Decompilation

Information and Software Technology Journal, 1994

Compiler compilers are in widespread use, but decompiler compilers are a more novel concept. This paper sets out a technique for the decompilation of object code back to source code, and describes a working decompiler generator. Existing and potential applications include reverse engineering, quality assessment, debugging and safety-critical code validation or verification.

Accurate program decompilation is one of the most difficult tasks of reverse engineering. Currently, there exist several single-purpose decompilers targeted on a particular platform (e.g. Intel x86 architecture and Microsoft Windows OS) and on a particular language. These tools are always hand-written by the author from scratch. This paper presents a concept of a retargetable reverse compiler (i.e. a decompiler). This tool translates platform-specific binary applications into a high-level language (HLL) representation. A Python-like language was chosen as the target language, but the decompiler can be easily extended to other target languages. Our unique solution is automatically generated from the target platform description. It exploits the architecture description language ISAC for describing the target platform and the LLVM Compiler System as the core of the decompiler. The proof of our concept is presented on a Sony PlayStation Portable (PSP) handheld game console. As can be se...

Lecture Notes in Computer Science, 2002

Abstract. Just as an interpreter for a source language can be turned into a compiler from the source language to a target language, we observe that an interpreter for a target language can be turned into a compiler from the target language to a source language. In both cases, the key ...

2018

Decompiling is often used in conjunction with recovering lost source code, or in reverse-engineering code when we do not have access to the source. Here we describe a novel use: places where accurate position reporting, even in the presence of optimized code or where source code is not available, could be helpful. Examples include tracebacks, debuggers, core dumps and so on. Also new is using decompilation to assist debugging at runtime. We show how more conventional methods of source-code reporting are vague and ambiguous. Although effecting a pervasive change in a compiler is arduous and error-prone, a decompiler can be developed somewhat independently. However, for the vast number of programming languages, decompilers do not exist. This is true even for dynamic interpreted languages where there is little going on in the way of “compilation.” Traditionally, decompilers are labor intensive and ad hoc, and their construction might also be unfamiliar. So this paper shows how to ameli...

Since the advent of modern programming language compilers whereby a set of human readable instructions are syntactically and semantically parsed and then translated and optimized to a binary format readable by a machine or an interpreter, there has been a need for the reversal of the process which is generally known as decompilation. Yet wide gaps of knowledge have remained in decompilation given that it is can be modeled as an identical process to that performed by a compiler except the input and output take on a different appearance. The Von Neumann architecture which modern computers are still based on, requires that the code and data remain in memory and operate on that which is contained within that memory as well yielding the possibility for code to modify itself which is merely a form of compression or obfuscation of the original code. By analyzing self-modifying code, and its implications for declarative programming languages as well as temporally, a model for decompilation can be described which will generalize and completely match the problem description handling the most complicated and generalized situations which are possible.

1980

Communications of the ACM, 2003

2006

Abstract. Analysis or verification of low-level code is useful for minimizing the disconnect between what is verified and what is actually executed and is necessary when source code is unavailable or is, say, intermingled with inline assembly. We present a modular framework for building pipelines of cooperating decompilers that gradually lift the level of the language to something appropriate for source-level tools.

Journal of Software Maintenance: Research and Practice, 1993

A compiler may be speci ed by a description of how each construct of the source language is translated into a sequence of object code instructions. It is possible to produce a compiler prototype almost directly from this speci fication in the form of a logic program. This de fines a relation between allowed high-level and low-level program constructs. Normally a high-level program is supplied as input to a compiler and object code is returned. Because of the declarative nature of a logic program, it is possible for the object code to be supplied and the allowed high-level programs returned, resulting in a decompiler, provided enough information is available in the object code. This paper discusses the problems of adopting such an approach in practice. A simple compiler and decompiler are presented in full as an example in the logic programming language Prolog, together with some sample output. The possible benefi ts of using constraint logic programming are also considered. Potential applications include reverse engineering in the software maintenance process, veri fication of safety-critical object code, quality assessment of code and program debugging tools. Keywords: Reverse Engineering, Decompilation, Logic Programming, Prolog, Compiler Prototyping, Constraint Logic Programming

2011