Sign Up

Have an account? Sign In Now

Sign In

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Have an account? Sign In Now

You must login to ask question.

Forgot Password?

Need An Account, Sign Up Here

You must login to add post.

Forgot Password?

Need An Account, Sign Up Here

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Passionable Logo Passionable Logo
Sign InSign Up

Passionable

Passionable Navigation

  • Home
  • About Us
  • Blog
  • Contact Us
Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Add group
  • Groups page
  • Feed
  • User Profile
  • Communities
  • Questions
  • Polls
  • Tags
  • Badges
  • Buy Points
  • Users
  • Help
  • New Questions
  • Trending Questions
  • Must read Questions
  • Hot Questions
Home/ Questions/Q 7683
In Process
Alek Richter
  • 0
Alek RichterEnlightened
Asked: December 27, 20212021-12-27T05:24:04+00:00 2021-12-27T05:24:04+00:00

Is it possible to “decompile” a Windows .exe? Or at least view the Assembly?

  • 0

A friend of mine downloaded some malware from Facebook, and I’m curious to see what it does without infecting myself. I know that you can’t really decompile an .exe, but can I at least view it in Assembly or attach a debugger?

Edit to say it is not a .NET executable, no CLI header.

  • 1 1 Answer
  • 3 Views
  • 0 Followers
  • 0
    • Report
  • Share
    Share
    • Share on Facebook
    • Share on Twitter
    • Share on LinkedIn
    • Share on WhatsApp

1 Answer

  • Voted
  • Oldest
  • Recent
  • Random
  1. Alek Richter Enlightened
    2021-12-27T05:24:26+00:00Added an answer on December 27, 2021 at 5:24 am

    With a debugger you can step through the program assembly interactively.
    With a disassembler, you can view the program assembly in more detail.
    With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD – if the program is packed, you’ll have to unpack it first OR Detect-it-Easy if you can’t find PEiD anywhere. DIE has a strong developer community on github currently).
    Debuggers:

    OllyDbg, free, a fine 32-bit debugger, for which you can find numerous user-made plugins and scripts to make it all the more useful.
    WinDbg, free, a quite capable debugger by Microsoft. WinDbg is especially useful for looking at the Windows internals, since it knows more about the data structures than other debuggers.
    SoftICE, SICE to friends. Commercial and development stopped in 2006. SoftICE is kind of a hardcore tool that runs beneath the operating system (and halts the whole system when invoked). SoftICE is still used by many professionals, although might be hard to obtain and might not work on some hardware (or software – namely, it will not work on Vista or NVIDIA gfx cards).

    Disassemblers:

    IDA Pro(commercial) – top of the line disassembler/debugger. Used by most professionals, like malware analysts etc. Costs quite a few bucks though (there exists free version, but it is quite quite limited)
    W32Dasm(free) – a bit dated but gets the job done. I believe W32Dasm is abandonware these days, and there are numerous user-created hacks to add some very useful functionality. You’ll have to look around to find the best version.

    Decompilers:

    Visual Basic: VB Decompiler, commercial, produces somewhat identifiable bytecode.
    Delphi: DeDe, free, produces good quality source code.
    C: HexRays, commercial, a plugin for IDA Pro by the same company. Produces great results but costs a big buck, and won’t be sold to just anyone (or so I hear).
    .NET(C#): dotPeek, free, decompiles .NET 1.0-4.5 assemblies to C#. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files.

    Some related tools that might come handy in whatever it is you’re doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).

    Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.

    Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.

    Also, remember that disassembling or even debugging other people’s software is usually against the EULA in the very least 🙂

    • 0
    • Reply
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
      • Share on WhatsApp
      • Report
Leave an answer

Leave an answer
Cancel reply

Browse

Sidebar

Ask A Question

Stats

  • Questions 4k
  • Answers 4k
  • Best Answers 0
  • Users 200
  • Popular
  • Answers
  • Alek Richter

    When does a process get SIGABRT (signal 6)?

    • 2 Answers
  • Alek Richter

    How do I add sockets to an item?

    • 2 Answers
  • Alek Richter

    Dialog throwing "Unable to add window — token null is ...

    • 2 Answers
  • Alek Richter
    Alek Richter added an answer Pandas DataFrame columns are Pandas Series when you pull them… January 13, 2022 at 2:21 pm
  • Alek Richter
    Alek Richter added an answer The handshake failure could have occurred due to various reasons:… January 13, 2022 at 2:19 pm
  • Alek Richter
    Alek Richter added an answer Mac OS X doesn't have apt-get. There is a package… January 13, 2022 at 2:18 pm

Top Members

Alek Richter

Alek Richter

  • 4k Questions
  • 1k Points
Enlightened
fayemolloy0

fayemolloy0

  • 0 Questions
  • 20 Points
Begginer
NikolaZex

NikolaZex

  • 0 Questions
  • 20 Points
Begginer

Trending Tags

questin question

Explore

  • Home
  • Add group
  • Groups page
  • Communities
  • Questions
  • Polls
  • Tags
  • Badges
  • Users
  • Help
  • New Questions
  • Trending Questions
  • Must read Questions
  • Hot Questions

© 2021 Passionable. All Rights Reserved

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.