Is it possible to “decompile” a Windows .exe? Or at least view the Assembly?

With a debugger you can step through the program assembly interactively.
With a disassembler, you can view the program assembly in more detail.
With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD – if the program is packed, you’ll have to unpack it first OR Detect-it-Easy if you can’t find PEiD anywhere. DIE has a strong developer community on github currently).

Debuggers:

  • OllyDbg, free, a fine 32-bit debugger, for which you can find numerous user-made plugins and scripts to make it all the more useful.
  • WinDbg, free, a quite capable debugger by Microsoft. WinDbg is especially useful for looking at the Windows internals, since it knows more about the data structures than other debuggers.
  • SoftICE, SICE to friends. Commercial and development stopped in 2006. SoftICE is kind of a hardcore tool that runs beneath the operating system (and halts the whole system when invoked). SoftICE is still used by many professionals, although might be hard to obtain and might not work on some hardware (or software – namely, it will not work on Vista or NVIDIA gfx cards).

Disassemblers:

  • IDA Pro(commercial) – top of the line disassembler/debugger. Used by most professionals, like malware analysts etc. Costs quite a few bucks though (there exists free version, but it is quite quite limited)
  • W32Dasm(free) – a bit dated but gets the job done. I believe W32Dasm is abandonware these days, and there are numerous user-created hacks to add some very useful functionality. You’ll have to look around to find the best version.

Decompilers:

  • Visual Basic: VB Decompiler, commercial, produces somewhat identifiable bytecode.
  • Delphi: DeDe, free, produces good quality source code.
  • C: HexRays, commercial, a plugin for IDA Pro by the same company. Produces great results but costs a big buck, and won’t be sold to just anyone (or so I hear).
  • .NET(C#): dotPeek, free, decompiles .NET 1.0-4.5 assemblies to C#. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files.

Some related tools that might come handy in whatever it is you’re doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).

Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.

Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.

Also, remember that disassembling or even debugging other people’s software is usually against the EULA in the very least 🙂

Related Posts:

  1. How can I write to the console in PHP?
  2. Paused in debugger in chrome?
  3. Check if object exists in JavaScript
  4. R debugging: “only 0’s may be mixed with negative subscripts”
  5. Fixing Segmentation faults in C++
  6. GDB no such file or directory
  7. What is between ESP and EBP?
  8. How do I debug “Error: spawn ENOENT” on node.js?
  9. Swift: print() vs println() vs NSLog()
  10. Difference between masm32 and masm?
  11. What is a stack trace, and how can I use it to debug my application errors?
  12. How to decompile an APK or DEX file on Android platform? [closed]
  13. What do I do when my program crashes with exception 0xc0000005 at address 0?
  14. What is w3wp.exe?
  15. assembly “mov” instruction
  16. How to track down a “double free or corruption” error
  17. Chrome: Uncaught SyntaxError: Unexpected end of input
  18. Assembly code vs Machine code vs Object code?
  19. Understanding how `lw` and `sw` actually work in a MIPS program
  20. What’s the purpose of the LEA instruction?
  21. need help understanding the movzbl call in this function
  22. How to move ST(0) to EAX?
  23. How to extract C source code from .so file?
  24. WMI processor SerialNumber not found (To Be Filled By O.E.M.)
  25. What’s the purpose of the LEA instruction?
  26. The difference between cmpl and cmp
  27. Unfortunately MyApp has stopped. How can I solve this?
  28. Python Setup Disabling Path Length Limit Pros and Cons?
  29. MIPS: lw (load word) instruction
  30. PHP parse/syntax errors; and how to solve them
  31. What is a Windows Kernel Driver?
  32. What is the function of the push / pop instructions used on registers in x86 assembly?
  33. What does LPCWSTR stand for and how should it be handled with?
  34. What is callq instruction?
  35. What does the BEQ instruction do exactly?
  36. What’s the size of a QWORD on a 64-bit machine?
  37. Can I output a one channel image acquired from camera into a winAppi window?
  38. What does “Size in TCHARs” means?
  39. What does CreateFile(“CONIN$” ..) do?
  40. MIPS assembly for a simple for loop
  41. Difference between JA and JG in assembly
  42. Undefined reference to class constructor, including .cpp file fixes
  43. While, Do While, For loops in Assembly Language (emu8086)
  44. mips .word function and differences between 2 codes
  45. Why doesn’t there exists a subi opcode for MIPS?
  46. When is SeTcbPrivilege used? (“Act as part of the operating system.)
  47. How do I remedy “The breakpoint will not currently be hit. No symbols have been loaded for this document.” warning?
  48. How do you decompile a swf file
  49. Console.log not working at all
  50. IDIV operation in assembly (understanding)
  51. General way of solving Error: Stack around the variable ‘x’ was corrupted
  52. Convert C program into assembly code
  53. Is there a Visual Basic 6 decompiler?
  54. Connecting to Git team provider failed
  55. lc3 LDR instruction and the value stored
  56. What is the difference between la and li in opcodes in MIPS?
  57. movq assembly function
  58. What does movslq do?
  59. ImportError: no module named win32api
  60. Debug assertion failed
  61. Bubble sort algorithm in MIPS
  62. What are .S files?
  63. Is it possible to decompile a compiled .pyc file into a .py file?
  64. How do I correctly use the mod operator in MIPS?
  65. explanation about push ebp and pop ebp instruction in assembly
  66. what is the use of ori in this part of MIPS code?
  67. x86 assembly: How does the ‘subl’ command work in AT&T syntax
  68. Valgrind complains with “Invalid write of size 8”
  69. what does the cmpq instruction do?
  70. xorl %eax – Instruction set architecture in IA-32
  71. Undefined reference to class constructor, including .cpp file fixes
  72. Assembly addq clarification
  73. Which variable size to use (db, dw, dd) with x86 assembly?
  74. Assembly x86 – “leave” Instruction
  75. How do AX, AH, AL map onto EAX?
  76. JNZ & CMP Assembly Instructions
  77. Assembly language (MIPS) difference betweent addi and add
  78. What exactly is the scope of Access Violation ‘0xc0000005’?
  79. What is the difference between MOV and LEA?
  80. MIPS Address out of range (MARS)
  81. How to change already compiled .class file without decompile?
  82. How do I compile the asm generated by GCC?
  83. How to decompile an android app from the google play store
  84. What is the source of the data for the ProgramFiles, ProgramW6432Dir, ProgramFilesDir (x86), CommonProgramFiles environment variables?
  85. `testl` eax against eax?
  86. sorting array in mips (assembly)
  87. Difference between JE/JNE and JZ/JNZ
  88. what is a file handle and where it is useful for a programmer?
  89. Trim a string in C [duplicate]
  90. Multiplication by a power of 2 using Logical shifts in MIPS assembly
  91. Convert from Java to MIPS
  92. what does the the dword operand do in assembly
  93. Understanding Assembly MIPS .ALIGN and Memory Addressing
  94. error A2022: instruction operands must be the same size
  95. What’s the difference between a word and byte?
  96. Assembly Language – How to do Modulo?
  97. What is the jmpq command doing in this example
  98. -Error reading characters of string
  99. What does bx lr do in ARM assembly language?
  100. `js` and `jb` instructions in assembly

Leave a Comment