How is this done?
How is this done?
de-compilers.
Why do you want to do this, as I suspect you'll not get clean results.
It is Inevitable.....
Have a read of:
http://www.netdecompiler.com/articles.html
Seems slightly misinformed. For instance it says that disassembly is a hard problem - it's not. Assembly is just a 1-to-1 mapping with actual opcodes, making disassembly trivial.
On the other hand decompilation is hard, and rarely gives satisfactory results.
I did a bit of googling after posting this (I'm not planning to illegally decompile but can those programs that muck up the look of the classes e.t.c. successfully stop de-compiling/reverse engineering)? I've since found a few apps.
Cheers
Matt1eD
P.S. Is it me or is that site really slow?
Depends what language you are trying to decompile. .NET is not restricted to a single language.
You won't be able to get variable names and such, and constructs like classes are often lost when decompiling.
Disassemblers use very complex methods to produce useful assembler listings. I used a few of them when disassembling various USB drivers to figure out why my USBHz driver wasn't able to do it's magic on XP. The assembler output provided did not match up between the various disassemblers although it did appear to be functionally the same.Originally Posted by Butcher
Disassembly of machine code programs (Ie. where most of the program is in assembly code specific to a CPU platform) and disassembly of .NET programs (Which are in MSIL [Microsoft Intermediate Language], a CPU platform independent pseudo-code) are two completely different concepts.
Because .NET programs are in MSIL, they can be "decompiled" back to human-readable code, with all classes, methods, properties and fields intact (Including their names, if obfuscation has not been applied [More on that later]. Local variable names, however, are lost). This is partly because .NET employs metadata which preserves all of this information, which is used for, among other things, reflection. Also, without this information, .NET would be unable to properly implement its security and garbage collection systems.
As for a decompilation program, I know of two - Reflector and Anakrino. Neither program is perfect, but Reflector is far more complete than Anakrino which, last time I checked, was little more than a beta version. Even so, Reflector isn't perfect (Some generated VB.NET code, if recompiled, will raise exceptions, specifically with regard to arrays), but even so, I use it on a near-daily basis. It is invaluable for finding out how .NET's system classes go about their inner workings.
As for preventing decompilation, it can't be done. As an alternative, several "obfuscation" programs have sprung up. These basically go through your compiled .NET program, renaming all classes, methods and properties to, usually, single-character names which are also as ambiguous as possible (Which does have the nice side-effect of making the program smaller). This makes it much more difficult to understand what a program is doing, which is already difficult enough without comments. For an example of this kind of obfuscation, have Reflector decompile itself (Yes, it's written in .NET) - it's very difficult to understand what it's doing. But then, that's the point.
Edit: A little more info on Reflector and Anakrino - both are freeware. Anakrino, last I checked, only generates C# code, while Reflector can display the raw MSIL opcodes, as well as C#, VB.NET or Delphi.NET generated code.
Last edited by eldren; 24-04-2005 at 12:48 AM.
Cheers eldren - has helped. Is it this? http://www.aisto.com/roeder/dotnet/ or Denis Bauer's version which the link is dead to!
Anyone tried this?
http://www.brouhaha.com/~eric/software/mocha/
The first link is correct. The first "Reflector" in my post is a link to the same page.
The second link is to a Java decompiler - don't think that's quite what you're looking for, unless you're looking for decompilers for platforms other than .NET.
Well just getting the raw opcodes is easy. The hard(er) part in assemblers is trying to work out function calls and other constructs within it. I guess you could call that disassembly, though to me it's more trying to interpret the disassembled code.Originally Posted by str
BTW - ida is the god of all disassemblers.![]()
There's a link!Originally Posted by eldren
![]()
indeedy; I'm more BASIC; then will move to Java and possibly C#
There are currently 1 users browsing this thread. (0 members and 1 guests)