问题
I have an ELF file that I would like to decompile into C code, and make simple changes to the resulting C code and rebuild it into an ELF.
The decompiled C code need not be fully human readable. Eg, if variables and function names come out obfuscated, it is okay.
Which tools can I use to accomplish this on Linux?
PS: If decompiling to C is not possible or is not easy, I'm willing to consider decompiling to assembly language, though tweaking the assembly source will be very difficult for me.
UPDATE: You may assume that I'm using the following C program to get my a.out ELF. Now, assume further that I've lost this original C source. So, I would now like to decompile it to (a possibly obfuscated) C source in which I'm at least able to change small things like the strings "world", "Hello", and "Bye", or be able to reverse the sense of the if statement, etc.
#include <stdio.h>
#include <string.h>
char buf[256];
const char *Hello = "Hello";
const char *Bye = "Bye";
const char *Who = "world";
char * greet(const char *greeting, const char *str) {
strcpy(buf, greeting);
strcat(buf, ", ");
strcat(buf, str);
strcat(buf, "!");
return buf;
}
int main(int argc, char *argv[]) {
int sayHello = 0;
if(sayHello) {
printf("%s\n", greet(Hello, Who));
} else {
printf("%s\n", greet(Bye, Who));
}
return 0;
}
回答1:
This will give you (almost) an assembly code translation:
objdump --disassemble <elf file>
I say almost because the output contains some annotations like binary file position markers and can't serve directly as input to an assembler, but it's close.
回答2:
You write a simulator for the processor, then you run the elf instructions through your simulated processor. It's generally not too much of a task because even CISC processors have relatively small, contained instruction sets that perform simple operations.
When you've got that working, look at more efficient solutions, like outputting C code to match instructions.
来源:https://stackoverflow.com/questions/17247505/how-to-convert-an-elf-executable-to-c-code-the-generated-c-code-need-not-be-hum