In this article, I’ll give you an ultimate list of the best DLL decompilers. These tools will enable you to decompile DLL (Dynamic-link library) files to view the C#, VB.NET, or C++ source code. Decompiling a .dll file is helpful if you want to understand how it works without having access to the original source code.
Basically, to decompile a .dll file you must know the language in which the DLL was written. So, to make things easier for you, I have arranged the DLL decompilers according to the programming languages.
The list contains free, paid, open source, and online DLL decompilers.
Let’s have a look at each of them and then choose the best option that meets your specific requirements.
Convert DLL to C# or VB.NET
dotPeek
dotPeek is a free-of-charge standalone tool based on ReSharper‘s bundled decompiler. It can reliably decompile any .NET assembly into equivalent C# or IL code.
The decompiler supports multiple formats including libraries (.dll), executables (.exe), and Windows metadata files (.winmd).
dotPeek can also decompile .baml files, enabling you to reconstruct XAML UI definitions.
In addition to traditional assemblies and executables, you can have dotPeek open archives (.zip, .vsix, or .nupkg) and folders. You can also find and load NuGet packages (and their dependencies) from any online package source, or load packages listed in packages.config file in your Visual Studio project.
Features
- Free
- Libraries, executables, and more
- Show or hide compiler-generated code
- Explore running processes
- View IL code in a separate view
- View IL code as comments to decompiled C#
- Use your preferred color theme
- Navigate decompiled code in different ways: Find usages of any symbol, Highlight usages in code viewer, Explore current document, Jump to any code, Set bookmarks, Navigate contextually, Navigate class hierarchies, and Explore inheritance chains
- Make sense of assemblies: Manage assembly lists, Explore assembly contents, Explore assembly metadata, View dependencies between assemblies
Telerik JustDecompile
Telerik JustDecompile is one of the fastest decompilers for DLL files which are coded in .NET and C#. It offers an open API for everyone to create extensions. You can easily search the code once it is decompiled with JustDecompile.
The Telerik JustDecompile engine is open source. It means you can easily extend its functionality as well as leverage everyone else’s fixes and additions.
Features
- Free
- Open source decompilation engine
- 10 times faster than other DLL decompilers
- Open API for everyone to create extensions.
- Supports .NET 2.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, WinRT Metadata, C#5, APPX and WinMD.
- Code becomes easily searchable with JustDecompile.
- Create a Visual Studio project from a decompiled assembly.
- JustDecompile integrates with JustCode and JustTrace.
- Switch easily between different methods and assemblies in one JustDecompile instance.
- Decompile referenced assemblies in a Visual Studio project. Supported Visual Studio versions: 2010, 2012, 2013, 2015, and 2017.
- Extract resources From assemblies.
- Usage Analysis: Bookmark usages in loaded assemblies.
- Export code directly from the command prompt.
- Integrate With Windows Explorer Context Menu: Decompile an assembly after browsing to it in Windows Explorer.
ILSpy
ILSpy is the open-source .NET assembly browser and decompiler.
Features
- Decompilation to C# (check out the language support status)
- Whole-project decompilation (csproj, not sln!)
- Search for types/methods/properties (learn about the options)
- Hyperlink-based type/method/property navigation
- Base/Derived types navigation, history
- Assembly metadata explorer (feature walkthrough)
- BAML to XAML decompiler
- ReadyToRun binary support for .NET Core (see the tutorial)
- Extensible via plugins
- Additional features in DEBUG builds (for the devs)
.NET Reflector
Decompile, understand, and fix any .NET code, even if you don’t have the source. By using .NET Reflector you can easily look inside any .NET code.
Standard Edition Features
- Decompilation: Decompile, browse, and analyze any .NET assembly to C#, VB.NET, or IL.
- Desktop application: Use the standalone application to explore and navigate decompiled code.
- Search Filtering: Get results as you type and find what you’re looking for easily.
VSPro Edition Features
- Use the Visual Studio debugger: Use your regular debugging techniques on any decompiled assemblies as if they were your own, using the Visual Studio debugger.
- Debug third-party assemblies: Generate .pdb files for decompiled assemblies and save them so you only need to enable debugging once for each assembly.
- Dynamic decompilation: Assemblies decompile seamlessly in Visual Studio so source code is always available for your libraries.
- Use VS shortcuts: Use F12 to “Go To Definition”, F9 to “Set Breakpoints”, and F11 to “Step Into” any decompiled code.
- C#7 decompilation: .NET Reflector supports C#7, .NET 4.7.2, and .NET Core and Standard.
- Browse assemblies: .NET Reflector VSPro adds the Reflector Object Browser into Visual Studio. Use the tree view to navigate through code.
dnSpy
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don’t have any source code available. Main features:
- Debug .NET and Unity assemblies
- Edit .NET and Unity assemblies
- Light and dark themes
Debugger
- Debug .NET Framework, .NET, and Unity game assemblies, no source code required
- Set breakpoints and step into any assembly
- Locals, watch, autos windows
- Variables windows support saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window)
- Object IDs
- Multiple processes can be debugged at the same time
- Break on module load
- Tracepoints and conditional breakpoints
- Export/import breakpoints and tracepoints
- Call stack, threads, modules, processes windows
- Break on thrown exceptions (1st chance)
- Variables windows support evaluating C# / Visual Basic expressions
- Dynamic modules can be debugged (but not dynamic methods due to CLR limitations)
- Output window logs various debugging events, and it shows timestamps by default 🙂
- Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files.
- Public API, you can write an extension or use the C# Interactive window to control the debugger
Assembly Editor
- All metadata can be edited
- Edit methods and classes in C# or Visual Basic with IntelliSense, no source code is required
- Add new methods, classes, or members in C# or Visual Basic
- IL editor for low-level IL method body editing
- Low-level metadata tables can be edited. This uses the hex editor internally.
Hex Editor
- Click on an address in the decompiled code to go to its IL code in the hex editor
- The reverse of the above, press F12 in an IL body in the hex editor to go to the decompiled code or other high-level representation of the bits. It’s great to find out which statement a patch modified.
- Highlights .NET metadata structures and PE structures
- Tooltips show more info about the selected .NET metadata / PE field
- Go to position, file, RVA
- Go to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap index
- Follow references (Ctrl+F12)
Other
- BAML decompiler
- Blue, light, and dark themes (and a dark high contrast theme)
- Bookmarks
- C# Interactive window can be used to script dnSpy
- Search assemblies for classes, methods, strings, etc
- Analyze class and method usage, find callers, etc
- Multiple tabs and tab groups
- References are highlighted, use Tab / Shift+Tab to move to the next reference
- Go to the entry point and module initializer commands
- Go to metadata token or metadata row commands
- Code tooltips (C# and Visual Basic)
- Export to project
List of other open source libraries used by dnSpy
- ILSpy decompiler engine (C# and Visual Basic decompilers)
- Roslyn (C# and Visual Basic compilers)
- dnlib (.NET metadata reader/writer which can also read obfuscated assemblies)
- VS MEF (Faster MEF equals faster startup)
- ClrMD (Access to lower level debugging info not provided by the CorDebug API)
- Iced (x86/x64 disassembler)
VB Decompiler 11.1
Decompile programs in EXE, DLL, or OCX formats created using Visual Basic 5.0 and 6.0 and disassemble software built with .NET technology. Perform the analysis of programs and partially restore the source code from p-code if your project was damaged.
Refractor 1.5
The freeware Refractor .NET assembly browser and decompiler recover source code from crashes and convert .exe and .dll to C#, VB.Net, and IL. It generates the high-level code in the back end of the decompilation. Just as a compiler may have several backends for generating machine code for different architectures, the decompiler(the free disassembler) has several backends for generating high-level code in different high-level languages.
Dis#
The typical problem with decompilation is the absence of full source information in the executable file. For instance, the .NET assembly does not contain the names of local variables. The program can automatically assign local names in accordance with their types (what Dis# really does), but it still too differentiates from the original source.
Support for C#, Visual Basic.NET, Delphi.NET, and Chrome. Dis# also support .NET 2.0 assembly format, generics, etc.
You can deobfuscate assembly to restore readable names.
Dis# extracts names from .PDB file.
Dotnet IL Editor
Dotnet IL Editor (DILE) allows disassembling and debugging .NET 1.0/1.1/2.0/3.0/3.5/4.0 applications without source code or .pdb files. It can debug even itself or the assemblies of the .NET Framework on IL level.
Convert DLL to C/C++
DLL to C
DLL to C is a tool that can convert any DLL files and some EXE files into compilable C/C++ code. When you lost the source code of a DLL, you can recover the source code with DLL to C. It can generate data structures for all data sections and disassemble the code section. It can also generate a Function Relationship Tree, and then you can export the specified feature you want in the DLL easily. And it can convert assembly code to C code, and the C code is also compilable and reliable.
Features
- Convert DLL or EXE into compilable C/C++ code
- Generate data structures for all data sections
- Generate Module Definition File
- Disassemble the code section
- Disassemble with Structure Mode, Complete Mode, Complete Structure Mode, Comment Mode, and Precise Mode
- Decompile assembly code to C/C++ code with fast speed
- Initialize Import Address Table with dynamic mode, static mode, and direct addresses
- Comes with the tool Decompiled File Analyzer
- Generate Function Relationship Tree
- Export all functions
- Export specified functions only
- Export resources in DLL or EXE automatically
- Create Debug Tools
- Dynamic Log Function Invocations
- Automatically identify all used function arguments and local variables
- Export any features in DLL or EXE without any analysis
- Automatically identify the static library functions of C
- Convert assembly code to C code
Hex-Rays Decompiler
The Hex-Rays Decompiler brings binary software analysis within reach of millions of programmers. It converts native processor code into a readable C-like pseudocode text.
Advantages
In comparison to low-level assembly language, high-level language representation in the Decompiler has several advantages:
- Concise: requires less time to read it
- Structured: program logic is more obvious
- Dynamic: variable names and types can be changed on the fly
- Familiar: no need to learn the assembly language
The pseudocode text is generated on the fly. Their technology is fast enough to analyze 99% of functions within a couple of seconds.
Currently, the decompiler supports compiler-generated code for the x86, x64, ARM32, ARM64, and PowerPC processors. They plan to port it to other platforms in the future. The programmatic API allows their customers to improve the decompiler output. Vulnerability search, software validation, and coverage analysis are the directions that immediately come to mind.
The decompiler runs on Windows, Linux, and Mac OS X. The GUI and text IDA versions are supported.
The Decompiler software is available for 8 platforms:
- x86
- x64
- ARM32
- ARM64
- PowerPC
- PowerPC64
- MIPS
- MIPS64
- ARC
W32DASM
W32DASM is a disassembler: a tool made to translate machine language back into assembly language. It’s ideal for those interested in reverse engineering, who want to take code apart and find out how it works.
It is an easy-to-use disassembler with a simple interface.
With this app, you can open .dll, .exe, .386, .com, .cpl, .drv, .fon, .mpd, .ocx, .vbx and .vxd files to study their code. It makes it possible to save the disassembly text and create a project file, attach the active 32-bit process to the debugger, and load the 32-bit disassembled executable file into the process.
Although W32DASM is ancient since hasn’t received updates for a very long time (it’s officially discontinued), it works without any trouble on Windows 10. Files are disassembled quickly while the tool remains light on system resource consumption.
Snowman
Snowman is a native code to C/C++ decompiler, supporting x86, AMD64, and ARM architectures. You can use it as a standalone GUI application, a command-line tool, an IDA plug-in, a radare2 plug-in, an x64dbg plug-in, or a library. Snowman is free software.
Standalone Version
- Supports ARM, x86, and x86-64 architectures.
- Reads ELF, Mach-O, and PE file formats.
- Reconstructs functions, their names and arguments, local and global variables, expressions, integer, pointer, structural types, and all types of control-flow structures, including switch.
- Has a nice graphical user interface with one-click navigation between the assembler code and the reconstructed program.
- Has a command-line interface for batch processing.
IDA Plug-in
- Enjoys all executable file formats supported by the disassembler.
- Benefits from IDA’s signature search, parsers of debug information, and demanglers.
- Decompiles a chosen function or the whole program by the push of a button.
- Allows easy jumping between the disassembler and the decompiled code.
- Fully integrates into IDA’s GUI.
Installation Instructions
- Standalone version you can just unpack and run.
- IDA plug-in is installed by copying
.plw,.p64,.plx,.dll,.sofiles to IDA’spluginsdirectory.
Usage Instructions
- Do not try to decompile large programs at once. Select a necessary part in the assembly listing and push
Ctrl-Einstead. Or better use the Snowman IDA plug-in. - When using the IDA plug-in, press
F3to decompile the function under the cursor.
SmartDec
SmartDec is a set of tools for decompilation. These tools are:
- nocode — a command-line decompiler
- smartdec — a decompiler with a graphical user interface
- ida-plugin — a decompiler plug-in for the IDA Pro disassembler
Some Other Best DLL Decompilers
Free Dll Viewer 1.0
Free Dll Viewer is a program that lets you visualize DLL (Dynamic Link Library) files. These files are libraries that contain functions and resources shared by various programs. So, instead of each developer writing code, they use these libraries to save time.
This program also offers support for EXE, DRV, OCX, and FON. In the end, all these files are executables. The program lets you see resources like Cursors, Bitmaps, Icons, Dialog, Menus, etc. contained in files. All this while occupying less than 1 MB on your disk.
The graphic interface might not seem so attractive, but the viewing functionality of the program is great. It doesn’t just let you see the resources, but it also offers useful information about the DLL in the lower part of the window, like the size of the header and check sum. Unfortunately, it doesn’t offer capabilities other than just viewing the resources. It would have been nice to see the functions these files can perform when called by applications, or editing capabilities.
Since this is a newly developed program, we can expect to see some improvements over time. Otherwise, we can’t expect to see the popularity of the program grow.
DLL Player 2.1
Detect and inspect various DLL files in your system. Open and edit binary resources, view their content, and ensure the compatibility of specific items with the general settings of your computer. Preview the results and automatically adjust the number of bytes per line.
DLL Player is a software tool for exploring PE (Portable Executable) files (EXE, DLL).
With DLL Player, you can inspect all DLL files, edit as binary (hex) resources.
DLL Player is a simple tool for helping you view and edit DLL files on the go..
DLL Player is a great tool hex editor and also it’s free.
DLL Player can be used in Windows XP, Windows Vista and Windows 7. It is a fast download and does not take up much space.
Our software is specifically designed for users to quickly open a DLL/Exe file — it has a simple interface and the basic features allows users to just edit/view DLL files without any trouble.
PE Explorer 3.0
Explore, analyze and edit your executable files. The tool works with formats such as EXE, ActiveX, DLL, or SYS designed for 32-bit operating systems. It embeds several tools such as a Win32 Disassembler, a Dependency Scanner, a UPX Unpacker, a Visual Resource Editor, and a DLL Export Viewer.
PE Explorer is a tool for inspecting and editing the inner workings of Windows 32-bit executable files. It offers a look at the PE file structure and all of the resources in the file, and reports multiple details about a PE file (EXE, DLL, ActiveX controls, and several other Windows executable formats).
Hopper
Hopper Disassembler, the reverse engineering tool that lets you disassemble, decompile and debug your applications.
This disassembler is available for macOS and Linux.
- Hopper Disassembler for Mac requires macOS 10.13 or higher.
- Hopper Disassembler for Linux requires Ubuntu 18.04, Arch Linux, Fedora 25 or higher, and a 64 bits processor.
Cutter
Cutter is a free and open-source reverse engineering platform powered by rizin. It aims at being an advanced and customizable reverse engineering platform while keeping the user experience in mind. Cutter is created by reverse engineers for reverse engineers.
IDA Pro
The best-of-breed binary code analysis tool is an indispensable item in the toolbox of world-class software analysts, reverse engineers, malware analysts, and cybersecurity professionals.
IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable.
The debugging feature augmented IDA with the dynamic analysis. It supports multiple debugging targets and can handle remote applications. Its cross-platform debugging capability enables instant debugging, easy connection to both local and remote processes, and support for 64-bit systems and new connection possibilities.
Ghidra
Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra extension components and/or scripts using Java or Python.
In support of the NSA’s Cybersecurity mission, Ghidra was built to solve scaling and teaming problems on complex SRE efforts, and to provide a customizable and extensible SRE research platform. NSA has applied Ghidra SRE capabilities to a variety of problems that involve analyzing malicious code and generating deep insights for SRE analysts who seek a better understanding of potential vulnerabilities in networks and systems.
