Fox Flash Decompiler Convert SWF to EXE in seconds! Fox Flash Decompiler is the only application that is capable of converting SWF to EXE with high speed and high quality. The official decompiler will only decompile scripts compiled with AutoIt v3.2.5.1 and earlier. There is no decompiler for any version of exe created by a version after 3.2.5.1, you're out of luck and it's against the rules to ask about it.
Decompiler
06/06/2010 - AutoIt - 6 Replies Da expo nicht mal antwortet(nicht antworten will)..Habe ich diese Thread geöffnet und zwar aus dem grundder decompiler von autoit in e*pvpers, funktioniert nicht mehr..und ich hätte gerne einen neuen der funktioniert und kostenlos ist..und ich möchte keine so depp-artigen dummen aussagen google ist dein freund, oder das ist die falsche sektion, ich weiß warum ich hier frage..ich will hier nur antworten wie ich habe einen den ich dir geben kann keine antworten mit such..
Active1 year, 7 months ago
A friend of mine downloaded some malware from Facebook, and I'm curious to see what it does without infecting myself. I know that you can't really decompile an .exe, but can I at least view it in Assembly or attach a debugger?
Edit to say it is not a .NET executable, no CLI header.
swilliamsswilliams
35.6k2222 gold badges8989 silver badges129129 bronze badges
15 Answers
With a debugger you can step through the program assembly interactively.
With a disassembler, you can view the program assembly in more detail. With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD - if the program is packed, you'll have to unpack it first OR Detect-it-Easy if you can't find PEiD anywhere. DIE has a strong developer community on github currently). Debuggers:
Disassemblers:
Decompilers:
Some related tools that might come handy in whatever it is you're doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).
Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.
Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.
Also, remember that disassembling or even debugging other people's software is usually against the EULA in the very least :)
psoul's excellent post answers to your question so I won't replicate his good work, but I feel it'd help to explain why this is at once a perfectly valid but also terribly silly question. After all, this is a place to learn, right?
Modern computer programs are produced through a series of conversions, starting with the input of a human-readable body of text instructions (called 'source code') and ending with a computer-readable body of instructions (called alternatively 'binary' or 'machine code').
The way that a computer runs a set of machine code instructions is ultimately very simple. Each action a processor can take (e.g., read from memory, add two values) is represented by a numeric code. If I told you that the number 1 meant scream and the number 2 meant giggle, and then held up cards with either 1 or 2 on them expecting you to scream or giggle accordingly, I would be using what is essentially the same system a computer uses to operate.
A binary file is just a set of those codes (usually call 'op codes') and the information ('arguments') that the op codes act on.
Now, assembly language is a computer language where each command word in the language represents exactly one op-code on the processor. There is a direct 1:1 translation between an assembly language command and a processor op-code. This is why coding assembly for an x386 processor is different than coding assembly for an ARM processor.
Disassembly is simply this: a program reads through the binary (the machine code), replacing the op-codes with their equivalent assembly language commands, and outputs the result as a text file. It's important to understand this; if your computer can read the binary, then you can read the binary too, either manually with an op-code table in your hand (ick) or through a disassembler.
Disassemblers have some new tricks and all, but it's important to understand that a disassembler is ultimately a search and replace mechanism. Which is why any EULA which forbids it is ultimately blowing hot air. You can't at once permit the computer reading the program data and also forbid the computer reading the program data.
(Don't get me wrong, there have been attempts to do so. They work as well as DRM on song files.)
However, there are caveats to the disassembly approach. Variable names are non-existent; such a thing doesn't exist to your CPU. Library calls are confusing as hell and often require disassembling further binaries. And assembly is hard as hell to read in the best of conditions.
Most professional programmers can't sit and read assembly language without getting a headache. For an amateur it's just not going to happen.
Anyway, this is a somewhat glossed-over explanation, but I hope it helps. Garmin waypoint manager free download. Everyone can feel free to correct any misstatements on my part; it's been a while. ;)
Jason LJason L
2,49733 gold badges1717 silver badges1818 bronze badges
Good news. IDA Pro is actually free for its older versions now:http://www.hex-rays.com/idapro/idadownfreeware.htm
MatthewMatthew
Any decent debugger can do this. Try OllyDbg. (edit: which has a great disassembler that even decodes the parameters to WinAPI calls!)
MAGIX Soundpool DVD Collection 20 offers more than 6 GB of brand new sounds & loops that will take your music projects, remixes and audio productions to the next level! This top quality sound library covers almost every music genre and can be used in combination with any music software on Mac or PC. Music maker free soundpools.
utku_karatas
Decompile 3.3 Autoitutku_karatas
4,29233 gold badges3636 silver badges5050 bronze badges
x64dbg is a good and open source debugger that is actively maintained.
7,44144 gold badges5959 silver badges7676 bronze badges
Sure, have a look at IDA Pro. They offer an eval version so you can try it out.
Douglas MayleDouglas Mayle
14.3k77 gold badges3939 silver badges5555 bronze badges
If you are just trying to figure out what a malware does, it might be much easier to run it under something like the free tool Process Monitor which will report whenever it tries to access the filesystem, registry, ports, etc..
Also, using a virtual machine like the free VMWare server is very helpful for this kind of work. You can make a 'clean' image, and then just go back to that every time you run the malware.
joeldjoeld
18.1k33 gold badges2323 silver badges2222 bronze badges
What you want is a type of software called a 'Disassembler'.
Quick google yields this: http://www.geocities.com/~sangcho/disasm.html
Chris Marasti-Georg
27.6k1515 gold badges8484 silver badges125125 bronze badges
Corey TragerCorey Trager
16.9k1414 gold badges7777 silver badges120120 bronze badges
You may get some information viewing it in assembly, but I think the easiest thing to do is fire up a virtual machine and see what it does. Make sure you have no open shares or anything like that that it can jump through though ;)
Rob ProuseRob Prouse
18.6k44 gold badges5454 silver badges8282 bronze badges
Andru LuvisiAndru Luvisi
20k66 gold badges4646 silver badges6161 bronze badges
I can't believe nobody said nothing about Immunity Debugger, yet.
Immunity Debugger is a powerful tool to write exploits, analyze malware, and reverse engineer binary files. It was initially based on Ollydbg 1.0 source code, but with names resoution bug fixed. It has a well supported Python API for easy extensibility, so you can write your python scripts to help you out on the analysis.
Exe To Au3 Decompiler
Also, there's a good one Peter from Corelan team wrote called mona.py, excelent tool btw.
jyzjyz
4,23533 gold badges2525 silver badges3434 bronze badges
If you want to run the program to see what it does without infecting your computer, use with a virtual machine like VMWare or Microsoft VPC, or a program that can sandbox the program like SandboxIE
Joel LucsyJoel Lucsy
7,68111 gold badge2424 silver badges3232 bronze badges
Free Exe Decompiler
If you have no time, submit the malware to cwsandbox:
HTH
plan9assemblerplan9assembler
Exe To Autoit Decompiler Windows 10
You can use dotPeek, very good for decompile exe file. It is free.
Do Nhu Vy
Exe To Au3 Decompiler OnlineDo Nhu Vy
20.4k1717 gold badges103103 silver badges144144 bronze badges
Autoit Decompile ExeNot the answer you're looking for? Browse other questions tagged debuggingwinapiassemblydecompiling or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |