I have a 'C' language executable. C

[bnath001]

I have a 'C' language executable. Can I decompile the program inorder to make some changes to the program?

Are there any products in the market which can de-compile a C executable inorder to make some changes to the program?

Can anyone point me in the right direction please.

thank you
basam nath

 

[Lim]

When you have an executable it doesn't mater on what language it has been biult. So there is not a ligal term "Back to C". I don't know the program that generate C code from ASM. Especially when code has been optimized. If you want to chage "crack" program use ASM.

 

[AAB1CCS2]

How about C++? Is there any product in the market which can de-compile a C++ executable on Unix in order to get back the source code?

 

[Salem]

No you can't do this - at least not in any meaningful way. Even the best decompilers name all the functions func1(), func2() etc, and many loop constructs will be written as goto's.

It might be something a compiler could turn back into an executable, but it's not something that any human would really want to work with.

Here's a typical problem

i = 0;
while ( i < 10 ) printf(&quot;%d\n&quot;, i++ );

for ( i = 0 ; i < 10 ; i++ ) printf(&quot;%d\n&quot;, i );

Both of these are pretty likely to produce identical assembler code.

In a large program, the chance of getting back anything which resembles what the original source looked like is close to zero. It's even closer to zero if was compiled with an optimising compiler.

Also known as the "unbaking a cake" problem.


--

 

[zeitghost]

Not to mention the ooooodles of library code that gets linked in.

rgds
Zeit.

 

[woja]

Salem is correct: "the chance of getting back anything which resembles what the original source looked like is close to zero".

There are programs around that try and guess what the original source code might have looked like but they don't work very well except for very small, un-optimised program. For example:

   /* My original code */
   unsigned long myFunction(unsigned long aArg) {
      return aArg & 0xFFFFFFFFul;
   }

could be "unbaked" as:

   long f001(long a0000) {
      return -1 & a0000;
   }

because the compiled code wouldn't distinguish between [tt]unsigned long[/tt] and [tt]long[/tt], it doesn't "know" that the constant was entered in hex, it doesn't "know" the order we entered the [tt]return[/tt] expression in, and it most certainly doesn't "know" the names of the function and argument. Add to this the fact that some compilers might optimise such a small function inline when it was called and other compilers might ignore it if it's never called, and you have little hope of getting back anything meaningful.

We all say "It's a C (or C++) program" but what we really mean is that it's a program compiled from C (or C++). This "laziness" can be a cause of confusion. C (or C++) isn't executed, it's just compiled.

[tt]________________________________________________________________
Roger
Life is a game of cards in which the deck contains only jokers.[/tt]

 

[woja]

...another point:

With C++ the problems are even worse. Consider:

   class A {
      private: int x;
      public: void f(void);
      private: int f(char* s);
   };
   void A::f(void) { return x + 1; }
   int A::f(char* s) { return x + ((int) strlen(s)); }

The compiled code would contain nothing to indicate that [tt]A::f(void)[/tt] and [tt]A::f(char *)[/tt] have the same prototype and wouldn't "know" that one was [tt]public[/tt] and the other [tt]private[/tt]. Any "unbaking" program could only produce (at best):

   class C0000 {
      public: int M0000;
      public: void f000(void);
      public: int f0001(char* a0000);
   };
   void C0000::f0000(void) { return M0000 + 1; }
   int C0000::f0001(char* a0000) {
      return M0000 + f0003(a0000));
   }

(Note that [tt]strlen[/tt] vanishes as a name - all the "unbaker" would know is that there was a function call there).
Actually, I'm not sure that any program could achieve the above "unbaking" but I'm sure you get my point.

[tt]________________________________________________________________
Roger
Life is a game of cards in which the deck contains only jokers.[/tt]