From Collaborative RCE Tool Library

Jump to: navigation, search

Decompilers


Tool name: P32DASM
Rating: 5.0 (1 vote)
Author: DARKER                        
Website: http://progress-tools.110mb.com/p32dasm.html
Current version: 2.5
Last updated: June 14, 2009
Direct D/L link: http://progress-tools.110mb.com/p32dasm.zip
License type: Free
Description: P32Dasm is a Visual Basic 5.0/6.0 PCode + Native code Decompiler. It can generate String, Numbers, Objects, Import and Export function listing. There is also Jump calculator. For VB Native code executables are generated only MSVBVM, External calls and string references. Usefull for setting BPX, you don't need search in debugger where start some Command Button event. You can generate .map files, which you can import to DataRescue IDA (LoadMap plugin) or to Olly Debugger (MapConv plugin).
Also listed in: Disassemblers, Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Reflector for .NET
Rating: 5.0 (1 vote)
Author: Lutz Roeder (current owner Red Gate Software)                        
Website: http://www.red-gate.com/products/reflector
Current version: 5.1.4.0
Last updated: July 18, 2009
Direct D/L link: http://downloads.red-gate.com/reflector.zip
License type: Free
Description: From website:

"Reflector is a very powerful class browser, explorer, analyzer and documentation viewer for .NET. Reflector allows to easily view, navigate, search, decompile and analyze .NET assemblies in C#, Visual Basic and IL."

This is one of the most powerful .NET decompilers that you can't buy - just download :)
Many of the popular commercial tools achieving the same goal "suddenly" got a boost when this masterpiece of work saw a daylights (and besides that those are commercial, still have hard time with obfuscators).

Just give it a try, it will last literally five minutes - load some well known assembly of yours, choose target .NET language (!) and let'em work. Then compare it with the original.

You'll surely not forget this one.
Also listed in: .NET Decompilers, .NET Disassemblers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DeDe
Rating: 4.0 (1 vote)
Author: DaFixer                        
Website: http://dafixer.cjb.net
Current version: 3.50.04 (build 1635)
Last updated: June 25, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: DeDe is a very fast application that allows you to analyze executables compiled with Delphi 2,3,4,5,6,7, C++ Builder, Kylix and Kol, and gives you the following:

· All .dfm files of the target. You will be able to open and edit them with Delphi.
· All published methods in well commented ASM code with references to strings, imported function calls, classes methods calls, components in the unit, Try-Except and Try-Finally blocks. (By default DeDe retrieves only the published methods sources, but you may also process another procedure in a executable if you know the RVA offset using the Tools->Disassemble Proc menu.)
· A lot of additional information the files.
· You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas files contains the mentioned above well commented ASM code. They can not be recompiled !

You can also:
· View the PE Header of all PE Files and change/edit the sections flags.
· Use the opcode-to-asm tool for translating intel opcode to assembler.
· Use RVA-to-PhysOffset tool for fast converting physical and RVA addresses.
· Use the DCU Dumper (view dcu2int.txt for more details) to retrieve near to pascal code of your DCU files.
· Use BPL(DPL) Dumper to see BPL exports and create symbol files to use with DeDe disassembler.
· Disassemble a target EXE directly from memory in case of a packed exe.

------------
NOTE:
The original site seems to be gone (or at least DeDe seems to be gone from it).
The locally archived copy here in this CRCETL entry only has the 3.10 source (it has the most recent(?) 3.50.04 build 1635 binary though). If you have access to any later source code version than 3.10, please upload it here.
Also listed in: Delphi Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Boomerang
Rating: 3.0 (1 vote)
Author: The Boomerang Decompiler Project                        
Website: http://boomerang.sourceforge.net/
Current version: 0.3.1
Last updated: 2006
Direct D/L link: N/A
License type: Free / Open Source
Description: A general, open source, retargetable decompiler of machine code programs.

This project is an attempt to develop a real decompiler for machine code programs through the open source community. A decompiler takes as input an executable file, and attempts to create a high level, compilable, possibly even maintainable source file that does the same thing. It is therefore the opposite of a compiler, which takes a source file and makes an executable. However, a general decompiler does not attempt to reverse every action of the decompiler, rather it transforms the input program repeatedly until the result is high level source code. It therefore won't recreate the original source file, probably nothing like it. It does not matter if the executable file has symbols or not, or was compiled from any particular language. (However, declarative languages like ML are not considered.)

The intent is to create a retargetable decompiler (i.e. one that can decompile different types of machine code files with modest effort, e.g. X86-windows, sparc-solaris, etc). It was also intended to be highly modular, so that different parts of the decompiler can be replaced with experimental modules. It was intended to eventually become interactive, a la IDA Pro, because some things (not just variable names and comments, though these are obviously very important) require expert intervention. Whether the interactivity belongs in the decompiler or in a separate tool remains unclear.

By transforming the semantics of individual instructions, and using powerful techniques such as Static Single Assignment dataflow analysis, Boomerang should be (largely) independent of the exact behaviour of the compiler that happened to be used. Optimisation should not affect the results. Hence, the goal is a general decompiler.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Coddec
Rating: 0.0 (0 votes)
Author: Dr Bolsen                        
Website: http://drbolsen.wordpress.com/2008/07/14/coddec-released
Current version:
Last updated: April 7, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Decompiler for Blackberry executables (COD files), includes source.
Also listed in: BlackBerry Tools, Mobile Platform Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DE Decompiler
Rating: 0.0 (0 votes)
Author: GPcH Soft                        
Website: http://www.de-decompiler.com
Current version: 2.0 (updated)
Last updated: July 18, 2008
Direct D/L link: Locally archived copy
License type: Commercial (with demo)
Description: DE Decompiler is the unique solution for decompiling the Delphi generated programs (EXE, DLL, OCX). As you know the Delphi programs is the native win32 executable files.

DE Decompiler restores most parts of the compiled code and helps you to recover most parts of the lost sources. It contans the powerful disassembler which supports Pentium Pro commands including MMX and SSE extensions. Also it has a useful smart assembler code emulation engine. The build-in disassembler allows you to disassemble a lots of functions and represents it in semi-decompiled mode. DE Decompiler has a wonderful code analyzer which makes your work easy and fast. In addition to all it can search for all the API function's calls and the string references in the disassembled code and comment them out for analyzed strings.

If you lost your source codes - DE Decompiler save your time and helps you to restore it.

In general, DE Decompiler is the ideal tool for analyzing programs and it is perfect if you lose your source code and need to partially restore the project.
Also listed in: Delphi Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Desquirr - Decompiler Plugin for IDA Pro
Rating: 0.0 (0 votes)
Author: David Eriksson                        
Website: http://desquirr.sourceforge.net/desquirr/
Current version: 20070130 (desquirr-20070130-bin-ida_v5_0.zip)
Last updated: November 13, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Desquirr is a decompiler plugin for IDA Pro.

Desquirr currently consists of a little more than 5000 lines of C++ code, not counting empty lines or lines beginning with comments

Read the Master Thesis at http://desquirr.sourceforge.net/desquirr/desquirr_master_thesis.pdf
Also listed in: IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ExeToC Decompiler
Rating: 0.0 (0 votes)
Author: bookaa                        
Website: http://sourceforge.net/projects/exetoc/
Current version:
Last updated: May 23, 2005
Direct D/L link: N/A
License type: Free / Open Source
Description: Decompile win32 programs and DLLs to C++ step by step. Allows some interactivity. Main functions already work:

* Supports if/else/for/do/while/break/switch case/continue
* Supports API
* Supports C++ head file load
* Supports standard library function recognize.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hex-Rays
Rating: 5.0 (3 votes)
Author: Hex-Rays sprl (Ilfak Guilfanov)                        
Website: http://www.hex-rays.com
Current version: 1.0
Last updated: September 17, 2007
Direct D/L link: N/A
License type: Commercial (IDA Pro plugin)
Description: Hex-Rays is created by Ilfak Guilfanov, famous author of IDA Pro. It is a commercial IDA Pro plugin, and aims to be the best decompiler ever created.
Also listed in: IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: myAut2Exe
Rating: 0.0 (0 votes)
Author: cw2k                        
Website: http://myauttoexe.angelfire.com/index2.html
Current version: 2.07
Last updated: July 18, 2009
Direct D/L link: http://myauttoexe.angelfire.com/myAutToExe2_07_AutoIt3_Decompiler_opensource.zip
License type: Open Source
Description: AutoIT Script Decompiler
Also listed in: Installer Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Orca
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: http://msdn2.microsoft.com/en-us/library/aa370557(VS.85).aspx
Current version:
Last updated:
Direct D/L link: http://www.microsoft.com/downloads/details.aspx?FamilyId=C2B1E300-F358-4523-B479-F53D234CDCCF&displaylang=en
License type: Proprietary
Description: Orca is a database table editor for creating and editing Windows Installer packages and merge modules. The tool provides a graphical interface for validation, highlighting the particular entries where validation errors or warnings occur.

This tool is only available in the Windows SDK Components for Windows Installer Developers. It is provided as an Orca.msi file. After installing the Windows SDK Components for Windows Installer Developers, double click Orca.msi to install the Orca.exe file.
Also listed in: Installer Decompilers, Installer Extraction Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RACEVB6
Rating: 0.0 (0 votes)
Author: Sarge                        
Website: http://www.racevb6.com
Current version: 4.4
Last updated: June 9, 2008
Direct D/L link: http://www.racevb6.com/RaceEx6_4_4.zip
License type: Free
Description: RACEVB6 is a Visual Basic 6 P-Code analyzer. RACEVB6 can be used to investigate Visual Basic 6 programs compiled to P-Code. RACEVB6 will display not only such typical information as Project data and Form/Control GUI data, but will also make available Procedures names and offsets, their accompanying P-Code opcodes, extract any Pictures or Images contined within the program, and many other pieces of "buried" data.
Also listed in: Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RecStudio
Rating: 0.0 (0 votes)
Author: Backer Street Software                        
Website: http://www.backerstreet.com/rec/rec.htm
Current version: 2.2
Last updated: July 2, 2007
Direct D/L link: http://www.backerstreet.com/rec/rec22.zip
License type: Free
Description: REC is a portable reverse engineering compiler, or decompiler.

It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.
It is portable because it has been designed to read files produced for many different targets, and it has been compiled on several host systems.

RecStudio offers a modern user interface to REC's interactive mode.
A command line version is still available for Linux and Solaris hosts.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: uncc
Rating: 0.0 (0 votes)
Author: littlejohn / megabug                        
Website: http://www.reteam.org/tools.html
Current version: 0.1.0
Last updated:
Direct D/L link: http://www.reteam.org/tools/tf14.zip
License type: Free
Description: C decompiler
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VB Decompiler
Rating: 0.0 (0 votes)
Author: GPcH Soft                        
Website: http://www.vb-decompiler.org
Current version: 7.6
Last updated: July 12, 2009
Direct D/L link: http://www.vb-decompiler.org/files/vb_decompiler_lite.zip
License type: Shareware
Description: VB Decompiler is decompiler for programs (EXE, DLL or OCX) written in Visual Basic 5.0/6.0. As you know, programs in Visual Basic can be compiled into interpreted p-code or into native code.

Since p-code consists of high-level commands, there is a real possibility to decompile it into the source code (of course, the names of variables, functions, etc. will not be decompiled). VB Decompiler restores many p-code instructions and although there is a long way to the generation of the source code that can be compiled, the decompiler will make analyzing the program algorithm much easier and partially restore its source code.

If a program was compiled into the native code, restoring the source code from machine instructions is not possible. But VB decompiler can help to analyze the program even in this situation as well. It contains a powerful disassembler that supports Pentium Pro commands including MMX and SSE. It allows you to disassemble all functions. There is also a code analyzer that searches for all API function calls and string references in the disassembled code and changes them into comments for analyzed strings. In general, VB Decompiler is an ideal tool for analyzing programs and it is perfect if you lose the source code and need to partially restore the project.
Also listed in: Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VBReFormer
Rating: 0.0 (0 votes)
Author: Sylvain Bruyere                        
Website: http://www.decompiler-vb.net
Current version:
Last updated:
Direct D/L link: Locally archived copy
License type: Shareware
Description: Good VB decompiler.

The attached older trial version (3.7) was the last demo version of VBReformer that allowed changes to be re-compiled, although it is a decompiler of dubious worth, it's main useful purpose that I have found is in changing forms and dialog boxes - enabling grayed out functions, inserting text and enabling non working functions - it only will work with native VB apps it will not work with P-code, I've found it more useful than Olly and Smartcheck for instance you MAY be able to disable a serial number check. As you work with it you'll appreciate it's simplicity. Oh, and it will default to install in French, but the language can be changed under the "Fichier" menu.
Also listed in: Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Whiskey Kon Tequilla VB P-Code Debugger
Rating: 0.0 (0 votes)
Author: WKT Team                        
Website: N/A
Current version: 1.3e
Last updated: Around 2001
Direct D/L link: Locally archived copy
License type: Free
Description: Also known as "WKT Debugger".

At the time it showed up, the one and only P-Code disassembler / debugger mankind was able to use.

Before it, debugging of the P-Code (Runtime interpreted Pseudo-VB code) with ordinary disassemblers / debuggers was really pain in your neck. This one saved me a lot of time, and probably helped postpone my deportation to the psychiatric research facility.
Also listed in: Disassemblers, Visual Basic Debuggers, Visual Basic Decompilers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 4 subcategories to this category.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:Decompilers"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (176)
   Categorized by Tool Type  (973)
   Anti Anti Test Tools  (15)
   Assemblers  (15)
   Code Coverage Tools  (12)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Data Extraction Tools  (19)
   Debuggers  (42)
   Decompilers  (20)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (29)
   Disassemblers  (45)
   Dongle Analysis Tools  (24)
   Exe Analyzers  (31)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (15)
   Hardware Reversing Tools  (24)
   Hex Editors  (12)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (12)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (110)
   Network Tools  (15)
   PE Executable Editors  (78)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (135)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (17)
   Unpacking Tools  (58)
   Needs New Category  (1)