➢ Establish initial relative addresses for the variables, constants, and entry
points in the object code.
4.1 Decompilation and Disassembly of Machine Code
Having an understanding of how high-level language programs become
executables can be extremely helpful when attempting to reverse engineer machine code.
Most software tools that assist in reversing executables work by translating the machine
code back into assembly language. This is possible because there exists a one-to-one
mapping from each assembly language instruction to a machine instruction . A tool
that translates machine code back into assembly language is called a disassembler. From
a reverse engineer's perspective the next obvious step would be to translate assembly
language back to a high-level language, where it would be much less difficult to read,
understand, and alter the program. Unfortunately, this is an extremely difficult task for
any tool because once high-level language source code is compiled down to machine
code, a great deal of information is lost. For example, one cannot tell by looking at the
machine code which high-level language (if any) the machine code originated from.
Perhaps knowing a particular quirk about a compiler might help a reverse engineer
identify some machine code that it had a hand in creating, but this is not a reliable
The greatest difficulty in reverse engineering machine code comes from the lack
of adequate decompilers--tools that can generate equivalent high-level language source
code from machine code. The paper  argues that it should be possible to create good