What's a good C decompiler?

Question

I am searching for a decompiler for a C program. The binary is a 32-bit x86 Linux executable. Objdump works fine, so basically I am searching for something which attempts to reconstruct the C source from the asm source.

maybe better ask on the below sites? http://softwarerecs.stackexchange.com/ http://reverseengineering.stackexchange.com/ — phuclv, Sep 22 '14 at 16:07
There are none. No decompiler is good, by definition of the process. — Martin James, Nov 14 '17 at 22:08

score 59 · Accepted Answer · answered Oct 11 '08 at 09:38

59

Seconding Hex-rays, but if you can't justify that cost, Boomerang might work.

answered Oct 11 '08 at 09:38

Serafina Brocious

30,433
12
89
114

4

I tested it with some windows binaries, and Boomerang just decompiled a small one. The others crashed this decompiler. – Jader Dias Jan 31 '12 at 11:50
4

Hell of a libqt dependencies, not just core and gui, but also dev. Consider this. – Mustafa Apr 10 '13 at 14:23
@CodyBrocious : He asked for Linux programs. – user2284570 Nov 29 '15 at 16:41
But notice that boomerang doesn't decompile AMD x86_64 binary.... – recolic Mar 14 '18 at 14:16

score 19 · Answer 2 · answered Oct 11 '08 at 09:37

19

If you have money to spare, Hex-Rays Decompiler could be worth your while. :-)

answered Oct 11 '08 at 09:37

C. K. Young

219,335
46
382
435

Any ideas for [this case](http://softwarerecs.stackexchange.com/q/26830/2341) ? – user2284570 Nov 29 '15 at 16:39
Hopper license is a fraction of cost cheaper, and pretty much does a good/comparable job. – Rui F Ribeiro Jan 21 '18 at 14:38

GelosSnake · Answer 3 · 2019-05-09T09:22:01.180

As much as IDA can be helpful it cost quite a lot of money. Not sure about your specific use case but Plasma seems like it would do the trick "Plasma is an interactive disassembler for x86/ARM/MIPS. It can generate indented pseudo-code with colored syntax."

If you are looking for something more similar to IDA I heavily recommend Radare2. There's also ODA the online dissembler in case you don't feel like installing anything.

A new addition is Binary Ninja and although it's not even close to the capabilities of IDA or Radare yet, it's a cheap and good utility for starters.

Update: Since this comment the NSA have released Ghidra which is completely open source and free. It is a full pledges RE framework with high end decompiler.

Rui F Ribeiro · Answer 4 · 2019-05-03T22:18:58.260

For binary decompiling, I have bought a personal license of Hopper https://www.hopperapp.com .

The advantages are:

has an intuitive and well thought graphical interface;
runs in MacOS and Linux;
provides a reasonable C-like decompiler output;
decompiles 32-bit and 64-bit binaries;
supports Mach-O binaries (Mac and iOS), PE32/32+/64 Windows binaries and ELF binaries;
has very regular free updates;
the license price at around 100 USD cannot be beaten.

IMO, the ratio cost/quality beats fairly easily IDA/Hex-rays, and it leaves in the dust the other commercial (or free) decompilers.

Additionally, you can try it out or use the demo version to get a feel of it and decompile (very) small executables for free.

From now on (March/2019), as an alternative, you also have Ghidra from NSA. Ghidra runs on Linux, Mac and Windows as long as JDK 11 is installed. It is presented "as a free tool comparable to X/Rays".

Ghidra feels more powerful, however Hopper still seems more intuitive.

See also: PepperMalware Blog - Quick Analysis of a Trickbot Sample with NSA's Ghidra SRE Framework

score 3 · Answer 5 · answered Jan 18 '17 at 14:49

3

Snowman (http://derevenets.com) looks nice. The generated code is a mess, but works.

answered Jan 18 '17 at 14:49

Corey Kennedy

67
2

What's a good C decompiler?

5 Answers5

Linked