Each task has its own challenges and both are
certainly very difficult, with decompilation being by far the more difficult of the two.
This is because the act of compiling source code is both a lossy operation, meaning information
is lost in the process of generating machine language, and a one-to-many operation,
meaning there are many valid translations of a single line of source code to
equivalent machine language statements. Information that is lost during compilation
can include variable names and data types, making recovery of the original source code
from the compiled binary all but impossible. Additionally, a compiler asked to optimize
a program for speed will generate vastly different code than that same compiler asked to
optimize that same program for size. So while both compiled versions will be functionally
equivalent, they will look very different to a decompiler.
Decompilers
Decompilation is perhaps the holy grail of binary auditing. With true decompilation, the
notion of a closed source product vanishes, and binary auditing reverts to source code
auditing as discussed previously. As mentioned earlier, however, true decompilation is an
exceptionally difficult task. Some languages lend themselves very nicely to decompilation
while others do not.
Pages:
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526