Good decompilers, disassemblers or debuggers?
January 1, 2006 1:04 AM Subscribe
What are some good de-compilers, disassemblers or debuggers? I would like to try my hand at reverse-engineering some programs, but I am sure there are tools better suited to the job than Microsoft Visual Studio. Thanks!
If you're talking about VS then I'm going to assume you mean the win32 platform and not *nix or OS X.
OllyDbg
IDA Pro
gdb / insight (through Cygwin)
debugging section @programmerstools
Any debugger on the planet should be able to do the basic functions: show a disassembly, set breakpoints, examine data, etc. However, there are two main families of debug information on win32: the Microsoft formats (codeview and PDB) and the GNU/gcc formats (traditionally this is 'stabs' under win32 but you can also use dwarf2 now as well.) So Visual Studio, OllyDbg, and most other native windows apps will be able to grok the MS-style debug info and C++ name mangling schemes, and gdb/insight/ddd should be used if the target was compiled with gcc. However if you're doing reverse engineering then you usually don't have any debug info available so this becomes less of an issue, but it still can be relevent if you're trying to debug C++ code since the name mangling/exception handling will still depend on the compiler. And some tools (such as OllyDbg) are just better suited to reverse engineering since they have more heuristics to try to analyze code when debug information is not present.
posted by Rhomboid at 2:12 AM on January 1, 2006
OllyDbg
IDA Pro
gdb / insight (through Cygwin)
debugging section @programmerstools
Any debugger on the planet should be able to do the basic functions: show a disassembly, set breakpoints, examine data, etc. However, there are two main families of debug information on win32: the Microsoft formats (codeview and PDB) and the GNU/gcc formats (traditionally this is 'stabs' under win32 but you can also use dwarf2 now as well.) So Visual Studio, OllyDbg, and most other native windows apps will be able to grok the MS-style debug info and C++ name mangling schemes, and gdb/insight/ddd should be used if the target was compiled with gcc. However if you're doing reverse engineering then you usually don't have any debug info available so this becomes less of an issue, but it still can be relevent if you're trying to debug C++ code since the name mangling/exception handling will still depend on the compiler. And some tools (such as OllyDbg) are just better suited to reverse engineering since they have more heuristics to try to analyze code when debug information is not present.
posted by Rhomboid at 2:12 AM on January 1, 2006
Response by poster: Rhomboid, you assumed correctly and I thank you for those links and your insight!
mr.dan: You are correct in your assumption! I'm just a highschool student, but I'm on my summer break and I'd love to be doing something constructive and learning from it while I'm still at it. This is just an educational exercise for me. :-)
posted by PuGZ at 3:31 AM on January 1, 2006
mr.dan: You are correct in your assumption! I'm just a highschool student, but I'm on my summer break and I'd love to be doing something constructive and learning from it while I'm still at it. This is just an educational exercise for me. :-)
posted by PuGZ at 3:31 AM on January 1, 2006
When I want to dissassemble win32 apps, I use ht. I wish I were better at it, though!
posted by cmm at 6:41 AM on January 1, 2006
posted by cmm at 6:41 AM on January 1, 2006
2 random tools: softice, w32dasm
google has lots of (old.. really old..) cracking tutorials, that might be a nice starting point
posted by suni at 8:39 AM on January 1, 2006
google has lots of (old.. really old..) cracking tutorials, that might be a nice starting point
posted by suni at 8:39 AM on January 1, 2006
Here's a wikipedia page and another wikipedia page to start at. Check out softICE and Windows Source ... costs money and no free trial version but I remember previous versions of it were very good.
Mostly you need to understand intel x86 assembly language and have a handy reference for Win32 API calls.
posted by StarForce5 at 9:05 AM on January 1, 2006
Mostly you need to understand intel x86 assembly language and have a handy reference for Win32 API calls.
posted by StarForce5 at 9:05 AM on January 1, 2006
Check out Scan of the Month for a security point of view of reverse engineering. You can see how people approach reverse engineering from different angles, and what tools they use. Not all the entries involve disassembly though.
posted by Sharcho at 10:29 AM on January 1, 2006
posted by Sharcho at 10:29 AM on January 1, 2006
This thread is closed to new comments.
However, from your question, it doesn't really seem that you have a grasp on what it takes to reverse engineer a program. It's quite difficult!
Good luck!
posted by mr.dan at 2:04 AM on January 1, 2006