- The goal of a machine code decompiler is to analyze executable files (like.EXE or.DLL files in Windows or ELF files in Unix-like environments) and attempt to create a high level representation of the machine code in the executable file: the decompiler tries to reconstruct the source code from which the executable was compiled in the first place.
- Now, you can, of course, disassemble a compiled exe (link.exe will do it, as will visual studio when you try to debug a process to which you have no sources). But you are out of luck as far as reverse compiling it. All of the structure, most/all of the variable/function names are gone. C doesn't have type metadata like C# has.
Decompile C# Exe
For 0.7.1.0 on Windows 10 Was curious about decompiling an old device from the late 1990's... M68K with 512KB ROM code compiled from C and quite likely in a VxWork OS, dumped from EEPROM to a binary file of the same size. The Scanner function works well for recursively finding procedures as absolute and relative addressed calls. However, after performing that step, I ultimately had better results with this raw binary format searching for procedures throughout the ROM with good accuracy with the pattern matching for 4E 56 00 00 as the beginning of the procedures, followed by searches for the link instruction: 4E 56 FF, 4E 56 FE, 4E 56 FD, 4E 56 FC, 4E 56 FB, and finally 4E 56 FA. This found 95% of all executable code in the entire 512KB space. Next came strings. The string search is rudimentary and I did not find any difference between UTF-8 and the 16 bit BE and LE selections. In any case I was searching for UTF-8 zero-terminated 'C' style strings. The procedure here was to search for 25 character or more strings first, then 20 character, 10 character, 6 character, and finally 3 character (tedious). Many zero terminated strings were completely missed, so I'm guessing this is a work in progress. The rest of the strings I marked manually as 'sz' type, which was tedious but oddly satisfying. Marking Types: this version of Decompiler seems to not support any other type than character. If I try any other type, the types are saved to the .dcproject file, but the Serializer complains when the .dcproject is read back into Decompiler: unsupported type (or some other error like that), and the Globals list is truncated at the first occurrence of the error. I'm hoping the 0.8.0.0 or later version is due for a release here soon. I see there is some recent work done on it. The GUI is clunky, and crashes easily, but once I found the pitfalls, I could avoid them and avoid crashes. SAVE often, make frequent backups of the .dcproject file, be prepared to manually edit the .dcproject file if you Mark any type other than char or zero terminated char string. Keyboard shortcuts to often used commands would be nice, such as: Mark Type, because mouse-clicking dropdown menus repeatedly is painful. Great project! We need these tools to help preserve old proprietary technology as time marches on.
Constant updates, awesome support.
Decompiler works fine.
Windows Executable Files
Only meant for windows. A quite nascent tool as compared to others. ALSO READ-: Click to view Beginner-friendly x64dbg Reverse Engineering tutorial. VB Decompiler. It is the exe decompiler for Visual Basic applications & disassembler for Visual Studio.NET apps. VB Decompiler can recover the lost source code of your Visual Basic applications. DotPeek is a free-of-charge standalone tool based on ReSharper's bundled decompiler. It can reliably decompile any.NET assembly into equivalent C# or IL code. The decompiler supports multiple formats including libraries (.dll ), executables (.exe ), and Windows metadata files (.winmd ). At Countercept we often encounter binary payloads that are generated from compiled Python. These are usually generated with tools such as py2exe or PyInstaller to create a Windows executable. Enjoys all executable file formats supported by the disassembler. Benefits from IDA’s signature search, parsers of debug information, and demanglers. Decompiles a chosen function or the whole program by push of a button. Allows easy jumping between the disassembler and the decompiled code. Fully integrates into IDA’s GUI. In this tutorial, I am going to show you how to decompile or reverse engineer Windows executable file (.exe and.dll files) and get the source code back. This tutorial is going to be easy-peasy for a beginner to learn. If you’re a fast-learner, please feel free to skim the text.