With a debugger you can step through the program assembly interactively.
With a disassembler, you can view the program assembly in more detail.
With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD - if the program is packed, you'll have to unpack it first OR Detect-it-Easy if you can't find PEiD anywhere. DIE has a strong developer community on github currently).
Debuggers:
- OllyDbg, free, a fine 32-bit debugger, for which you can find numerous user-made plugins and scripts to make it all the more useful.
- WinDbg, free, a quite capable debugger by Microsoft. WinDbg is especially useful for looking at the Windows internals, since it knows more about the data structures than other debuggers.
- SoftICE, SICE to friends. Commercial and development stopped in 2006. SoftICE is kind of a hardcore tool that runs beneath the operating system (and halts the whole system when invoked). SoftICE is still used by many professionals, although might be hard to obtain and might not work on some hardware (or software - namely, it will not work on Vista or NVIDIA gfx cards).
Disassemblers:
- IDA Pro(commercial) - top of the line disassembler/debugger. Used by most professionals, like malware analysts etc. Costs quite a few bucks though (there exists free version, but it is quite quite limited)
- W32Dasm(free) - a bit dated but gets the job done. I believe W32Dasm is abandonware these days, and there are numerous user-created hacks to add some very useful functionality. You'll have to look around to find the best version.
Decompilers:
- Visual Basic: VB Decompiler, commercial, produces somewhat identifiable bytecode.
- Delphi: DeDe, free, produces good quality source code.
- C: HexRays, commercial, a plugin for IDA Pro by the same company. Produces great results but costs a big buck, and won't be sold to just anyone (or so I hear).
- .NET(C#): dotPeek, free, decompiles .NET 1.0-4.5 assemblies to C#. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files.
Some related tools that might come handy in whatever it is you're doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).
Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.
Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.
Also, remember that disassembling or even debugging other people's software is usually against the EULA in the very least :)
With a debugger you can step through the program assembly interactively.
With a disassembler, you can view the program assembly in more detail.
With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD - if the program is packed, you'll have to unpack it first OR Detect-it-Easy if you can't find PEiD anywhere. DIE has a strong developer community on github currently).
Debuggers:
- OllyDbg, free, a fine 32-bit debugger, for which you can find numerous user-made plugins and scripts to make it all the more useful.
- WinDbg, free, a quite capable debugger by Microsoft. WinDbg is especially useful for looking at the Windows internals, since it knows more about the data structures than other debuggers.
- SoftICE, SICE to friends. Commercial and development stopped in 2006. SoftICE is kind of a hardcore tool that runs beneath the operating system (and halts the whole system when invoked). SoftICE is still used by many professionals, although might be hard to obtain and might not work on some hardware (or software - namely, it will not work on Vista or NVIDIA gfx cards).
Disassemblers:
- IDA Pro(commercial) - top of the line disassembler/debugger. Used by most professionals, like malware analysts etc. Costs quite a few bucks though (there exists free version, but it is quite quite limited)
- W32Dasm(free) - a bit dated but gets the job done. I believe W32Dasm is abandonware these days, and there are numerous user-created hacks to add some very useful functionality. You'll have to look around to find the best version.
Decompilers:
- Visual Basic: VB Decompiler, commercial, produces somewhat identifiable bytecode.
- Delphi: DeDe, free, produces good quality source code.
- C: HexRays, commercial, a plugin for IDA Pro by the same company. Produces great results but costs a big buck, and won't be sold to just anyone (or so I hear).
- .NET(C#): dotPeek, free, decompiles .NET 1.0-4.5 assemblies to C#. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files.
Some related tools that might come handy in whatever it is you're doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).
Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.
Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.
Also, remember that disassembling or even debugging other people's software is usually against the EULA in the very least :)
psoul's excellent post answers to your question so I won't replicate his good work, but I feel it'd help to explain why this is at once a perfectly valid but also terribly silly question. After all, this is a place to learn, right?
Modern computer programs are produced through a series of conversions, starting with the input of a human-readable body of text instructions (called "source code") and ending with a computer-readable body of instructions (called alternatively "binary" or "machine code").
The way that a computer runs a set of machine code instructions is ultimately very simple. Each action a processor can take (e.g., read from memory, add two values) is represented by a numeric code. If I told you that the number 1 meant scream and the number 2 meant giggle, and then held up cards with either 1 or 2 on them expecting you to scream or giggle accordingly, I would be using what is essentially the same system a computer uses to operate.
A binary file is just a set of those codes (usually call "op codes") and the information ("arguments") that the op codes act on.
Now, assembly language is a computer language where each command word in the language represents exactly one op-code on the processor. There is a direct 1:1 translation between an assembly language command and a processor op-code. This is why coding assembly for an x386 processor is different than coding assembly for an ARM processor.
Disassembly is simply this: a program reads through the binary (the machine code), replacing the op-codes with their equivalent assembly language commands, and outputs the result as a text file. It's important to understand this; if your computer can read the binary, then you can read the binary too, either manually with an op-code table in your hand (ick) or through a disassembler.
Disassemblers have some new tricks and all, but it's important to understand that a disassembler is ultimately a search and replace mechanism. Which is why any EULA which forbids it is ultimately blowing hot air. You can't at once permit the computer reading the program data and also forbid the computer reading the program data.
(Don't get me wrong, there have been attempts to do so. They work as well as DRM on song files.)
However, there are caveats to the disassembly approach. Variable names are non-existent; such a thing doesn't exist to your CPU. Library calls are confusing as hell and often require disassembling further binaries. And assembly is hard as hell to read in the best of conditions.
Most professional programmers can't sit and read assembly language without getting a headache. For an amateur it's just not going to happen.
Anyway, this is a somewhat glossed-over explanation, but I hope it helps. Everyone can feel free to correct any misstatements on my part; it's been a while. ;)
Videos
Opening exe file in notepad is in Martian Language(no editable formate) is there tool exist that translate into earth language. I want to tweak in simple exe file
Hi All,
I have an very small application that installs .Net Framework and sets an interactive logon message for our non domain PC’s, this was built in house by a previous software developer, I’m wanting to decompile the executable to modify the interactive logon message after a change in our department structure and then recompile it, can anyone advise?
I have no idea where to start, I’m more hardware / network based than software development! I believe it was created with Visual Studio, but the developer didn’t leave any documentation for the application, what its coded in, how it works etc…
Thanks
dotPeek is my go to for this kind of task. The simpler the executable, the easier it’ll hopefully be for you to figure out. Even more so if it’s not Forms/WPF based.
I'm learning software engineering in a university and I'm at my second semester. I have a game called Clive Barker's Jericho, it's an old game from 2007. I've made a mod for it based on another guy's mod. The thing is the code for the game is separated into 2 parts. 1. all the cpp code in the compiled .EXE file and the other half is in .lc basically .lua/.luac files. The .lc files can be decompiled and you can work with them, but the .cpp code is compiled to a .EXE file so it's basically unaccessible. The game was made in unreal engine if I'm right, is there a way to decompile the cpp .EXE file? Or only reverse engineering works?
The icon you describe sounds exactly like a compiled AutoHotkey script:
I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/
Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe
EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me. However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:
Overview:
Resource Hacker is a resource editor for 32bit and 64bit Windows applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.
Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
It depends on the type of your executable.
When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy
However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.
As mentioned above IDA is a great dissembler, but do not expect good C source from the dissembled native object. Overall the range of utilities to manipulate PE executables is quite limited in comparison to more universal and open executable like ELF. I would be more interested in the disassembled assembly since even remotely acceptable C code will not be possible since allot of "user" executables have obfuscated symbols. I haven't used a windows environment in ages, but when I did for disassembly functions I used the Boomerang decompiler which is open source and free http://boomerang.sourceforge.net/
There is the Hexrays Decompiler, which is a plugin for the Interactive Disassembler (hexrays.com). It decompiles machine code into Pseudo-C code.
It depends on the underlying language that the developers used.
For Java and .NET languages it is possible most of the time to "de-compile" the source code. it's not going to be the true original code (variable names will be different, optimizations by the compiler will have rearranged code, etc) but it will be close.
Other languages such as C/C++ are not so easy.
As far as the ethics go, if you are just a hobby coder interested in playing around then that's fine. However, if you are a professional and you're trying to get source code to copy an app then that's very unethical and a big no-no!
If the application is written in one of the .NET languages (VB/C#), you can use Red Gate's Reflector reflector.red-gate.com to disassemble the application into corresponding source files. Not every application is written in managed languages like this though, and decompiling a C++ application, or one written in Delphi or another non-managed language is not nearly as easy, and all you can really get are hex dumps, which are very difficult to then reconstruct into an actual application.