This post will demonstrate how to use both tools to reverse engineer a simple Hello World program.

X64dbg is a 64bit Debugger for debugging 64 bit executables, there is also a X32dbg for 32 bit executables. With X64dbg / X32dbg you can install the Snowman Decompiler as a plugin allowing you to decompile assemble into recognizable code. Here is a demonstration of reversing a simple Hello World with both tools.

For best video quality go to video settings and increase to 720p.

The Decompiler

When a C++ program is compiled from source code all class information is lost (classes store function information in addition to data), locals and names don’t appear in the binary. Class Methods are turned into functions and the function names are mangled. This leaves analyzing and reversing a C++ binary more complex.

The decompiler allows you to understand the structure and logic of classes, by turning assembly into Pseudo code. This Pseudo code is complex and hard to understand, more code is produced than needed, you have partial or missing code making reconstructing the code more complex.

Snowman Decompiler

Snowman decompiles C++ Object-Oriented code to (ANSI-C ) C code of the same equivalent. The snowman decompiler supports x86, AMD64, and ARM architectures. You can use it as a standalone GUI application, a command-line tool, an IDA plug-in, a radare2 plug-in, an x64dbg plug-in, or a library. Here is a demonstration of reversing a simple Hello World with the standalone tool.

For best video quality go to video settings and increase to 720p.

Check out my other YouTube videos at: https://www.youtube.com/@threatbloggerM