How to decompile an exe or a dll to assembly

G

5

14

I am really interested in assembly language and I want to learn about how exe files work how dlls run etc... and I have an idea of writing an application to decompile an exe to assembly code since i am not a very good assembly programmer and with the lack of knowledge of the inner working of exe I couldn't do it. Since I can read an exe in hex i think it is not impossible but I don't know how to write my own program. Any resources or any help would be appreciated.

Graaf answered 30/12, 2010 at 19:56 Comment(0)

S

20

I think you're looking for a disassembler not a decompiler. IDA pro seems to be popular and you can download an older version for free at http://www.hex-rays.com/idapro/idadownfreeware.htm

Seamanlike answered 30/12, 2010 at 20:6 Comment(2)

any way to decompile 64bit applications? – Lemoine 8/12, 2017 at 15:44

Sure there are. The newest version of IDA can do that (as can many others) it just isn't free. – Seamanlike 13/12, 2017 at 17:18

R

6

There are a lot of dissemblers already written for you (see above), but I don't think reading disassembled code is going to help you become a better assembly writer. The main reason for this is that compilers do A LOT of optimization before they generate assemblies. Often this makes for very tricky code to read but highly efficient code to analyze.

Rhigolene answered 30/12, 2010 at 20:7 Comment(2)

+1 it helps you (beginner in assembly language) getting confused – Rallentando 30/12, 2010 at 20:25

I down-voted this response since this is not an answer but just trying to discourage OP from trying to disassemble. On a second thought, since this is somewhat a valid comment, I wanted to undo the down vote, but SO won't let me do that. – Doe 13/12, 2013 at 21:34

S

5

If you're interested in what a compiled program looks like at the a assembler level a much more meaningful approach would be compile and look at the generated assembly. For example with gcc/g++ this just requires gcc -c -S filename.c and will leave a clear text assembly file to look at.

Surfboard answered 30/12, 2010 at 20:17 Comment(2)

This assumes you have the source code of the program, and that the programming that was used can be compiled by GCC such as C, C++, Objective-C, Objective-C++, Fortran, Ada, D, Go, and BRIG. – Benford 2/2, 2020 at 13:5

@AlexanderRyanBaggett: you can disassemble object files too, for linux for example you can use objdump. But compiling your own code and looking what it looks like is simpler and allows for experimenting. Today it's still quite hard especially if you're compiling with optimizations; I remember however code generated by Turbo Pascal for 8086 that was really easy to understand. – Surfboard 2/2, 2020 at 14:23

A

4

Take a look at this Decompilation Wiki, I suspect it will answer most of your questions.

Alkalize answered 30/12, 2010 at 20:6 Comment(1)

I'm assuming you're going for general education, btw. – Alkalize 30/12, 2010 at 20:8

T

0

reverseengineering.stackexchange.com (hereafter: re.se) has many resources/links to questions of similar scope:

SO: q/273145/ decompile windows exe
<- comment on re.se <- duplicate label on re.se
re.se: q/26956/a#26962 extract machine code

Thorin answered 25/1, 2024 at 17:26 Comment(0)

Recommended topics

Hot tags