摘要
反编译中,一般采用先将可执行代码转换成汇编语言(即反汇编)作为中间代码,再从中间代码转换到C语言或其他高级语言。现提出一种在反汇编基础上的新的C反编译方法,通过用读取源文件数据区的数据,写入新文件的数据区,以内联汇编的方法直接读取新文件的数据区的全局变量,而不用分析和定义源文件的全局变量类型。该方法在效率上比传统方法有很大提高。
To decompile, the executable codes should be converted to assembly codes as intermediate ones,which will be transformed to C generally. A new method to compile executable file to C codes based on disassembling is intreduced : access data in the data area of source file, and write it in the data area of new file. As a result, we can access the global variable in the data area of the new file, instead of analyzing and defining the global variable. This method provides much more effectiveness than the traditional one does.
出处
《科学技术与工程》
2008年第10期2692-2694,2701,共4页
Science Technology and Engineering
关键词
反编译
PE文件
反汇编
中间代码
静态分析
decompilation PE file disassembly intermediate code static analysis
