Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reverse engineering C++ - best tools and approach [closed]

I am sorry - C++ source code can be seen as implementation of a design, and with reverse-engineering I mean getting the design back. It seems most of you have read it as getting C++ source from binaries. I have posted a more precise question at Understanding a C++ codebase by generating UML - tools&methology


I think there are many tools that can reverse-engineer C++ (source-code), but usually it is not so easy to make sense of what you get out.

Have somebody found a good methodology?

I think one of the things I might want to see for example is the GUI-layer and how it is separated (or not from the rest). Think the tools should somehow detect packages, and then let me manually organize it.

like image 203
Olav Avatar asked Nov 23 '10 23:11

Olav


2 Answers

To my knowledge, there are no reliable tools that can reverse-engineer compiled C++.

Moreover, I think it should be near impossible to construct such a device. A compiled C++ program becomes nothing more than machine language instructions. In order to kn ow how that's mapped to C++ constructs, you need to know the compiler, compiler settings, libraries included, etc ad infinitum.

Why do you want such a thing? Depending on what you want it for, there may be other ways to accomplish what you're really after.

like image 95
John Dibling Avatar answered Nov 10 '22 16:11

John Dibling


While it isn't a complete solution. You should look into IDA Pro and Hexrays.

It is more for "reverse engineering" in the traditional sense of the phrase. As in, it will give you a good enough idea of what the code would look like in a C like language, but will not (cannot) provide fully functioning source code.

What it is good for, is getting a good understanding of how a particular segment (usually a function) works. It is "user assisted", meaning that it will often do a lot of dereferences of offsets when there is a really a struct or class. At which point, you can supply the decompiler with a struct definition (classes are really just structs with extra things like v-tables and such) and it will reanalyze the code with the new type information.

Like I said, it isn't perfect, but if you want to do "reverse engineering" it is the best solution I am aware of. If you want full "decompilation" then you are pretty much out of luck.

like image 41
Evan Teran Avatar answered Nov 10 '22 16:11

Evan Teran