Decompiling a virus [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 9 years ago.

If I use a decompiler to get the source of a known C++ .exe botnet bin will the program execute during the "decompile" ?

What decompiler should I use?

Answer 1

No. Decompilation treats the binary as data and does not execute any of the code.

It is like looking at sheet music to determine the structure of the music. The music is not played or heard.

The disassembler or decompiler to use depends on the architecture of the executable. Since you mention .exe that suggests it is MS Windows or Vax/VMS. Search for one suitable for your environment.

Answer 2

I haven't seen any decompilers that generate C++ code. I've seen a few experimental ones that make a reasonable attempt at generating C code, but they tended to be dependent on matching the code-generation patterns of a particular compiler (that may have changed, it's been awhile since I last looked into this). Of course any symbolic information will be gone. Google for "decompiler".