开发者

How to convert ASM to read-able code?

开发者 https://www.devze.com 2023-01-14 03:23 出处:网络
I have an exe which I have opened with PE Explorer Disassembler. Now I can see the asm code, which looks like that:

I have an exe which I have opened with PE Explorer Disassembler. Now I can see the asm code, which looks like that:

    push    ebx
    push    esi
    mov ebx,eax
    mov eax,[ebx+38h]
    push    eax
    mov eax,[ebx+3Ch]
    push    eax
    mov ecx,edx
    mov eax,ebx
    mov edx,[ebx+30h]
    mov esi,[eax]
    call    [esi+7Ch]
    or  byte ptr [ebx+00000088h],02h
    pop esi
    pop ebx
    retn

I have no idea what that means. Is there a way to convert this now into read-able code (C, C++, C# or VB.NET)?

Background info: The reason why I need this is because I need to call the a开发者_StackOverflow社区bove function from my windows app. Now this function resides in the third party exe - there is no API or source-code for it. Any help or advice is appreciated.


You would need to know what arguments are used. In this case, it looks like the arguments are passed to this routine in the eax & edx registers. Once you know what those values mean, you can probably figure out how this routine is used and re-code it in whatever language you're using.


If you can get a hold of it, IDA Pro + Hex-Rays could decompile that into semi-readable code.


What you want is called "decompilation".

That is not easy to solve task, and often not possible at all. You might try Google as a start.


You can decompile it into C or some other language with pointers, but it will still be mostly unreadable.


At first glance, it's objectual code; it gets (at least) an object as argument, calls a method of that object which takes as arguments three of the object's attributes and then sets a bit (flag?) in another attribute of the same object to one.

IDA Pro would probably be able to identify the function prototype and it has a free version available which has all the features you need: http://www.hex-rays.com/idapro/idadownfreeware.htm . It will however only give you an idea of the function's prototype, not it's behavior (unless you can "read" x86 assembly). Reverting it to plain C/C++ requires the HexRays plugin which is rather expensive and doesn't always work (decompilation to a high level language is rather complicated).


I'm a bit late to answer this post but seeing that the accepted answer is wrong, I'll still give my 0.2 in case other people are looking for the same thing.

What you are looking for is not "decompilation" since you already decompiled it to asm code. What you want is a sort of compilation of the disassembled code into something you can read (like C)

This field of reverse engineering is still not well developed. Some mentioned IDA with some expensive plugins but it will do you no good... I will mention the only program that might help you: REC

The output might not be accurate or you might not be able to get any C code at all depending on the program you want to debug. But that's the best option you have if you don't know assembly.

As for what you are trying to do, the function you posted does nothing. It calls another function with parameters and gets a return value. What you are interested in is call [esi+7Ch]. You need a debugger and step into this call.

To hook that function inside your program is another story... You'd better write it yourself.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号