CODEWITHSUNDEEP
c
pablo663
pablo663

Reputation: 39

How can I view the C code after compilation in binary code?

The compiler is what takes this code, and translates it into the machine code

How can I see the original C code after compilation in binary code?

Upvotes: 1

Views: 25419

Answers (5)

fjlj
fjlj

Reputation: 146

use ollydbg and find your code within the disassebly :)

for example compiled code

int main()
{
  system("PAUSE");
  return 0;
}

would be hard to find in all the lines of the disassebly but if you pad it you can find it easier for example... compile this code

int main()
{
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");

  //mycode
  system("PAUSE");

  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  asm("nop");
  return 0;
}

and now in the disassembly i will be able to see the rows of "nops" and in between them is my code in binary form

CPU Disasm
Address   Hex dump          Command                                  Comments
004013F8  |.  90            NOP
004013F9  |.  90            NOP
004013FA  |.  90            NOP
004013FB  |.  90            NOP
004013FC  |.  90            NOP
004013FD  |.  90            NOP
004013FE  |.  90            NOP
004013FF  |.  90            NOP
00401400  |.  90            NOP
00401401  |.  90            NOP
00401402  |.  90            NOP
00401403  |.  90            NOP
00401404  |.  90            NOP
00401405  |.  90            NOP
00401406  |.  90            NOP
00401407  |.  90            NOP
00401408  |.  90            NOP
00401409  |.  90            NOP
0040140A  |.  90            NOP
0040140B  |.  90            NOP
0040140C  |.  C70424 004044 MOV DWORD PTR SS:[LOCAL.6],OFFSET 004440
00401413  |.  E8 D8500100   CALL <JMP.&msvcrt.system>                
00401418  |.  90            NOP
00401419  |.  90            NOP
0040141A  |.  90            NOP
0040141B  |.  90            NOP
0040141C  |.  90            NOP
0040141D  |.  90            NOP
0040141E  |.  90            NOP
0040141F  |.  90            NOP
00401420  |.  90            NOP
00401421  |.  90            NOP
00401422  |.  90            NOP
00401423  |.  90            NOP
00401424  |.  90            NOP
00401425  |.  90            NOP
00401426  |.  90            NOP
00401427  |.  90            NOP
00401428  |.  90            NOP
00401429  |.  90            NOP
0040142A  |.  90            NOP
0040142B  |.  90            NOP

so you can see that my system call is compiled into 

C70424004044E8D8500100

i hope this is what you meant :)

This can be done with ollydbg or x32dbg or objdump -M intel -d ;)

Upvotes: 6

John Bode
John Bode

Reputation: 123468

This is commonly described as "turning hamburger back into cows."

A decompiler will generate C source code that's functionally equivalent to the original code, but it won't have any of the original symbol names, and may not be structured the same. It may not even be very "readable".

You cannot recover the original source from a compiled program.

Upvotes: 8

Brian Coleman
Brian Coleman

Reputation: 1070

If you compile with debug information embedded in the object files ( binary output files generated by compiling the source files ), links to the original locations of the source files will be embedded in the object files. This allows a debugger ( e.g. gdb ) to jump to the line in the source file corresponding to a breakpoint when that breakpoint is encountered whilst debugging the program. You can compile with debug info added by specifying the -g switch if you're using gcc. For example:

gcc -g -o myProgram myProgram.c

compiles myProgram.c into a executable myProgram which you can run or debug. To debug myProgram you can use gdb:

gdb myProgram

Upvotes: 1

Rivasa
Rivasa

Reputation: 6740

so are you asking how to reverse it? you should search up reverse engineering and go from there. you will need to use a decompiler, know a bit of assembly and there is still no guarantee of success, that you will be able to get all the original code. it will also get harder if the program originally had more than one file or some sort of hiding technique to randomize the code (obfuscation). You will need to do alot of work to get even a bare-bones resemblance of the original code. here is the Wikipedia link for the topic: http://en.wikipedia.org/wiki/Reverse_engineering

HOWEVER, IT MAY BE ILLEGAL IN YOUR AREA, Depending on what you do with it, please don't get in trouble!

NOTE: if this post isn't allowed, someone please let me know and i'll take it down immediately.

EDIT: It can also be called decompiling as well i believe.

Upvotes: 1

Martin Beckett
Martin Beckett

Reputation: 96109

You can't get back the original C source code from the compiled binary - there are many ways in C of producing the same end result so there isn't a unique source.

The process is called decompiling

If I have misunderstood your question and you want to know how to view the assembler that the compiler generates from your C code then that depends on the particular compiler but they can all do it. See How can I see the assembly code that is generated by a gcc (any flavor) compiler for a C/C++ program?

Upvotes: 7

Related Questions