| Back to CG's Home Page | User's Guide | Using REC | E-mail : caprino@netcom.com | Last updated: 15 Feb. 1998 |
REC is a portable reverse engineering compiler, or decompiler.
It reads an executable file, and attempts to produce a C-like representation of the code and data used to build the executable file.
It is portable because it has been designed to read files produced for many different targets, and it has been compiled on several host systems.
| Download REC |
|---|
Multitarget support has been extended in version 1.3. Now REC 1.3 accepts mc68000 and PowerPC object files.
The following table shows the object formats and the target CPU accepted by REC:
| Host
platform (click on link to download) |
Accepted
Processors any of the following: |
Recognized
Object Formats any of the following: |
Linux 3.0 (i386): |
Intel 386 (32bit flat mode - limited support for 16 bit segmented mode) |
Unix SVR4 ELF with STABs symbolic info as produced by the GNU C compiler gcc |
| Windows 95 (console mode) rec13pc.zip (151k) |
Motorola 68000 (new!) | Unix SVR3 COFF and Windows PE extended COFF(.EXE) |
| SunOS 4.1.4 rec13s4.tar.gz (154k) |
Motorola PowerPC (new!) | Linux and SunOS AOUT with STABs |
| MIPS R3000 | PlayStation PS-X files (MIPS only) | |
| Raw binary data (via .cmd files) |
REC sources are not in the public domain. The disassembler(s) are available from GNU.
Although REC can read Win32 executable (aka PE) files produced by Visual C++ or Visual Basic 5, there are limitations on the output produced. REC will try to use whatever information is present in the .EXE symbol table. If the .EXE file was compiled without debugging information, if a program data base file (.PDB) or Codeview (C7) format was used, or if the optimization option of the compiler was enabled, the output produced will not be very good. Moreover, Visual Basic 5 executable files are a mix of Subroutine code and Form data. It is almost impossible for REC to determine which is which. The only option is to use a .cmd file and manually specify which area is code and which area is data.
In practice, only C executable files produce meaningful decompiled output.
Eventually I will implement a .PDB or Codeview symbolic information parser and a Window's resource decompiler. Until then, the only chance to get high-quality symbolic output is to decompile Linux executables that were compiled with the -g option, or to provide additional symbolic information via the 'symbol:' and 'types:' directives of a REC command file.
A Linux executable (with original source) is provided in the zip/tar files. Try running REC on the example, to see how good the quality of the output can be when enough symbolic information is provided.
| User's Guide |
|---|
The user's guide page describes how to start REC and which options to use to tune its output.
A step by step description of how to start using REC is also available.
The interactive mode is rather primitive, and does not take advantage of many of the facilities provided by the host operating system. The user interface was designed to be as portable as possible, and therefore does not use specific features such as function keys (arrows, PageUp, PageDown etc.), colors, smart screen update etc. It is possible that sometimes the screen gets corrupted. In such cases usually the ESC key will exit the current mode of operation. In most screens, the cursor can be moved around using UNIX VI's commands: 'j' moves down, 'k' moves up, 'l' moves right, 'h' moves left, Ctrl-F moves one page forward, Ctrl-B one page backward; '/' performs a text search forward, '?' searches backward.
I will eventually build a full Windows interface on top of the decompiler, although this is not on the top of my list.
| References |
|---|
Several other decompilers are available from various sources. Look at my reverse engineering page for a list.
Although REC implements many of the ideas described in the literature, especially in Cristina Cifuente's Reverse Compilation Techniques master thesis, all the code was originally written by myself during the past 6 years, except the disassemblers, which were taken from GNU's GDB source distribution. I will continue to improve REC in my spare time, but I cannot guarantee that I can fix bugs or add new features/processors/hosts.
Many of the algorithms also come from "Compilers - principles, techniques, and tools", by Aho, Sethi, Ullman.
| Disclaimer |
|---|
There is a lot of discussion on the legality of decompilation. Decompiler tools have been available for a variety of platforms for a long time. Decompilers, along with other tools like debuggers, binary editors, disassemblers etc. should only be used when the owner of a program has the legal right to reverse engineer the program.
It has been established by the US and other countries courts that it is legal to use decompilers under the fair use clause of copyright law.
To find out when it is legal to use a decompiler, you should read the text of the following cases (not provided here):
- Sega Enterprises LTD v. Accolade, Inc.
- Atari Games Corp. v. Nintendo of America, Inc.
Backer Street Software does not support the use of reverse engineering tools for illegal purposes.
Copyright (C) 1997 - 1998 Backer Street Software - All rights reserved.
History:
| 15 Feb. 1998 | Version 1.3: Added Motorola 68000 and PowerPC targets. |
| 7 Dec. 1997 | Version 1.2: fixed PC's user interface. Now we can load 16 bits DOS executables. More bug fixes. |
| 26 Oct. 1997 | Version 1.1: multi-target support (386 + R3000), loading of ELF and PE files, several bugs fixed. |
| 6 Oct. 1997 | Ported to Windows in console mode (recr4kpc.zip) and to SunOS (recr4ks4.tar.gz) |
| 20 Sep. 1997 | Created to make recr4kl.zip available. |
| Back to CG's Home Page | User's Guide | Using REC | E-mail : caprino@netcom.com | Last updated: 15 Feb. 1998 |