Best Microsoft Windows, disassemblers, and decompilers.

A disassembler is a program which is able to generate assembly code from binary code, and a decompiler is a program, which is capable of generating high level language, as for example C, or C++, from assembly code.

This is a list of the best disassemblers, and decompilers under Microsoft windows.

Snowman

The program is very simple, and is easy to use. It is actually open source, and can be used without any installation, so as a portable program.

The binary formats supported by Snowman, are PE, which is Microsoft executable binary format, ELF which is the Linux executable binary format, and Mach-O which is the Apple executable binary format , and the supported CPU architectures are ARM , X86 and X64 . Snowman is both a disassembler, and a decompiler.

The GUI interface, allows viewing the assembly code, the C/C++ source code, the program sections, symbols, and an inspector view.

• Download link: https://derevenets.com/
• Source code link: https://github.com/yegord/snowman

Relyze

This is a disassembler and a decompiler, and it comes in two flavors, a professional and free one. The only difference between the two, is: command line, batch analysis, and binary diffing.

Both flavors, support disassembling and decompiling, Linux and windows binaries, for the X86, X64, and ARM 32 and 64 architectures.

The free license was easy to get, you just have to enter an email, on the first usage of the program.

The program GUI is clean, to the left, there is a toolbar containing the most commonly used options. The overview, and the structure sections, provide a nice summary about the program.

The code section, allows you to browse the source code using one of hex, call, flat, flow, or pseudo code views. To the bottom, you can view segments, strings, imports, and functions. The searching functionalities are nice, and the graphing capabilities are not that bad.

• Download link: https://www.relyze.com/download.html

Ghidra

This one name, seems to have an Arabic origin, which means betrayal, but most importantly it requires java to be installed, and is a disassembler and decompiler for multiple binary formats, including macOS, Linux, and windows, and for multiple architectures including X86, X64, and ARM.

It is tiny little bit slower than the other tested software, but it is intuitive to use to browse the source code, and do code analysis, despite that the GUI needs some work to be done. Additionally, it has, some nice graphing features, such as block, code, and calls flow.

• Download link: https://www.ghidra-sre.org/

Hex-rays IDA

It has a pro and a free version. The free version is severely limited, it lacks support for many processors, as in ARM, and the decompiler is cloud based. All in all, the free version supports disassembling and decompiling x86, and X64, windows Linux and macOS executables.

IDA workflow consist of multiple views to switch between, such as the disassembled view, the hex view, the imports and exports views, and the structures and enums views.

IDA has graphing capabilities, such as graphing functions calls, and a flow chart, but this does not seem to work in the free version.

• Download link: https://hex-rays.com/ida-free/#download

Binary Ninja

This is a paid tool, which supports disassembly of windows, Linux, and macOS executables, and of different architectures, such as X86, X64, and ARM.

There is no free version, but there is a demo version, which works only for 25 minutes. After using the demo for a little bit, this tool does not seem to have a lot to offer.

• Download link: https://binary.ninja/

PE explorer

This is a paid tool, but it offers a 30days trial. As of now, it only supports 32 bits windows executables, but it does advertise, that in version 2, 64bit windows executables will be supported. PE explorer does not support decompiling, it only supports disassembling.