the code-analysis stage. All that’s needed here is to determine the suitable lan-
guage construct and produce the code using the expression tree found in the
conditional statement (typically referred to as jcond). Again, unstructured
elements in the control flow graph that make it past the analysis stage are typ-
ically represented using gotostatements (think of an unconditional jump into
the middle of a conditional block or a loop).
Real-World IA-32 Decompilation
At this point you might be thinking that you haven’t really seen (or been able
to find) that many working IA-32 decompilers, so where are they? Well, the
fact is that at the time of writing there really aren’t that many fully functional
IA-32 decompilers, and it really looks as if this technology has a way to go
before it becomes fully usable.
The two native IA-32 decompilers currently in development to the best of
my knowledge are Andromeda and Boomerang. Both are already partially
usable and one (Boomerang) has actually been used in the recovery of real pro-
duction source code in a commercial environment [Emmerik2]. This report
describes a process in which relatively large amounts of code were recovered
while gradually improving the decompiler and fixing bugs to improve its out-
put. Still, most of the results were hand-edited to improve their readability,
and this project had a good starting point: The original source code of an older,
prototype version of the same product was available.
Conclusion
This concludes the relatively brief survey of the fascinating field of decompi-
lation. In this chapter, you have learned a bit about the process and algorithms
involved in decompilation. You have also seen some demonstrations of the
type of information available in binary executables, which gave you an idea on
what type of output you could expect to see from a cutting-edge decompiler.
It should be emphasized that there is plenty more to decompilation. I have
intentionally avoided discussing the details of decompilation algorithms to
avoid turning this chapter into a boring classroom text. If you’re interested in
learning more, there are no books that specifically discuss decompilation at the
time of writing, but probably the closest thing to a book on this topic is a PhD
thesis written by Christina Cifuentes, Reverse Compilation Techniques[Cifuentes2].
This text provides a highly readable introduction to the topic and describes in
detail the various algorithms used in decompilation. Beyond this text most of
the accumulated knowledge can be found in a variety of research papers on
this topic, most of which are freely available online.
Decompilation 477