Can you retrieve source from a debug-compiled binary?

Asked 26/1, 2011 at 15:3 Answered 26/1, 2011 at 15:22

Solved c++visual-c++decompiling debug-symbols backup-strategies

I was digging around and found an executable for something I wrote in Visual C++ 6.0 about 8 years ago. I never backed up the source code, but I think I always compiled everything in debug mode. I also vaguely remember hearing somewhere that "you can't decompile an executable into source code unless you have your compiler's debugging symbols or something." The code would have sentimental value, but its not mission-critical that I retrieve it.

That's the background; here are the questions:

How do I check if an executable was compiled in debug mode or not?
If it is, what information comes with a debug mode executable?
Can I retrieve full source code? Failing that, can I get any substantial improvement when decompiling compared to a release version? If so, how?

Thanks,

-- Michael Burge

Fonville answered 26/1, 2011 at 15:3 Comment(1)

Check out #947901 – Fike 26/1, 2011 at 15:14

I do not believe there is a flag though you might find something by using PEDUMP which will dump out COFF file formats (Windows EXE and DLLs). You can infer if an executable was compiled for debug rather quickly by running Dependecy Walker and seeing if your EXE is linking to any debug DLLs (suffixed with D, e.g. MSVCRT5D.DLL).

FYI in VC6 Debug and Release are simple named builds, not modes per say, each build a collection of compiler and linker settings. The EXE is just code, debug exes normally not having been optimized which makes using a debugger with it easy (versus debugging optimized code). Thus you can compile a Release binary with Debug Symbols which is sometimes useful for tracking down optimized code errors.
Debug EXEs and DLLs did not contain any debugging information but instead had a sidecar PDB file that resided in the same folder and contains all the debugging symbols information that was produced during compilation.
No, source is source and not compiled into the symbols file or executables. There are some amazing decompilers out there that can regenerate decent C versions of your code but they are amazing only in how good the C is, not in how well they can recreate your source.

Supersaturated answered 26/1, 2011 at 15:22 Comment(0)

With Visual Studio, I am afraid you can't, since the debug executable doesn't contain the source. Visual Studio generates pdb files that only contains the mapping between the binary and the sources filenames and line numbers, but you still need the source code with them. That might be different with gcc, which I think integrate the source itself inside the binaries.

Teamster answered 26/1, 2011 at 15:12 Comment(3)

gcc does not integrate the source into the binary, it does annotate code with file:line, though – Secco 26/1, 2011 at 15:23

@Secco Okay. So the only difference with Visual Studio builds is that the file:line information is directly inside the binary while VS uses a separate pdb file? – Teamster 26/1, 2011 at 15:26

Correct. (btw, you can also separate the debug symbols from a gcc built binary) – Secco 26/1, 2011 at 15:28

-2

I think that many disassemblers can show the source if a binary is compiled in debug mode. For example, I use OllyDBG and it has an option to show the source, although I've never tried.

Bimonthly answered 26/1, 2011 at 15:6 Comment(1)

The location of source files is embedded when the module is compiled. You cannot view the source if the source files are not present at that location... – Fike 26/1, 2011 at 15:15

Recommended topics

Hot tags