Hello FreeCalypso community, Do we have anyone here who is knowledgeable about the current state of the art (and the state of readily available tools) in realm of static reversing of Windows executable binaries? Right now I (and FC project) could really benefit from a Windows binary decompiler - but let me explain more specifically what is needed.
In the days of Calypso and LoCosto, the part of TI that was previously Condat had a tool called ccdgen. This tool reads a bunch of ASCII text files in their own ad hoc language/format, performs some business logic on the data, and then produces other ASCII text files (mostly C headers, but seems to be capable of other output formats in other modes of operation) as its output. The problem is that the source for this ccdgen tool has been lost, and the only surviving form is a Windows executable binary named ccdgen.exe - a Win32 console app that runs just fine under Wine. Running strings on this binary, I see that it was built with MS Visual C++ - but my general knowledge of how the GSM Skunkworks division of TI/Condat worked strongly suggests that the program was most likely written in plain C (C++ unlikely, but most proprietary compilers including M$ have C++ in their name, even if only C is actually used), and I also have every good reason to believe that it was a "pure" ANSI C program, without any Windows specifics at the source level, i.e., unlikely to have used any Windows-specific headers or made any Win32 API calls. I have every reason to believe that in its source form, ccdgen used only fopen() followed by stdio functions, and it is the compiler's run-time library turning this stdio into Win32 system calls. This ccdgen.exe binary weighs 262144 bytes, and does not show any signs of obfuscation - the problem we are dealing with is purely one of lost source code, NOT the kind of obfuscation (packers etc) that security- oriented reversers typically have to deal with. Thus it appears to me that the problem we have on our hands is exactly the kind for which automated decompiler tools should be best suited. Hence my question to those who are more familiar with the "mainstream" world of static reversing: are there any readily available Windows exe decompilers that can turn the whole exe into recompilable C? Obviously all original function and variable names have been lost, thus the output of the decompiler can only contain functions and variables with meaningless auto-generated names, but can a decompiler produce an output that can be fed to a new C compiler, producing a new executable that will function like the original? My hesitation comes from having passively observed the work of other reversers in the past, and their workflow tends to be very different from what I am seeking to do. It seems to me that the most common static RE tools (IDA, Ghidra) operate interactively with GUIs, not batch like I am seeking, and when reversers invoke the decompiler function, the output is intended for human understanding, rather than to be fed to a new run of a standard C compiler. Are there any decompilers that operate differently? Are there any decompilers that can be run in batch mode on a whole exe, as opposed to manually looking at individual functions in a GUI? And can they produce output that is valid C, suitable to be fed to a new run of a different standard C compiler? It also appears that libc functions like stdio are linked statically into the exe binary, thus the decompiler will need to be smart enough to recognize those standard compiler run-time library functions and exclude them from deeper analysis: for example, recognize calls to fopen() and call it fopen(), rather than trying to decompile the bodies of MSVC functions that implement stdio in terms of Win32. Are any readily available decompilers smart enough to recognize such standard boilerplate? The binary in question is here: https://www.freecalypso.org/hg/fc-tourmaline/raw-file/tip/winexe/ccdgen.exe and here is the standard invokation, serving as an example of how it functions: https://www.freecalypso.org/hg/fc-tourmaline/file/tip/cdg-hybrid/makecdg.sh If anyone in our community (Das Signal maybe?) can take this exe and produce the desired decompilation (i.e., produce a C source that can be fed to a new compiler - e.g., native Linux gcc - yielding a new executable program that functions like the original ccdgen, even if all names in that generated C "source" are meaningless), that would be awesome! But even if no one in our community can actually do it, if anyone has pointers in the right direction, those would be helpful too. Hasta la Victoria, Siempre, Mychaela aka The Mother _______________________________________________ Community mailing list Community@freecalypso.org https://www.freecalypso.org/mailman/listinfo/community