457This chapter differs from the rest of this book in the sense that it does not dis-
cuss any practical reversing techniques, but instead it focuses on the inner
workings of one of the most interesting reversing tools: the decompiler. If you
are only interested in practical hands-on reversing techniques, this chapter is
not for you. It was written for those who already understand the practical
aspects of reversing and who would like to know more about how decompilers
translate low-level representations into high-level representations. I personally
think any reverser should have at least a basic understanding of decompilation
techniques, and if only for this reason: Decompilers aim at automating many of
the reversing techniques I’ve discussed throughout this book.
This chapter discusses both native code decompilation and decompilation
of bytecode languages such as MSIL, but the focus is on native code decompi-
lation because unlike bytecode decompilation, native code decompilation pre-
sents a huge challenge that hasn’t really been met so far. The text covers the
decompilation process and its various stages, while constantly demonstrating
some of the problems typically encountered by native code decompilers.
Native Code Decompilation: An Unsolvable Problem?
Compilation is a more or less well-defined task. A program source file is ana-
lyzed and is checked for syntactic validity based on (hopefully) very strict