Using a Decompiler for Real-World Source Recovery

Delft, The Netherlands November 08-November 12

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/WCRE.2004.42

11th Working Conference on Reverse En ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mike Van Emmerik Articles by Trent Waddington

	ASCII Text	x
	Mike Van Emmerik, Trent Waddington, "Using a Decompiler for Real-World Source Recovery," Reverse Engineering, Working Conference on, pp. 27-36, 11th Working Conference on Reverse Engineering (WCRE 2004), 2004.

	BibTex	x
	@article{ 10.1109/WCRE.2004.42, author = {Mike Van Emmerik and Trent Waddington}, title = {Using a Decompiler for Real-World Source Recovery}, journal ={Reverse Engineering, Working Conference on}, volume = {0}, year = {2004}, issn = {1095-1350}, pages = {27-36}, doi = {http://doi.ieeecomputersociety.org/10.1109/WCRE.2004.42}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Reverse Engineering, Working Conference on TI - Using a Decompiler for Real-World Source Recovery SN - 1095-1350 SP27 EP36 A1 - Mike Van Emmerik, A1 - Trent Waddington, PY - 2004 KW - Reverse engineering KW - decompilation KW - source code recovery KW - native executable file KW - experience VL - 0 JA - Reverse Engineering, Working Conference on ER -

Mike Van Emmerik, University of Queensland

Trent Waddington, University of Queensland

Despite their 40 year history, native executable decompilers have found very limited practical application in commercial projects. The success of Java decompilers is well known, and a few decompilers perform well by recognising patterns from specific compilers.

This paper describes the experience gained from applying a native executable decompiler, assisted by a commercial disassembler and hand editing, to a real-world Windows-based application. The clients had source code for a prototype version of the program, and an executable that performed better, for which the source code was not available. The project was to recover the algorithm at the core of the program, and if time permitted, the recovery of other pieces of source code.

Despite the difficulties, the core algorithm was successfully decompiled, and a portion of the rest of the program as well. There were surprises, including the ability to recover almost all original class names, and the complete class hierarchy.

Index Terms:

Reverse engineering, decompilation, source code recovery, native executable file, experience

Citation:

Mike Van Emmerik, Trent Waddington, "Using a Decompiler for Real-World Source Recovery," wcre, pp.27-36, 11th Working Conference on Reverse Engineering (WCRE 2004), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.