Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - Printable Version +- 0Day Forums (https://0day.red) +-- Forum: Coding (https://0day.red/Forum-Coding) +--- Forum: Assembly (https://0day.red/Forum-Assembly) +--- Thread: Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? (/Thread-Is-it-possible-to-quot-decompile-quot-a-Windows-exe-Or-at-least-view-the-Assembly) |
Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - catlinlsx - 07-24-2023 A friend of mine downloaded some malware from Facebook, and I'm curious to see what it does without infecting myself. I know that you can't really decompile an .exe, but can I at least view it in Assembly or attach a debugger? Edit to say it is not a .NET executable, no CLI header. RE: Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - ahis60976 - 07-24-2023 You may get some information viewing it in assembly, but I think the easiest thing to do is fire up a virtual machine and see what it does. Make sure you have no open shares or anything like that that it can jump through though ;) RE: Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - unblenchinglyeceklfcan - 07-24-2023 Sure, have a look at [IDA Pro][1]. They offer an eval version so you can try it out. [1]: [To see links please register here] RE: Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - wesleywlozxtrg - 07-24-2023 Any decent debugger can do this. Try [OllyDbg][1]. (edit: which has a great disassembler that even decodes the parameters to WinAPI calls!) [1]: [To see links please register here] RE: Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - frigga583330 - 07-24-2023 If you are just trying to figure out what a malware does, it might be much easier to run it under something like the free tool [Process Monitor][1] which will report whenever it tries to access the filesystem, registry, ports, etc... Also, using a virtual machine like the free [VMWare server][2] is very helpful for this kind of work. You can make a "clean" image, and then just go back to that every time you run the malware. [1]: [To see links please register here] "Process Monitor"[2]: [To see links please register here] RE: Is it possible to "decompile" a Windows .exe? Or at least view the Assembly? - landrum449 - 07-24-2023 Good news. IDA Pro is actually free for its older versions now: [To see links please register here] |