The Difference Between Decompilers, Disassemblers, Debuggers, and Hex Editors

For people looking to get into reverse engineering, the barrier to entry can be fairly steep—starting with the terminology. Here are the differences between a few key tools you will encounter on the path.

• Decompilers reverse binaries into higher-level languages, like C++.

• Disassemblers reverse binaries into assembler language.

• Debuggers allow you to view and change the state of a running program.

• Hex Editors allow you to view and edit the contents of a binary.

Another set of things to know is the different kinds of programming languages. Here they are—from low to high levels of abstraction from the CPU.

Modern languages like Python and Ruby are considered high-level languages, but are functionally a level above.

1. Machine Code is the 1’s and 0’s executed by a CPU.

2. Assembler is the next level up, and is the first human-readable level, but just barely.

3. High-level—also called Compiled—languages include C and C++, and they’re the first level of functionally readable code.

4. Interpreted Languages are languages like Perl, PHP, Python, and Ruby, which require an environment to run them, trade readability for speed.

5. Bytecode Languages are languages like Java and .NET, which are cross-platform like Interpreted languages, but with similar readability and speed to compiled languages.

Summary

1. To go from binary to assembler, use a disassembler.

2. To go from binary to higher lanugage, use a decompiler.

3. To edit a particular part of a binary’s contents, use a hex editor.

4. To interact with an application as it’s running, use a debugger.

Related posts:

1. Ruby is Gentoo, Python is Ubuntu

2. A @TomNomNom Recon Tools Primer

3. My Favorite Superhuman Shortcuts

4. A 3-Tiered Approach to Securing Your Home Network