Decompilation of binary programs

The structure of a decompiler is presented, along with a thorough description of the different modules that form part of a decompiler, and the type of analyses that are performed on the machine code to regenerate high‐level language code. The phases of the decompiler have been grouped into three main modules: front‐end, universal decompiling machine, and back‐end. The front‐end is a machine‐dependent module that performs the loading, parsing and semantic analysis of the input program, as well as generating an intermediate representation of the program. The universal decompiling machine is a machine‐ and language‐independent module that performs data and control flow analysis of the program based on the intermediate representation, and the program's control flow graph. The back‐end is a language‐dependent module that deals with the details of the target high‐level language. In order to increase the readability of the generated programs, a decompiling system has been implemented which integrates a decompiler, dcc , and an automatic signature generator, dccSign. Signatures for libraries and compilers are stored in a database that is read by the decompiler; thus, the generated programs can make use of known library names, such as WriteLn() and printf() . dcc is a decompiler for the Intel 80286 architecture and the DOS operating system. dec takes as input binary programs from a DOS environment and generates C programs as output. Sample code produced by this decompiler is given.