I have been browsing the internet and see that there is no real one step process for bringing a c++ program from machine code back to the origanal source the closest thing i could find said to first dissamble the machine code for the exe and then convert by hand form the assembly back to c++, i know some c++ and very little assembly and was wondering if there is anywhere on the internet, or possibly in a book that has a rudimentry assembly to c++ conversion chart or some such.

thank you for your time-
ed :O
Posted on 2006-12-20 15:12:17 by bodeman71
I don't know that it would even be possible.
Posted on 2006-12-20 15:28:07 by drhowarddrfine
It would be possible only if the C++ compiler is ancient, with absolutely no optimization, and compiles in a fixed known pattern. And the C++ code would have to be very simple. Thus, with time, such conversion will be getting closer and closer to impossible.
Posted on 2006-12-20 17:04:36 by Ultrano
There's research done on this, but it's a pretty damn complicated task - datarescue (the company that brought us the IDA disassembler) has something which is appearantly pretty good, but last time I read about it, they didn't want to distribute it...

Check out http://www.hexblog.com/ , I think it might have some info.
Posted on 2006-12-20 17:42:37 by f0dder
I have previously come across another project called Boomerang. I'm not sure if this helps answer your question. http://boomerang.sourceforge.net/

Boomerang is "A general, open source, retargetable decompiler of machine code programs"
Posted on 2006-12-20 19:19:21 by tornado
You can use the output from Rec Studio Decompiler and translate it into C. It may be easier then translating assembly to C.

Here are some pics:

Source in C:


Source In ASM ( OllyDbg ):


Output from Rec Studio:
Posted on 2006-12-21 06:30:05 by Bermel Michael
to me the C-ish version of disassembly doesn't look much better. It is just helper for Cists who don't know asm IMO.
Posted on 2006-12-21 08:25:46 by vid

to me the C-ish version of disassembly doesn't look much better. It is just helper for Cists who don't know asm IMO.

When looking at a disassembly (as opposed to a neatly commented, indented, structured assembly source code), the "C-ish disassembly" might be a bit easier to read, since it has fewer lines and more structure.

But it really depends on what you're doing - if you're trying to decipher/reconstruct normal program flow, then the REC Studio thing might be nice. If you're doing malware analysis, especially the trickier ones, nothings beats working with real assembly :)
Posted on 2006-12-21 09:37:46 by f0dder
To me the C-ish disassembly look like normal disassembly to me.  ;)
Posted on 2006-12-22 00:51:02 by roticv

To me the C-ish disassembly look like normal disassembly to me.  ;)

There's not THAT big difference - but assume there wasn't the "comments pane" in Olly, and that both screenshots used same font size.

Probably doesn't handle multiple levels of nesting though (ie, it might have an "if" sentence, but that can only ever contain a JUMP command, not an entire block) - shame :)
Posted on 2006-12-22 05:32:39 by f0dder