quote:
Originally posted by DJeX
What’s the difference between disassembling and decompiling?
disassembling is turning hexadecimal codes (the things you see when you open a compiled program in a hex editor*) into assembler (aka machine code**)
Decompiling goes a step further and changes the machinecode into programming language. But because many information is lost when you compile a program you are almost never able to reverse it in a decent way.
- Hexadecimal codes:
004E33E7 E8 DC 2F 09 00 83 EC 24 53 56 8B F1 8B 8E 0C 01 00 00 57
- equivalent assembler codes:
call SUB_L005763C8
sub esp,00000024h
push ebx
push esi
mov esi,ecx
mov ecx,[esi+0000010Ch]
push edi
quote:
Originally posted by DJeX
How do the anti-virus company’s do it then? They must have a program to take apart the viruses to see how they work?
Yes, but you don't need a decompiler for that. They don't need the actual programming code as those guys know how to read assembler...
/ 
