Slashdot Mirror

← Back to Stories (view on slashdot.org)

Famous Last Words: You can't decompile a C++ program

Posted by CmdrTaco on from the decompile-this dept.

The Great Jack Schitt writes "I've always heard that you couldn't decompile a program written with C++. This article describes how to do it. It's a bit lengthy and it doesn't seem like the author usually writes in English, but it might just work (haven't tried it, but will when I have time)."

13 of 479 comments (clear)

  1. You can't by Anonymous Coward · · Score: 5, Insightful

    Information is lost in compilation. You can never reconstruct the exact original source. You end up with valid C++ that has no more human-understandable information than the equivilent machine code.

    Like turning hamburgers into cows...

    1. Re:You can't by capnjack41 · · Score: 4, Insightful
      And then on top of that, the compiler optimizes that code, so calculations are no longer the straightforward and intuitive things they used to be, now they're a series of out-of-order, smaller calculations that are harder to recognize. They're efficient as hell but barely reversible.

      I'll RTFA when it comes back to life :).

    2. Re:You can't by jkorty · · Score: 4, Insightful
      Information is lost in compilation. You can never reconstruct the exact original source

      So what? Doing reasonable interpolations in context is what brains are for. Example: IIRC, when the Morris Worm appeared in 1989, Gene Spafford examined the binary and reverse-engineered the C code, sprinkling it with meaningful comments and good variable and function names. When the original source became available, his turned out to be cleaner program than the original. That is, he not only recreated the original in every way that counts, he overshot and did better than the original

  2. Why not? by bazik · · Score: 5, Insightful

    I've always heard that you couldn't decompile a program written with C++.

    Well, you can decompile every binary programm at least to assembler code, so why shouldnt it possible with C++?

    Maybe he ment "you can't decipher the source of a C++ programm" ;)

    --


    --
    One by one the penguins steal my sanity...
  3. Re:Why by Anonymous Coward · · Score: 5, Insightful

    You need reasons?

    1) Finding backdoors
    2) Testing security
    3) Fixing bugs
    4) Adding features
    5) Discovering copyright violations
    6) Interfacing to non-supported clients

    Pretty much anything and everything you would do if you had the source.

  4. Re:Why by p4ul13 · · Score: 4, Insightful

    You could be updating a program for your company for which the source is lost.

    --
    Paul Lenhart writes words!
  5. Inline functions, templates and decompilation by truth_revealed · · Score: 4, Insightful

    Sure you can decompile an optimized and symbol-stripped C++ program, but you'd never have it the original compact form of the source as you do with the Java class file decompilers due to the heavy use of inline functions and templates used in C++. A C program, sure, but decompiling C++ is not terribly useful.

  6. Re:To all those, who think it's useless... by pVoid · · Score: 3, Insightful
    Neat tricks are generally either one of these three things:

    A hidden API call - which can be easily found via ASM listings

    A nice little algorithm - which can be found in comp sci books

    An elegant piece of code - which can *not* be decompiled from ASM

    So no, I disagree with you.

  7. Reverse engineering has its uses... by sheetsda · · Score: 4, Insightful

    There seem to be a lot of people in this story saying "shame on you for reverse engineering". It has its uses, how else would viruses, worms, and trojans be analyzed to figure out what they do and how they do it.

  8. Decompiling to C++ is like... by Call+Me+Black+Cloud · · Score: 3, Insightful

    ...trying to rebuild a wrecked sand castle just by looking at the grains of sand. You can't. Compilers throw away a lot of information needed by people but not necessary for the machine. Compilers optimize the code to run more efficiently and that's a one-way street. Sorry to burst your bubble but trying to reconstruct original source is like trying to herd cats.

    Thank you, thank you. I'm Mr. Metaphor and I'll be here all week.

  9. Re:Why by Lumpy · · Score: 4, Insightful

    Why would you want to do this unless you were stealing source?

    nice try.

    You must be either Bill Gates, Steve Ballmer or someone who works for the BSA.

    How am I to tell if your close source program isn't full of my GPL code that you blatently stole and are trying to rob me blind by STEALING my IP? Being a closed source advocate as you seem to be you are for me trying to detect IP theft and the illegal STEALING of my code by PIRATES right?

    Ok, I'm going overboard to make my point... I have EVERY right to use tools in a good and legal way. Why not outlaw hammers as anyone can perform a very grisly and horrible murder with one... Or better yet only allow licensed contractors to have hammers! as we know that the unlicensed public is only going to do very ewvil things with tools!

    see my point now? A tool is exactly what it looks like.... a tool. it can be used for good and evil. and I dont have any respect for the self righteous like you condemning what I do before I even do it.

    people with attitudes like you are what cause all the pain and suffering in this world...... STOP IT!

    --
    Do not look at laser with remaining good eye.
  10. Decompilation = halting problem by Wizard+of+OS · · Score: 3, Insightful

    Why do people keep thinking that decompilation is possible? In short: decompiling a computer program is solving the halting problem. Period.

    The long version: In a compiled computer program there is no distinction for either code or data. Every byte in memory can be data, but it can also be executed as valid computer code.

    Now, the catch is that during compilation, data and code are mixed in the resulting binary. For instance take the compilation of a 'case' statement. There are several ways of compiling a case:
    - you can write it as a list of IF's, which is perfectly fine decompilable
    - you can write it as a jump, based on the case expression.
    The fun part about the second possibility is that it's far more efficient, but it poses a problem: when decompiling this you have to know where the bounds of the case lie. What's the furthest jump that can be made? It's a jump based on a calculated value, so you should know which values are possible. But for that, you need to run the program, and more specifically, you must run all possible execution paths.

    This can be rewritten as the instance of the halting problem: can a computer find out for any program whether or not it will halt? It is proven that a computer program cannot be written to do this task. Neither can a computer program decompile any other computer program.

    --

    --
    If code was hard to write, it should be hard to read
  11. Re:Why by i_am_nitrogen · · Score: 3, Insightful

    One really good reason I haven't seen mentioned yet is writing a Linux driver for a piece of hardware only supported in Windows, such as the DXR3/Hollywood+ or the MyHD/WinTV-HD/etc. For these projects where the hardware manufacturers either can't or won't offer any help, the only way to support the hardware is by disassembling the Windows driver and figuring out the algorithms used by reading the disassembly and/or watching the interactions between the driver and the code. Fortunately for the MyHD driver project, the MyHD software is distributed without any EULA.

    BTW: Nice job getting all those responses with two lines...

    --
    A solution to the problem with music today