On 04/01/2021 22:50, Dan Espen wrote:
> Pancho  writes:
>
>> Most compilers leave fingerprints on executables you don't need an AI
>> to detect them. I remember decompiling in the early 80's but complex
>> modern code can often be a challenge to naively reverse engineer a
>> high level understanding from even if you do have source code. Take
>> away sensible variable and function names and you are stuffed.
>
> I've had more than one experience in putting those meaningful variable
> names right back.  It's actually pretty easy, a somewhat rote process.
> Find the read input instruction.  Since you know the layout of the input
> record, you now have labels to many of the references to that input
> area.
>
> I think you can work out how to proceed.

ISTR that my attack on the executable started by seeking out lines
of code that might be subroutine calls, "JSR PC, address" in the
PDP11 code. This served to create a number of identifiable and
separate blocks from which to proceed.

Of course, this was much easier as it was a stand-alone paper
tape program with no operating system underneath to muddy the
water.

--- SoupGate-Win32 v1.05