Geek Answers Handbook

How to convert ASM to readable code?

I have an exe that I opened using PE Explorer Disassembler. Now I see asm code that looks like this:

push ebx push esi mov ebx,eax mov eax,[ebx+38h] push eax mov eax,[ebx+3Ch] push eax mov ecx,edx mov eax,ebx mov edx,[ebx+30h] mov esi,[eax] call [esi+7Ch] or byte ptr [ebx+00000088h],02h pop esi pop ebx retn

I have no idea what that means. Is there a way to convert this now into readable code (C, C ++, C # or VB.NET)?

Background information. The reason I need this is because I need to call the above function from my Windows application. Now this function is in a third-party exe - there is no API or source code for it. Any help or advice is appreciated.

+6
assembly x86 reverse-engineering
source share
6 answers

What you want is called decompilation.

It is not easy to solve the problem, and often it is impossible at all. You can try Google as a start.

0
source share

You need to know what arguments are used. In this case, it looks like the arguments are passed to this routine in the eax and edx . Once you know what these values ​​mean, you can probably figure out how this procedure is used and transcode it into any language that you use.

+2
source share

If you can hold it, IDA Pro + Hex-Rays can decompile it into the received code.

+1
source share

You can decompile it into C or some other language with pointers, but it will still be mostly unreadable.

0
source share

At first glance, this is an objective code; it receives (at least) the object as an argument, calls the method of this object, which takes three attributes of the object as arguments, and then sets the bit (flag?) in another attribute of the same object to one.

IDA Pro will probably be able to identify the prototype of the function and have a free version that has all the necessary functions: http://www.hex-rays.com/idapro/idadownfreeware.htm . However, it will give you an idea of ​​the function prototype, not the behavior (if you cannot "read" the x86 assembly). Returning to simple C / C ++, the HexRays plugin is needed, which is quite expensive and does not always work (decompiling to a high-level language is rather complicated).

0
source share

I'm a little late to reply to this post, but when I see that the accepted answer is incorrect, I will still give my 0.2 if other people are looking for the same.

What you are looking for is not "decompilation", since you have already decompiled it into asm code. What you want is a kind of compilation of parsed code into something that you can read (e.g. C)

This area of ​​reverse engineering is still underdeveloped. Some have mentioned the IDA with some expensive plugins, but it won't do you any good ... I mentioned the only program that can help you: REC

The result may not be accurate, or you may not be able to get any C code at all, depending on the program you want to debug. But this is the best option that you have if you do not know the assembly.

As for what you are trying to do, the function you posted does nothing. It calls another function with parameters and gets the return value. You are interested in calling [esi + 7Ch]. You need a debugger and join this call.

To intercept this function inside your program, this is another story ... You better write it yourself.

0
source share

More articles:


All Articles