Good decompilers, disassemblers or debuggers?
January 1, 2006 1:04 AM   Subscribe

What are some good de-compilers, disassemblers or debuggers? I would like to try my hand at reverse-engineering some programs, but I am sure there are tools better suited to the job than Microsoft Visual Studio. Thanks!
posted by PuGZ to Computers & Internet (8 answers total) 1 user marked this as a favorite
 
Check here.

However, from your question, it doesn't really seem that you have a grasp on what it takes to reverse engineer a program. It's quite difficult!

Good luck!
posted by mr.dan at 2:04 AM on January 1, 2006


If you're talking about VS then I'm going to assume you mean the win32 platform and not *nix or OS X.

OllyDbg
IDA Pro
gdb / insight (through Cygwin)
debugging section @programmerstools

Any debugger on the planet should be able to do the basic functions: show a disassembly, set breakpoints, examine data, etc. However, there are two main families of debug information on win32: the Microsoft formats (codeview and PDB) and the GNU/gcc formats (traditionally this is 'stabs' under win32 but you can also use dwarf2 now as well.) So Visual Studio, OllyDbg, and most other native windows apps will be able to grok the MS-style debug info and C++ name mangling schemes, and gdb/insight/ddd should be used if the target was compiled with gcc. However if you're doing reverse engineering then you usually don't have any debug info available so this becomes less of an issue, but it still can be relevent if you're trying to debug C++ code since the name mangling/exception handling will still depend on the compiler. And some tools (such as OllyDbg) are just better suited to reverse engineering since they have more heuristics to try to analyze code when debug information is not present.
posted by Rhomboid at 2:12 AM on January 1, 2006


Rhomboid, you assumed correctly and I thank you for those links and your insight!

mr.dan: You are correct in your assumption! I'm just a highschool student, but I'm on my summer break and I'd love to be doing something constructive and learning from it while I'm still at it. This is just an educational exercise for me. :-)
posted by PuGZ at 3:31 AM on January 1, 2006


When I want to dissassemble win32 apps, I use ht. I wish I were better at it, though!
posted by cmm at 6:41 AM on January 1, 2006


2 random tools: softice, w32dasm
google has lots of (old.. really old..) cracking tutorials, that might be a nice starting point
posted by suni at 8:39 AM on January 1, 2006


Here's a wikipedia page and another wikipedia page to start at. Check out softICE and Windows Source ... costs money and no free trial version but I remember previous versions of it were very good.

Mostly you need to understand intel x86 assembly language and have a handy reference for Win32 API calls.
posted by StarForce5 at 9:05 AM on January 1, 2006


Check out Scan of the Month for a security point of view of reverse engineering. You can see how people approach reverse engineering from different angles, and what tools they use. Not all the entries involve disassembly though.
posted by Sharcho at 10:29 AM on January 1, 2006


If you have Visual Studio, make sure you play around with some of the lesser known tools, like Spy++ and OleView.

Spy++ lets you tap into the all the windows you see, including the messages they are receiving.

OleView will give you some insight into the COM interfaces exposed by the various things installed on your system.

Spy++ and OleView may not amount to reverse engineering, but they can help you discover some very useful things that you didn't know previously.
posted by b1tr0t at 10:42 AM on January 1, 2006


« Older Atchoo. Gimme gamma sterilization.   |   Rediscovering a book from childhood Newer »
This thread is closed to new comments.