X hits on this document

356 views

0 shares

0 downloads

0 comments

19 / 120

Establish initial relative addresses for the variables, constants, and entry

points in the object code.

4.1 Decompilation and Disassembly of Machine Code

Having an understanding of how high-level language programs become

executables can be extremely helpful when attempting to reverse engineer machine code.

Most software tools that assist in reversing executables work by translating the machine

code back into assembly language. This is possible because there exists a one-to-one

mapping from each assembly language instruction to a machine instruction [10]. A tool

that translates machine code back into assembly language is called a disassembler. From

a reverse engineer's perspective the next obvious step would be to translate assembly

language back to a high-level language, where it would be much less difficult to read,

understand, and alter the program. Unfortunately, this is an extremely difficult task for

any tool because once high-level language source code is compiled down to machine

code, a great deal of information is lost. For example, one cannot tell by looking at the

machine code which high-level language (if any) the machine code originated from.

Perhaps knowing a particular quirk about a compiler might help a reverse engineer

identify some machine code that it had a hand in creating, but this is not a reliable

strategy.

The greatest difficulty in reverse engineering machine code comes from the lack

of adequate decompilers--tools that can generate equivalent high-level language source

code from machine code. The paper [5] argues that it should be possible to create good

11

Document info
Document views356
Page views357
Page last viewedWed Dec 07 19:57:53 UTC 2016
Pages120
Paragraphs2913
Words25794

Comments