See the answer above, but generally the compiled binary does not include variable and function names. If not, would reverse engineered code have identifiers which look something like var001, var002, proc001, proc002, etc? For the most part it's only machine code. On the other hand, you will have a really hard time doing the same with an application written in C, compiled without debug info, as the meta information is simply not there. NET framework will contain a lot of meta information all over the place (in the binary, and PDB files, generated XML docs.) by default, and most of the time it is possible to restore the original source code from the binary if it's not obfuscated. I would suggest looking into debug symbols, and PDB files.įor example, applications written in. NET), compiler settings (include debug information or not), target platform. While your questions are pretty broad, I'll try my best to answer.Īre the identifiers (procedure names, variable names, object names, etc.) somehow preserved in compiled machine code?Īs far as I know this depends on many factors, including the original code language (e.g. hard to reverse engineer) executables? Even more in detail, how does (Object)Pascal compare to C in this regard? Now I am wondering, could it be that the programmer used variable/procedure/object names in Mandarin Chinese and these were preserved in the machine code? Or how else could the researchers tell?Ģ) are comments totally ignored during the compiling process? Or, again, could some comment text end up in the machine code?ģ) when researchers find that a virus contains some signature intentionally left by its creator, do they mean humanly readable plaintext that can be seen with and hex editor? Or what else?Ĥ) what compiled programming languages produce the most obfuscated (i.e. I will be thankful to anyone who helps me out.ġ) are the identifiers (procedure names, variable names, object names, etc.) somehow preserved in compiled machine code? If not, would reverse engineered code have identifiers which look something like var001, var002, proc001, proc002, etc? As a side note, I remember reading in an article that some security experts reverse engineered a trojan and found out that it had been written by someone whose language was Mandarin Chinese. In this thread I will only ask the specific questions. Some of my questions are specific, other more open ended. I have several questions regarding reverse engineering of executable binaries (compiled machine code).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |