Best IT Recipes

What is a good C decompiler?

I am looking for a decompiler for a C program. The binary is a 32-bit Linux x86 executable. Objdump is working fine, so basically I'm looking for something that is trying to restore the C source from the asm source.

+90
c assembly linux decompiling reverse-engineering
11 Oct '08 at 9:35
source share
5 answers

Secondary Hex rays, but if you cannot justify this cost, Boomerang can work.

+60
Oct 11 '08 at 9:38
source share

If you have money, Decompiler Hex-Rays may be worth your time. :-)

+20
Oct 11 '08 at 9:37
source share

No matter how useful the IDA, it costs a lot of money. Not sure about your specific use case, but Plasma seems to work: "Plasma is an interactive disassembler for x86 / ARM / MIPS. It can generate indented pseudocode with color syntax."

If you are looking for something more similar to the IDA, I highly recommend Radare2 . There is also an ODA, an online dis-slacker, if you don't want to install anything.

The new addition is Binary Ninja, and although it is not even close to the capabilities of IDA or Radare, it is a cheap and good utility for beginners.

Update: Following this comment, the NSA released Ghidra, which is completely open source and free. This is a full-featured RE environment with a high-end decompiler.

+10
Apr 08 '15 at 12:23
source share

For binary decompilation, I bought a personal Hopper license at https://www.hopperapp.com .

Benefits:

  • has an intuitive and thoughtful graphical interface;
  • works on MacOS and Linux;
  • provides reasonable C-like decompiler output;
  • decompiles 32-bit and 64-bit binaries;
  • supports Mach-O binaries (Mac and iOS), Windows PE32 / 32 + / 64 binaries and ELF binaries;
  • has very regular free updates;
  • The cost of a license in the region of $ 100 cannot be defeated.

IMO, the price / quality ratio is quite easily superior to IDA / Hex-ray and leaves other commercial (or free) decompilers in the dust.

Alternatively, you can try it or use the demo version to get a feel for it and decompile (very) small executables for free.

Hopper

From now on (March / 2019), as an alternative, you also have Hydra from the NSA. Ghidra runs on Linux, Mac, and Windows while JDK 11 is installed. It is introduced "as a free tool comparable to x-rays."

Ghidra

Hydra feels more powerful, but Hopper still seems more intuitive.

See also: PepperMalware Blog - Quick Trickbot Sample Analysis with NSA Ghidra SRE Framework

+8
Oct. 15 '17 at 18:18
source share

Snowman ( http://derevenets.com ) looks good. The generated code is a mess, but it works.

+4
Jan 18 '17 at 2:49 on
source share


More articles:


All Articles