Disassembling wtih VS2010

The goal is simple: to take some existing (let's say windows "Minesweeper.exe"?).exe and put it through visual studios and see the assembly code. How can I do it?
Hi,

Why would you use VS2010 to decompile a program? I never used VS to decompile a 3rd party Executable.

Next it is almost impossible to guess the whole Assembly code via symbols on EXE file, I strongly recommend you to use IDA pro or other notable debuggers.

The question you are asking is quite generic, in terms that it could be multiple-tens of methods to perform that task, also I am not very comfortable with it.

You cannot directly disassemble it.
You can, where possible, debug a program anyways.

Just run the desired executable, start up Visual Studio and press CTRL+ALT+P (Tools->Connect to Process, should be the first option) and choose your process in the list.

The process MUST be running.
in my modest experience with windows, several times i tried to open an executable in notepad.
every single time, i saw the same thing in the first few lines:
..º..´.Í!¸.LÍ!This program cannot be run in DOS mode....$...

some junk, then this phrase then some junk.

if this has any meaning, it means that an executable file starts with some Operating-System specific code.
so an executable isn't just the assembly code for your program, it contains other things.
i think debuggers do this task, and there's also Cheat Engine.
cheat engine is specialized in cracking an executable and manipulating its inner workings, it was first designed to cheat computer games, but it can actually crack any executable (not sure if it works on AVs).

@SpaceWorm:
is the term "decompile" accurate in this context ?
i thought this operation was called "disassemble".
To view the disassembly by debugging an application in Visual Studio, instead of attaching to a running process you can load the app as a project.

How to: Debug an Executable Not Part of a Visual Studio Solution
http://msdn.microsoft.com/en-us/library/vstudio/0bxe8ytt.aspx

That way you can just step into the program to find where it starts. (If you do attach to a process, you can achieve the same aim by using Debug > Restart.)

But people who are into "reverse engineering" tend to use other tools, as SpaceWorm has already mentioned. IDA Pro is the most powerful tool, esp. the paid for version. And OllyDbg has always been very popular for 32-bit Windows.

You can also use the dumpbin tool from a Visual Studio Command Prompt, e.g.

C:\Test>dumpbin /disasm %systemroot%\notepad.exe > disasm.txt


(The output file is 480 KB on my machine, 8501 lines.)

Description of the DUMPBIN utility
http://support.microsoft.com/kb/177429

Andy

PS Regarding:

..º..´.Í!¸.LÍ!This program cannot be run in DOS mode....$...

From: Portable Executable
http://en.wikipedia.org/wiki/Portable_Executable

... PE/COFF headers still include an MS-DOS executable program, which is by default a stub that displays a message like "This program cannot be run in DOS mode" (or similar), though it can be a full-fledged DOS version of the program (a later notable case being Windows 98 SE installer).

The wikipedia.org entry provides links to Matt Pietrek's articles, if you want to learn more about the PE file format.

Last edited on
wow, thanks andy .
that was really helpful, maybe i can include a console version of each app alongside the GUI version.
i'll take a closer look on this topic.
Topic archived. No new replies allowed.