是否有可能＆QUOT;编译＆QUOT; Windows的.exe？或者至少查看大会？ [英] Is it possible to "decompile" a Windows .exe? Or at least view the Assembly?

问题描述

我的一个朋友下载了来自Facebook的一些恶意软件，我很好奇，想看看它不会感染自己。我知道你不能真正反编译的.exe，但我至少可以认为它在大会或附加调试？

A friend of mine downloaded some malware from Facebook, and I'm curious to see what it does without infecting myself. I know that you can't really decompile an .exe, but can I at least view it in Assembly or attach a debugger?

编辑说这不是一个.NET的可执行文件，没有CLI的头。

Edit to say it is not a .NET executable, no CLI header.

推荐答案

随着调试器您可以通过该计划组装步骤交互。

凭借拆装，您可以更详细地查看程序集。

凭借反编译，您可以打开一个程序回到部分源$ C ​​$ C，假设你知道它是写在（你可以找到各种免费工具，如的 PEID - 如果程序是挤满，你必须先解压缩）

With a debugger you can step through the program assembly interactively.
With a disassembler, you can view the program assembly in more detail.
With a decompiler, you can turn a program back into partial source code, assuming you know what it was written in (which you can find out with free tools such as PEiD - if the program is packed, you'll have to unpack it first).

• OllyDbg的，自由，罚款调试，为此，你可以找到许多用户自制的插件和脚本，使这一切更有用的。


• 的WinDbg，免费，由微软完全能够调试。 WinDbg的是在看Windows内部尤其有用，因为它更了解比其他调试程序的数据结构。


• SoftICE的，SICE朋友。商业和停止发展在2006年SoftICE的是那种操作系统下运行（和调用时停止整个系统）一个铁杆的工具。 SoftICE中仍然被许多专业人士，虽然可能很难获得，可能无法在某些硬件上工作（或软件 - 即，它不会在Vista或NVIDIA GFX显卡工作）。

• OllyDbg, free, a fine debugger, for which you can find numerous user-made plugins and scripts to make it all the more useful.
• WinDbg, free, a quite capable debugger by Microsoft. WinDbg is especially useful for looking at the Windows internals, since it knows more about the data structures than other debuggers.
• SoftICE, SICE to friends. Commercial and development stopped in 2006. SoftICE is kind of a hardcore tool that runs beneath the operating system (and halts the whole system when invoked). SoftICE is still used by many professionals, although might be hard to obtain and might not work on some hardware (or software - namely, it will not work on Vista or NVIDIA gfx cards).

• IDA专业版，行反汇编/调试器的商业，顶部。大多数专业人士，例如恶意软件分析师等使用成本相当多的钱，但。


• W32Dasm,免费，有点过时，但能够完成任务。我相信W32DASM是放弃的这些天，并且有许多用户创建黑客添加一些非常有用的功能。你必须环顾找到最好的版本。

• IDA Pro, commercial, top of the line disassembler/debugger. Used by most professionals, like malware analysts etc. Costs quite a few bucks though.
• W32Dasm, free, a bit dated but gets the job done. I believe W32Dasm is abandonware these days, and there are numerous user-created hacks to add some very useful functionality. You'll have to look around to find the best version.

• 的Visual Basic： VB的反编译，商业，生产有所识别的字节code


• 德尔福：<一href=\"http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/DeDe.shtml\">DeDe,免费，生产质量好的源$ C ​​$ C。


• C： HexRays ，商业，国际开发协会由同一家公司临插件。产生很大的成绩，但成本大降压，不会卖给任何人只（或让我听到）。


• .NET（C＃）： dotPeek ，自由，反编译.NET程序集1.0-4.5为C＃。为.DLL，.EXE，.ZIP，.vsix，.nupkg和.winmd文件的支持。

• Visual Basic: VB Decompiler, commercial, produces somewhat identifiable bytecode.
• Delphi: DeDe, free, produces good quality source code.
• C: HexRays, commercial, a plugin for IDA Pro by the same company. Produces great results but costs a big buck, and won't be sold to just anyone (or so I hear).
• .NET(C#): dotPeek, free, decompiles .NET 1.0-4.5 assemblies to C#. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files.

一些相关的工具，可能出现用场的不管它是你正在做的资源编辑器，如 ResourceHacker （免费）和良好的十六进制编辑器，如六角车间（商业）。

Some related tools that might come handy in whatever it is you're doing are resource editors such as ResourceHacker (free) and a good hex editor such as Hex Workshop (commercial).

此外，如果你正在做恶意软件分析（或使用SICE），我全心全意地建议在虚拟机中运行的一切，即的 VMware Workstation的。在SICE的情况下，它会保护您的实际系统从BSODs，并在恶意软件的情况下，它会保护您的实际系统从目标程序。你可以阅读与这里 VMware的恶意软件分析。

Additionally, if you are doing malware analysis (or use SICE), I wholeheartedly suggest running everything inside a virtual machine, namely VMware Workstation. In the case of SICE, it will protect your actual system from BSODs, and in the case of malware, it will protect your actual system from the target program. You can read about malware analysis with VMware here.

就个人而言，我摇与奥利，WinDbg的＆安培; W32DASM，以及一些较小的实用工具。

Personally, I roll with Olly, WinDbg & W32Dasm, and some smaller utility tools.

另外请记住，拆卸，甚至调试其他人的软件通常对EULA是最起码的：）

Also, remember that disassembling or even debugging other people's software is usually against the EULA in the very least :)

这篇关于是否有可能＆QUOT;编译＆QUOT; Windows的.exe？或者至少查看大会？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！