{"id":30,"date":"2012-02-24T00:23:28","date_gmt":"2012-02-23T23:23:28","guid":{"rendered":"http:\/\/kronotai.com\/wordpress\/?page_id=30"},"modified":"2012-02-24T00:23:28","modified_gmt":"2012-02-23T23:23:28","slug":"decompilation","status":"publish","type":"page","link":"https:\/\/kronotai.com\/wordpress\/decompilation\/","title":{"rendered":"Decompilation"},"content":{"rendered":"<p>\t\t\t\t<![CDATA[A decompiler helps a reverse engineer to produce a higher-level source code from an executable. A decompiler should:\n\n\n<ul>\n\n\n<li>provide a <strong>correct<\/strong> view of the executable<\/li>\n\n\n\n\n<li>the produced source code should be <strong>similar to hand written code<\/strong> (e.g. has similar structure, is compact)<\/li>\n\n\n\n\n<li>the produced source code should be <strong>compilable<\/strong><\/li>\n\n\n<\/ul>\n\n\nTo achieve these goals a decompiler has to solve the following main tasks to provide an information gain to the user:\n\n\n<ul>\n\n\n<li><strong>separation of code and data<\/strong>: this should be as automatic as possible but user input is still required<\/p>\n\n<\/li>\n\n\n\n\n<li>\n\n<p><strong>reliable function identification<\/strong>: determine the code ranges of all functions<\/p>\n\n<\/li>\n\n\n\n\n<li>\n\n<p><strong>understand special idioms<\/strong>: this does <em>not<\/em> mean to support idioms which are compiler specific but\nsingle assembler commands or small groups of commands which are not (easy) representable in a language\nlike C. This includes: indexed jumps, <code>rep<\/code>-commands of i386, SIMD-instructions or converting<\/p>\n\n<\/li>\n\n\n<\/ul>\n\n\n\n\n<pre lang=\"ASM\">\nror    $0x8,%cx\nror    $0x10,%ecx\nror    $0x8,%cx<\/pre>\n\n\n\n\n<p>to a <code>swab32(...)<\/code>-call.\n\n\n<ul>\n\n\n<li><strong>stack and function calls<\/strong>: both depend on each other. Sub-problems are:\n\n\n<ul>\n\n\n<li>identify saved registers<\/li>\n\n\n\n\n<li>identify how parameters are passed (at the caller and at the callee site)<\/li>\n\n\n\n\n<li>construct the actual calls<\/li>\n\n\n\n\n<li>handle multiple entries and exits <\/li>\n\n\n<\/ul>\n\n<\/li>\n\n\n\n\n<li><strong>beautification\/compactification<\/strong>: this part usually uses a control-flow and data-flow graph:\n\n\n<ul>\n\n\n<li>value propagation<\/li>\n\n\n\n\n<li>simplification of expressions<\/li>\n\n\n\n\n<li>recognizing high-level control flow (if, if-else, loops)<\/li>\n\n\n\n\n<li>reorder statements<\/li>\n\n\n\n\n<li>reduce the amount of memory accesses<\/li>\n\n\n<\/ul>\n\n<\/li>\n\n\n\n\n<li><strong>type analysis<\/strong><\/p>\n\n<\/li>\n\n\n\n\n<li>\n\n<p><strong>output<\/strong><\/p>\n\n<\/li>\n\n\n<\/ul>\n\n\n\n\n<p>The resulting source code should compile and so can be further engineered with other tools like IDEs.\nAlmost each of these problem areas are big enough in themselves. There is literature on most of them in varying amounts.\n]]>\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\t\t\t\t<![CDATA[]]>\t\t <a href=\"https:\/\/kronotai.com\/wordpress\/decompilation\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":4,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-30","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/pages\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/comments?post=30"}],"version-history":[{"count":0,"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/pages\/30\/revisions"}],"wp:attachment":[{"href":"https:\/\/kronotai.com\/wordpress\/wp-json\/wp\/v2\/media?parent=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}