Jump to content

  • Log In with Google      Sign In   
  • Create Account

hex editors and c++


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
16 replies to this topic

#1 Malachi   Members   -  Reputation: 122

Like
Likes
Like

Posted 16 July 2001 - 07:47 AM

How can I use my hex editor(winhex)to show me the sourcecode for compiled C++ applications?

Sponsor:

#2 Xai   Crossbones+   -  Reputation: 1459

Like
Likes
Like

Posted 16 July 2001 - 08:15 AM

I don''t know what your trying to hack ... but the short answer is ... you can''t!

FIRST
a HEX EDITOR .. is exactly that ... it displays the contents of a file in HEX (hexidecimal) notation - and then it lets you edit those values and save the file again. There is absolutely NO connection between a hex editor and source code.

SECOND
a DISASSEMBLER can be used to convert a compiled file (com, exe, lib, obj, etc ...) into ASSEMBLY language ... ALL executable code can be viewed no matter what the creator wrote it in - but you CANNOT get back to the source code they used, not in C, not C++, not VB, not anything but assembly (some converter convert assembly to C .. but not the ORIGINAL C the author wrote) ... and even the assembly with be useless in general ... because the variable names, comments, stack organization, etc .. will be unknown to you ... it is NOT contained in the code.

THIRD
if YOU are the author of the code ... and compiling it ... then the closest thing to what you desire is to use a SOURCE LEVEL DEBUGGER ... which will usually be available with your compiler ... you compile in DEBUG MODE .. which means the executable code contains extra symbols and such which allow it to show you which lines of you C++ program you are at when you run it in debug mode ... you can execute each line or function and watch the effect on your variables and such.

people that crack things use either HEX EDITORS ... to replace data with different values which benifit them (beefed up stats in games or such) ... or DISSASEMBLERS to find the code they wish to circumvent and the change it ... but all of that require a level of talent and understanding BEYOND that of normal programming ... from your questions naivety I would guess you do not possess such expertise.

#3 Sleepwalker   Members   -  Reputation: 122

Like
Likes
Like

Posted 16 July 2001 - 08:51 AM

That question actually doesn''t make sense:
quote:

How can I use my hex editor(winhex)to show me the >sourcecode< for >compiled< C++ applications?



If it''s compiled it''s not sourcecode, and if it''s sourcecode it''s not compile. Think about it! And about what you are actually trying to get at....might be worth it.

Cheers
- Sleepwalker

Born to code! - or coded to be born? I still wonder...



#4 Malachi   Members   -  Reputation: 122

Like
Likes
Like

Posted 16 July 2001 - 12:32 PM

GGRR....What I am trying to achieve is getting back my sourcecode off my compiled exe. After my sourcecode was corrupted by a hard drive crash. Yeah I know you need disassemblers to get the code but I read somewhere on the interent people used hex editors to get sourcecodes out of exes aswell.

#5 Martee   Members   -  Reputation: 476

Like
Likes
Like

Posted 16 July 2001 - 01:11 PM

You might find this interesting.

Of course, decompilation is a sketchy process at best, and I wouldn''t exactly rely on it.

~~~~~~~~~~
Martee

#6 Kylotan   Moderators   -  Reputation: 3338

Like
Likes
Like

Posted 17 July 2001 - 01:13 AM

Sorry Malachi, as others have said, your compiled exe doesn''t contain source code. A disassembler can give you the assembly code (because assembly has a 1-to-1 relationship to machine code) but your actual code listings are gone forever. Martee''s link to a decompiler might help if you have a simple C program, but even in the best case, you''re not going to get your variable names, function names, or comments back.

If the analogy helps, trying to get source code from an executable is like trying to get a recipe by picking through your meal.

However, I will offer you some help which may or may not be of use: hit F9 in Winhex, and get the Disk Editor up. Pick your corrupted disk, which hopefully you have not done a lot with since then, and use the Find tool to search the entire disk for your variable names. If you''re lucky, you can pull the whole project off there. (As I did, once... 150 files from a dead hard disk... ouch.) If you''ve been writing to the disk though, some of it may have been overwritten. And note that some of your files may be fragmented. Good luck.

#7 Dean Harding   Members   -  Reputation: 546

Like
Likes
Like

Posted 17 July 2001 - 01:33 AM

This is also not in direct answer to your question, but if you''ve got a crashed hard drive, there are companies which will retrieve data from wrecked disks. For example, the people at www.datarecoverygroup.com specialize in this sort of thing (as well as recovering evidence for both civil and criminal courts!)

Mind you, it''s very expensive and may set you back upwards of $1000, you only pay if you get the data back though. If they get your data back, they send it to you on a CD, a new hard disk or your old hard disk (if they can repair it).

Just let this be a lesson to make regular backups


War Worlds - A 3D Real-Time Strategy game in development.

#8 Anonymous Poster_Anonymous Poster_*   Guests   -  Reputation:

Likes

Posted 18 July 2001 - 05:59 PM

I''m a normal programmer and I crack a protected library using MSVC''s dissassembler and hex editor... it really wasn''t all that hard either.

#9 Anonymous Poster_Anonymous Poster_*   Guests   -  Reputation:

Likes

Posted 18 July 2001 - 05:59 PM

I''m a normal programmer and I cracked a protected library using MSVC''s dissassembler and hex editor... it really wasn''t all that hard either.

#10 Anonymous Poster_Anonymous Poster_*   Guests   -  Reputation:

Likes

Posted 18 July 2001 - 05:59 PM

I''m a normal programmer and I cracked a static library using MSVC''s dissassembler and hex editor... it really wasn''t all that hard either.

#11 Dean Harding   Members   -  Reputation: 546

Like
Likes
Like

Posted 18 July 2001 - 06:38 PM

Well, aren''t you a genius?


War Worlds - A 3D Real-Time Strategy game in development.

#12 Beer Hunter   Members   -  Reputation: 712

Like
Likes
Like

Posted 18 July 2001 - 09:24 PM

If the functions were all small, and the library was compiled in debug mode, then it would be easy. What about a 3 page function compiled in release mode? That''s a fair challenge.

(But why would anyone use a hex editor to read plain text?)

#13 Malachi   Members   -  Reputation: 122

Like
Likes
Like

Posted 18 July 2001 - 11:48 PM

hey, Anonymous Poster where did you get the MSVC dissassembler from?

#14 Kylotan   Moderators   -  Reputation: 3338

Like
Likes
Like

Posted 19 July 2001 - 05:43 AM

MSVC comes with a built in disassembler. You just click on the disassembly window when debugging something.

#15 PaladinGLT   Members   -  Reputation: 122

Like
Likes
Like

Posted 19 July 2001 - 05:57 AM

Actually... you could get your sourcecode back. But you would have to write a program to convert assembly to C++ or whatever your using. So you''d disassemble it then convert it with your program. Only problem would be all your variables would be like a001, a002, etc. And it would be easier just to rewrite your sourcecode.

PaladinGLT

#16 Kylotan   Moderators   -  Reputation: 3338

Like
Likes
Like

Posted 20 July 2001 - 08:32 AM

Yeah, that is what a decompiler is. But you can''t get ''your'' source code back for several reasons. Partly because of lost identifier names as you said. Partly because all comments are stripped out. And partly because information is lost in the transition from high-level language to low level. If you compile something like this:

typedef long uint32;
uint32 x;


A decompiler will probably give you:

int x; 


Even worse when you start using the STL:

for (std::string::iterator si = myString.begin(); std::string::iterator si != myString.end(); ++si)
{ // do something }


will probably come back as:

for (char* x = &s[0]; x != s[10]; ++x)
{ // do something }


due to the way stuff gets optimised. (Note that the s[10] is also a simplification... that is likely to in fact be a few function calls or something to resolve that first.)

And any instantiations of templates would probably get returned as several different versions of the same sort of procedure.

Basically, a lot of the semantic info is gone forever.

This is partly why nobody''s managed to do a good decompiler yet... because it would have to fill in the blanks.

#17 Malachi   Members   -  Reputation: 122

Like
Likes
Like

Posted 22 July 2001 - 01:25 PM

Ok, thanks you guys. Guess I have to rewrite my code...oh well thats life.




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS