Decompilation - reality or myth
I like technical challenges, internals details and hard to do techniques. I guess it broadens the mind. I have always said that to know how to secure an Oracle database you must think like a hacker, know hacker techniques but also know other things, not just security, such as programming, all the database features, security techniques and more, just be curious.
Back to decompilation. Decompilation generally falls into two categories, the first where source code retrieval is needed and the second where the goal is to undertand parts of the program or the whole in a high level language such as C but where complete original source code recovery is not needed. Its generally understood that for binary decompilation complete source recovery is impossible because the compiler removes information as it does its work, two examples are the loss of variable names and the optimizer can alter the original function of the code.
For some languages complete decompilation and source code recovery is possible, the PL/SQL language for instance at least to 9i via the wrapped file it is possible to completely recover the source code as this was one of the intended design features of DIANA. Java is the same, even the Sun compilr includes a decompiler in its suite and free tools such as Jad are available.
For binary decompilation its much harder, for a start the original high level language may not be know, it could be C, C++, Delphi, compiled VB, even Assembler or combinations of these languages and many more. There have been a few reasonably successful tools written over the years, including DCC, REC and more recently the open source Boomerang.
The most interesting aspect is the idea to decompile to understandable C or C++ irrespective of the original source language and also ignoring the fact that variable names have been lost. Combining these ideals with a tool like IDA Pro makes for a very powerful reverse engineering tool. I was very interested to see that Ilfak Guilfanov, famous for writing IDA Pro has been working on a decompiler plugin for IDA that is in closed beta at the moment but will be released as a seperate product in the future. An entry in his blog titled "Decompilation gets real" gives a good taster as does an example on the documentation (limited) - in a page titled http://www.hexblog.com/hexrays/manual/primer.html - (broken link) Hex-Rays Decompiler - Quick primer shows a much longer better example of how it will work. Lets hope Datarescue make it available soon!