PE Explorer download PE Explorer header
Heaventools

overview    news    downloads    purchase    f.a.q.    support    partners    about us   

WIN32 DISASSEMBLER  

 

PE Explorer Win32 Disassembler

STAY UP-TO-DATE!

See what's new
in version 1.99

TRY IT NOW!

Download a 30 day
trial version

TAKE THE FEATURE
TOUR

Resource Editor
XP Manifest Wizard
Exports Viewer
Syntax Lookup
Dependency Scanner
Section Editor
File Repair
Easy Disassembler
Plug-ins
User Testimonials

BUY IT ON-LINE!

Ordering information

Buy Now!


We are proud to be a Borland Technology Partner

Dig into executables

The PE Explorer win32 disassembler is designed to be easy to use compared with other disassemblers. To that end, some of the functionality found in other products has been left out in order to keep the process simple, fast and easy to use. While as powerful as the more expensive, dedicated disassemblers, PE Explorer focuses on ease of use, clarity and navigation.

The PE Explorer disassembler assumes that some manual editing of the reproduced code will be needed. To facilitate additional hand coding, however, the disassembler utilizes a qualitative algorithm designed to reconstruct the assembly language source code of target binary win32 PE files (EXE, DLL, OCX) with the highest degree of accuracy possible.

    [See a larger screenshot]

ocx exe dll disassembler

The fundamental challenge in disassembling compiled files is to correctly interpret the examined data. Separating code from data can be extremely difficult, especially when the initial code includes countermeasures intended to hinder disassembly. In order to meet this challenge, we developed a customized model, specifically designed to reduce incorrect data type identifications.

Borland VCL objects

The Borland VCL object model is designed in such a way that we think it will be possible to reproduce the original assembly language source code perfectly. At Heaventools, improving the disassembler is an ongoing part of our PE Explorer development efforts.

The disassembly process begins by identifying the compiler used to build the target file. Forehand knowledge of how a compiler puts files together improves the guesswork involved in determining the data allocation patterns within the target file. Moreover, given this information, identifying most of the objects, procedures, variables, types etc. of the target file can be achieved with a very high degree of accuracy. Only various Borland® compilers are currently identified. The disassembler will decompile files built with other compilers too. At this time, however, it will only display specifically identified internal items for files compiled with Borland® compilers.

Processing Info

After the compiler has been identified, the disassembler searches the target file for a relocation table. If a relocation table is found, the information is used to detect the absolute offsets to the various content items in the file (for example: mov eax, offset L0041F46A, jmp L004A49FE). In turn, this information is used to form the Jumps list and the Rets list. The Jumps list stores the addresses to positively identified instructions and the Rets list stores the addresses to tentatively identified instructions. These addresses are then arranged according to the degree of certainty regarding their identification.

As the information from the Jumps list and the Rets list accumulates, the decoding process begins to emulate the execution of the code found within the target file. When the primary branch of the decoding process finishes executing, the remaining information from the Jumps list and the Rets list is processed. Information accumulated in the Jumps list is evaluated first, followed by the information in the Rets list, until both lists are empty. If the repeated scanning option is selected, this step is repeated until the disassembler has resolved any outstanding references.

The decoding process concludes by generating labels for any items that remain unidentified and setting the output positions for all of the various items found in the target file.

After all processing has been completed, the disassembler displays the resulting source code for the target file. This output can be manually edited or saved to disk for future reference.

Although the customized modeling performed by the disassembler does increase processing time, the result is a dramatic reduction of incorrect opcode translations. We think you will agree that that the extra time needed to achieve this high level of accuracy is justly compensated for by the time saved when hand correcting the output.

[back]                       [download a 30 day trial version of PE Explorer]

 

 

[overview]   [news]    [screenshots]   [downloads]  [purchase]   [f.a.q.]    [support]   [sitemap]

 
 
Get your free 30-day trial!