I have a C++ application compiled in debug (using MinGW and Qt) but I've lost some major changes because someone in my team forgot to commit his changes in the source control manager and overwrote the source code with other changes.
When I run the program in debug (in Qt Creator) I can set a break point in main and then see the source code.
Is there a way to reconstruct all the source file lost using only the debug binaries? Either manually or automatically.
Thanks!
I recently had to rebuild a MSVC compiled program by decompiling it to assembler - no debug info, source didn't even make it to version control. Only thing that saved me from starting from scratch was the previous dev using an example app for the API as the base for this new app.
If you have the debug symbols you can at least hope to get the method names.
I found rec22 (recstudio.exe) to be my best option for decompiling (as a free download) idaPro and hexrays seemed like it might be better (but couldn't afford to buy)
If by "When I run the program in debug (in Qt Creator) I can set a break point in main and then see the source code." you actually mean that inside the debugger you can see the older good version of the code, then that means there's still a copy of that source lying around somewhere that the debugger is able to pick up. You should be able to (worst case) truss the debugger to find out where the files are.
If that's not what you mean, the best I'm aware of is trying to do some sort of disassembly using a debugger. Depending on the complexity of the changes it may be possible to infer the source code from the assembly.
In general even debug binaries aren't designed to be able to recreate the original source: that's what the source is for. They do have the symbol table and instruction->line number maps which may be able to help.
When I run the program in debug (in Qt Creator) I can set a break point in main and then see the source code.
Really? Find out where your debugger is getting the source code from, and copy it from there.
It's more likely that your debugger is just grabbing a file on your system with the same name/path as the original filename (perhaps a more recent version, or an old version, etc) and things just happen to line up.
You can not truly regenerate the original source form a compiled binary, because the transformation from C++ source to a compiled binary is not a 1 to 1 relationship. There are many (infinitely...) different source files which will compile to the same binary. There is no way to know from looking at a binary what the original source looked like.
There are tools which can generate something which resembles a C++ source file, but more than likely it'll look nothing like your original source.
some links :
Boomerang
C++ Reverse Disassembly
Exe To C
The dcc Decompiler
REC 2.1 - Reverse Engineering Compiler
see same Questions Stack Overflow What’s a good C decompiler?
Use the strings program to extract all the ASCII bytes, then permute them.
I think there is a small chance you can actually recover source, but not from the binary itself: If you are really, really desperate, you can use a search application (e.g. Agent Ransack) and search your entire drive for string patterns that you know exist in the source code. In particular, search in your pagefile (pagefile.sys) if you have one - there might be some chance it's buried there somewhere.
I have tried this method once when I was really really desperate, but my situation then was a bit different and more favourable for "search and recover" because I lost it when somehow the IDE crash and the entire source file is lost (!!!! nasty surprise!!!)