrote: Quote:
Cooked hamburger, yes.
Oh now it's cooked, I see!
QuantumG | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
Can I suggest you move to comp.lang.c.moderated? That *is* what it is
for.
Nobody ever goes to c.l.c.m, or so it seems. No questions appear to be
answered | | | | re: anyone interested in decompilation
MQ wrote: Quote:
Nobody ever goes to c.l.c.m, or so it seems. No questions appear to be
answered
What does that tell you about moderated newsgroups? Similarly, can you
infer what result the topic police have on unmoderated newsgroups?
QuantumG | | | | re: anyone interested in decompilation
Richard Bos wrote: Quote:
"Ivan Vecerina" <INVALID_use_webform@ivan.vecerina.comwrote:
> Quote:
"Gernot Frisch" <Me@Privacy.netwrote in message
news:4jbbrtF70hijU1@individual.net...
: Turning a C executable back into C code is like turning a hamburger
: into a cow.
: Period.
You mean, like extracting DNA from the hamburger cells
to generate a clone ?
>
Cooked hamburger, yes.
>
Richard
you can extract DNA from burnt tissue. | | | | re: anyone interested in decompilation
"QuantumG" <qg@biodome.orgwrote in message
news:1154519551.210604.195630@b28g2000cwb.googlegr oups.com... Quote:
>
MQ wrote: Quote:
Nobody ever goes to c.l.c.m, or so it seems. No questions appear to be
answered
>
What does that tell you about moderated newsgroups? Similarly, can you
infer what result the topic police have on unmoderated newsgroups?
Broken logic. Topic police != moderators.
Moderated newsgroups are unpopular because:
* Skilled moderators who are prepared to give up their time must be found,
and in quantity
* Rapid discussion is impossible due to the moderation process.
Topic police have neither of these problems. It's better to assume people
will post on-topic, and point out to them when they are off-topic, than to
assume people will post off-topic and slow down those who post on-topic.
Philip | | | | re: anyone interested in decompilation
Philip Potter wrote: Quote:
Topic police have neither of these problems. It's better to assume people
will post on-topic, and point out to them when they are off-topic, than to
assume people will post off-topic and slow down those who post on-topic.
It's better to talk about anything than it is to talk about what people
should and shouldn't be talking about.
QuantumG | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
>
Philip Potter wrote: Quote:
>Topic police have neither of these problems. It's better to assume people
>will post on-topic, and point out to them when they are off-topic, than to
>assume people will post off-topic and slow down those who post on-topic.
>
It's better to talk about anything than it is to talk about what people
should and shouldn't be talking about.
It's better to talk topically than talk about topicality.
Decompilation isn't topical here.
--
Chris "real" Dollin
"Life is full of mysteries. Consider this one of them." Sinclair, /Babylon 5/ | | | | re: anyone interested in decompilation
QuantumG said: Quote:
Richard Bos wrote: Quote:
>Cooked hamburger, yes.
>
Oh now it's cooked, I see!
Until it's cooked, it ain't a hamburger.
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously) | | | | re: anyone interested in decompilation
gazelle@xmission.xmission.com (Kenny McCormack) writes: Quote:
In article <a7de5$44d08395$3e028af2$32051@news.hispeed.ch>,
Ivan Vecerina <INVALID_use_webform@ivan.vecerina.comwrote:
... Quote:
You mean, like extracting DNA from the hamburger cells
to generate a clone ?
Provided you can make some reasonable assumptions about
the way that the hamburger was created, and that your
expectation for the reverse-engineered cow are not too
high, the biotech is not that far from that ... :D
>
Good point. The regs are going to have to come up with a new metaphor.
>
Not really, if you consider DNA as symbolic information then the
metaphor still stands as it is.
--
Ioan - Ciprian Tandau
tandau _at_ freeshell _dot_ org (hope it's not too late)
(... and that it still works...) | | | | re: anyone interested in decompilation
On 2006-08-02, QuantumG <qg@biodome.orgwrote: Quote:
>
Keith Thompson wrote: Quote:
>Which, as far as I can tell, has nothing to do with the C programming
>language, the topic of this newsgroup. Perhaps this would be topical
>in comp.compilers.
>
Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
moderated newsgroup. I'll talk about whatever the hell I like. If you
don't want to talk about decompilers, don't reply to a thread which is
clearly about decompilers.
>
Wow. You just single-handedly forced me to figure out how to set up my
killfile. Nice going, retard.
--
Andrew Poelstra <http://www.wpsoftware.net/projects>
To reach me by email, use `apoelstra' at the above domain.
"Do BOTH ends of the cable need to be plugged in?" -Anon. | | | | re: anyone interested in decompilation
In article <slrned21l9.il8.apoelstra@localhost.localdomain> ,
<apoelstra@localhost.localdomainwrote: Quote:
>On 2006-08-02, QuantumG <qg@biodome.orgwrote: Quote:
>>
>Keith Thompson wrote: Quote:
>>Which, as far as I can tell, has nothing to do with the C programming
>>language, the topic of this newsgroup. Perhaps this would be topical
>>in comp.compilers.
>>
>Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
>moderated newsgroup. I'll talk about whatever the hell I like. If you
>don't want to talk about decompilers, don't reply to a thread which is
>clearly about decompilers.
>>
>
>Wow. You just single-handedly forced me to figure out how to set up my
>killfile. Nice going, retard.
Yes, god forbid anyone should actually learn anything as a result of
anything posted to this group. That just won't do. It gets in the way
of the two main activities - namely, abusing newbies and quoting chapter
and verse like televangelists.
You should be thanking him, nimrod. | | | | re: anyone interested in decompilation
On 2006-08-02, Kenny McCormack <gazelle@xmission.xmission.comwrote: Quote:
In article <slrned21l9.il8.apoelstra@localhost.localdomain> ,
<apoelstra@localhost.localdomainwrote: Quote:
>>On 2006-08-02, QuantumG <qg@biodome.orgwrote: Quote:
>>>
>>Keith Thompson wrote:
>>>Which, as far as I can tell, has nothing to do with the C programming
>>>language, the topic of this newsgroup. Perhaps this would be topical
>>>in comp.compilers.
>>>
>>Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
>>moderated newsgroup. I'll talk about whatever the hell I like. If you
>>don't want to talk about decompilers, don't reply to a thread which is
>>clearly about decompilers.
>>>
>>
>>Wow. You just single-handedly forced me to figure out how to set up my
>>killfile. Nice going, retard.
>
Yes, god forbid anyone should actually learn anything as a result of
anything posted to this group. That just won't do. It gets in the way
of the two main activities - namely, abusing newbies and quoting chapter
and verse like televangelists.
>
You should be thanking him, nimrod.
>
Actually, thank /you/ for posting a message so that I can get your
headers, Kenny. (Also, I apologize for using "retard" in a derogatory
sense. A better word would have been "moron".)
--
Andrew Poelstra <http://www.wpsoftware.net/projects>
To reach me by email, use `apoelstra' at the above domain.
"Do BOTH ends of the cable need to be plugged in?" -Anon. | | | | re: anyone interested in decompilation
Kenny McCormack wrote: Quote: Quote:
Wow. You just single-handedly forced me to figure out how to set up my
killfile. Nice going, retard.
>
Yes, god forbid anyone should actually learn anything as a result of
anything posted to this group. That just won't do. It gets in the way
of the two main activities - namely, abusing newbies and quoting chapter
and verse like televangelists.
If you don't like the groups topics, post in another group? Why is it
more logical and "right" to post off-topic rants in comp.lang.c instead
of just posting them in another more appropriate group?
If your question/post isn't about the C language, it doesn't belong
here. That's just called manners.
Tom | | | | re: anyone interested in decompilation
QuantumG wrote: Quote: Quote:
Nobody ever goes to c.l.c.m, or so it seems. No questions appear to be
answered
>
What does that tell you about moderated newsgroups? Similarly, can you
infer what result the topic police have on unmoderated newsgroups?
they discourage idiots like you?
--
Nick Keighley | | | | re: anyone interested in decompilation
Tom St Denis wrote: Quote:
Kenny McCormack wrote:
Quote: Quote:
Yes, god forbid anyone should actually learn anything as a result of
<snip> Quote:
If you don't like the groups topics, post in another group? Why is it
<snip>
There is no way to reason with kenny. Just Don't Feed The Troll.
--
Nick Keighley | | | | re: anyone interested in decompilation
Tom St Denis <tomstdenis@gmail.comwrote: Quote:
Kenny McCormack wrote:
Quote:
If you don't like the groups topics, post in another group?
It's best just to ignore Kenny, unless you would like the thankless
job of correcting his misleading statements.
--
C. Benson Manica | I *should* know what I'm talking about - if I
cbmanica(at)gmail.com | don't, I need to know. Flames welcome. | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
Keith Thompson wrote: Quote:
Which, as far as I can tell, has nothing to do with the C programming
language, the topic of this newsgroup. Perhaps this would be topical
in comp.compilers.
>
Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
moderated newsgroup. I'll talk about whatever the hell I like.
Troll alert ! | | | | re: anyone interested in decompilation
On 2 Aug 2006 02:58:22 -0700, "QuantumG" <qg@biodome.orgwrote: Quote:
>
>Keith Thompson wrote: Quote:
>Which, as far as I can tell, has nothing to do with the C programming
>language, the topic of this newsgroup. Perhaps this would be topical
>in comp.compilers.
>
>Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
>moderated newsgroup. I'll talk about whatever the hell I like. If you
>don't want to talk about decompilers, don't reply to a thread which is
>clearly about decompilers.
Don't persist in pushing your way into a newsgroup which is clearly
*not* about decompilers. If you had the courtesy to monitor the group
for a bit, or research it in the Google archives, you would know what
is topical here. I'm amazed that this thread has persisted so long. You have the
distinction of being only the second person I've ever kill-filed from
this group. I suspect it won't be long before you and McCormack are
left alone to talk to each other.
Take your posting to rec.crafts.beads - that's unmoderated, too.
--
Al Balmer
Sun City, AZ | | | | re: anyone interested in decompilation
In article <1154512536.351129.211040@75g2000cwc.googlegroups. com>,
QuantumG <qg@biodome.orgwrote: Quote:
>We generate C. :) I want to talk about decompilers. If you don't
>want to talk about decompilers, don't reply to a thread that is clearly
>about decompilers.
"Silence indicates consent" -- in other words, if we did not point
out that we consider the topic inappropriate here, then your assumption
would be that we don't mind.
--
Is there any thing whereof it may be said, See, this is new? It hath
been already of old time, which was before us. -- Ecclesiastes | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
>
MQ wrote: Quote:
Nobody ever goes to c.l.c.m, or so it seems. No questions appear
to be answered
>
What does that tell you about moderated newsgroups? Similarly, can
you infer what result the topic police have on unmoderated newsgroups?
On this one, they have very good results. That's why most of the posts
are on-topic. Yeah, there are dumbos like you, but they tend to be a
small minority.
Groups have topicality. Smart people recognize that and respect it. The
topic police will let everyone know that the thread is not appropriate,
and the often scuttles most of the discussion. The chucklehead (that's
you) finds that he either does have to go to the correct group or have
his threads turn into this.
So the question becomes, do you want to have good, relevant discussion
of your chosen topic? If so, you don't want to try it here, because it
won't happen. You'll need to move to the proper group.
Brian | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
moderated newsgroup. I'll talk about whatever the hell I like.
Maybe, but most of use real newsreaders, so we can killfile twits. Bye.
*plonk*
Brian | | | | re: anyone interested in decompilation
In article <4jc3jsF7c40sU1@individual.net>,
Default User <defaultuserbr@yahoo.comwrote: Quote:
>QuantumG wrote:
>
> Quote:
>Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
>moderated newsgroup. I'll talk about whatever the hell I like.
>
>Maybe, but most of use real newsreaders, so we can killfile twits. Bye.
>
>*plonk*
What's so absolutely precious is that these regs would have you believe
that they're all a bunch of high-powered, serious, educated "software
developers" (or whatever the term of fashion is these days), and yet
they act like a bunch of girls in this newsgroup (see above for what I
mean - this means you, "Mr. Brian Default User").
To put it another way, I remember reading somewhere along the way about
mobsters - and how the smart ones take the view that "if you're going to
kill someone, just do it - just walk up to the guy and do it. Don't
talk about it - don't threaten him ahead of time - don't be a girl about
it."
So, it should be with kill-filing - unless, as I suspect, the talking
about it is as far as it ever gets. | | | | re: anyone interested in decompilation
"QuantumG" <qg@biodome.orgwrites: Quote:
Philip Potter wrote: Quote:
>Can I suggest you move to somewhere like comp.programming.misc?
>
Can I suggest you move to comp.lang.c.moderated? That *is* what it is
for.
comp.lang.c and comp.lang.c.moderated have exactly the same purpose:
discussing the C programming language. They achieve this by different
means. In comp.lang.c.moderated, the moderator pre-filters all
postings. Here, there's no moderator, and we depend on posters to
show some common sense.
The disadvantage of comp.lang.c.moderated is that it's slow. The
comp.lang.c approach actually works pretty well, but it has the
disadvantage that we occasionally have to deal with trolls like you.
There are newsgroups where decompilers are topical. This is not one
of them. You are not welcome here, and you are making a fool of
yourself.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this. | | | | re: anyone interested in decompilation
Igmar Palsenberg wrote: Quote:
Gernot Frisch wrote:
> Quote:
>How would one be so stupid as to put symbolic information in an
>executable? I mean: What's the deal of a compiler then?
>
That remarkable feature is called 'debugging'. You know, when you fire
up your debugger, it knows that at some point, a certains variable
exists, and how it's called.
Against my better judgment, I will dip my toe into this completely
off-topic thread. Your "counterexample" suggests that this "decompiler"
is a remarkably useless thing. If one has an executable in which the
symbolic information needed for us to know that a certain variable
exists and how it's named, then one has a pre-release copy of that
executable. That pre-release version should belong to people with
access to the source code, and those people have no use for this
"decompiler" at all. | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
>
Gee, I'm sorry. Please don't kick me... oh wait, this isn't a
moderated newsgroup. I'll talk about whatever the hell I like.
yes, you will. And you will be ignored by almost everyone, and those
who imagine that your head actually emerges from your anus will be
disabused. The only thing that you have accomplished is to alienate
people needlessly. This does not fir with your role as a propagandist. | | | | re: anyone interested in decompilation
In article <4jca52F7as28U1@individual.net>,
Martin Ambuhl <mambuhl@earthlink.netwrote: Quote:
>If one has an executable in which the
>symbolic information needed for us to know that a certain variable
>exists and how it's named, then one has a pre-release copy of that
>executable. That pre-release version should belong to people with
>access to the source code, and those people have no use for this
>"decompiler" at all.
I see several difficulties with those statements.
1) A binary for open-source code may have symbols intact, belongs
to people with access to the source code, and yet is not necessarily
pre-release.
2) You speak as if failure to strip the symbols from an executable
is Not Done, or is at least commercial suicide. A lot depends upon
market and commercial and technical support decisions.
Suppose for example (random example) that software to schedule subways
is sold: the vendor technical support might not have access to the
live system (e.g., firewalls, or because it isn't on the public net),
but might be able to provide useful support in some cases by talking a
client technical person through, "okay, now tell the debugger to print
out sch7_overld". Running a simulation at a vendor's machine does NOT
always suffice to track weird combinations of circumstances.
3) Libraries frequently get shipped with global variables and
function names exposed in the symbol table (for linking purposes
if nothing else), though information about local variables might
not be present.
4) Unix "namelist" is considered to provide important access
to parts of the kernel. Some of the key kernel variables may even be
safely alterable on a live system (e.g., via SGI IRIX's "systune".)
(Not that any of these have anything to do with deliberate
off-topic posting.)
--
"law -- it's a commodity"
-- Andrew Ryan (The Globe and Mail, 2005/11/26) | | | | re: anyone interested in decompilation
Martin Ambuhl wrote: Quote:
Against my better judgment, I will dip my toe into this completely
off-topic thread. Your "counterexample" suggests that this "decompiler"
is a remarkably useless thing.
Somewhat true. Quote:
If one has an executable in which the
symbolic information needed for us to know that a certain variable
exists and how it's named, then one has a pre-release copy of that
executable. That pre-release version should belong to people with
access to the source code, and those people have no use for this
"decompiler" at all.
Also true. I personally won't use such a thing.
Igmar | | | | re: anyone interested in decompilation
QuantumG wrote: Quote:
Decompilation is the process of recovering human readable source code
from a program executable. Many decompilers exist for Java and .NET as
the program executables (class files) maintain much of the information
found in the source code. This is not true for machine code
executables however.
>
In recent years decompilation for machine code has moved from the
domain of crackpots and academic hopefuls to a number of real
technologies that are available to the general public. Decompilers for
machine code now exist which produce output that rivals disassemblers
as a tool for analysing programs for security flaws, malware or just
simply to see how something works. Full source code recovery that is
economically attainable will soon be a reality.
As it should be. While IdaPro is a great tool, its still too much of a
pain in the butt doing this sort of thing by hand. And there are not
many of us who can do it. Quote:
The legal challenges posed by this technology differs country to
country. As such, much research is being done in secret in countries
that prohibit some uses of the technology, whereas some research is
being done more publicly in countries that have laws which support the
technology (Australia, for example).
Its probably only illegal in the US and Japan (and maybe Canada).
Other countries obviously would like access to this "intellectual
property" which comes largely from the US. I think the whole point of
things like WIPO/WTO is to try to trick the rest of the world that they
should not simply steal "intellectual property" -- only the most
compliant nation states actually fall for this nonsense. Quote:
Boomerang is an open source decompiler written (primarily) by two
Australian researchers. Open source projects need contributors. If
you have an interest in decompilation, we'd like to hear from you.
I do, but mostly from an observational point of view. Quote:
We're not only interested in talking to programmers. The project
suffers from a lack of documentation, tutorials and community. There
are many tasks that can be performed by users with minor technical
knowledge.
So I looked at your page and through the examples. My question is
*which* compiler and .EXE outputs are you targetting? You are
declaring main as "int main (int argc, char * argv, char * envp)" which
I am pretty sure is GNU/UNIX-only. Is your plan to support a really
wide range of compilers?
The point being that WATCOM and Intel's compiler optimizations can
perform some pretty extreme code transformations. Intel does constant
propagation and function cloning, and for static functions WATCOM C/C++
just totally ignores function prologue/epilogue and may inline. You
*could* try to detect which compiler was used to compile the code,
however, its possible to link with different libraries and compilers
than the original object code compiler.
--
Paul Hsieh http://www.pobox.com/~qed/ http://bstring.sf.net/ |  | |
| | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 226,419 network members.
|
