X hits on this document

371 views

0 shares

0 downloads

0 comments

21 / 120

Table 4.1. Result of decompiling HelloWorld.exe using Boomerang.

HelloWorld.c:

01: #include <stdio.h> 02: int main(int argc, char *argv[]) 03: {

04:

printf("Hello Boomerang World\n");

05:

return 0;

06:

}

Boomerang decompilation of HelloWorld.exe (abbreviated):

01: union { __size32[] x83; unsigned int x84; 02: __size32 global3 = -1;// 4 bytes 03: 04: // address: 0x401280 05: void _start() 06: {

} global10;

07:

_ __set_app type();

08:

proc1();

09:

}

10: 11: // address: 0x401150 12: void proc1() 13: {

14: 15: 16: 17: 18: 19: 20: 21:

__size32

eax; // r24

__size32

ebp; // r29

__size32

ebx; // r27

int ecx;

// r25

int edx;

// r26

int esp;

// r28

SetUnhandledExceptionFilter(); proc5(pc, pc, 0x401000, ebx, ebp, eax, ecx, edx, ebx,

esp – 4, SUBFLAGS32(esp - 44, 4, esp - 48), esp - 48 == 0, (unsigned int)(esp - 44) < 4);

22:

}

[11] states: “Machine code decompilation, unlike Java/.NET decompilation, is still a very

immature technology.” To ensure that decompilation was given a fair trial, another

decompiler was tried on the HelloWorld.exe executable. The Reversing Engineering

Compiler or REC is both a compiler and a decompiler that claims to be able to produce a

“C-like” representation of machine code [12]. Unfortunately. the results of the

decompilation using REC were similar to that of Boomerang. Based on the current state

13

Document info
Document views371
Page views372
Page last viewedThu Dec 08 22:30:11 UTC 2016
Pages120
Paragraphs2913
Words25794

Comments