Jump to content
  • Advertisement

Archived

This topic is now archived and is closed to further replies.

Khaos

Executable unprogramming

This topic is 5222 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Realistically, how easy is it for someone to decompile your .exe file into easily readable source code? - Also, are there any good, free decompilers around? And secondly, is it possible to access the source code for Windows? If it is loaded into memory, and you dump your memory and decompile it, is it possible to obtain the source somewhat? If so, or if not, please explain. Inform me of anything related to decompiling or the security of code inside the .exe file or in memory. Thanks. - On a side note: in memory, how can one tell the difference between data and instructions? Doesn''t it all look the same? How does this work? Thanks for any help.

Share this post


Link to post
Share on other sites
Advertisement
It's possible, but not practical. Decompiling Windows to readable source code would take...oh...a few hundred years with all the best assemblers?
quote:
- On a side note: in memory, how can one tell the difference between data and instructions? Doesn't it all look the same? How does this work?
One does not tell the difference. It's just the way it works.

[edited by - Raloth on February 6, 2004 11:42:45 PM]

Share this post


Link to post
Share on other sites
quote:
On a side note: in memory, how can one tell the difference between data and instructions? Doesn't it all look the same? How does this work?

No one knows the difference, not even the computer. It just assumes that when the instruction pointer moves to the next location in memory that the word (system sized binary data chunk; 32 bits on most machines?) contains executable instructions. If it's wrong, your computer could crash, nastily. I know. I did it in my assembler class. My computer froze hard, and started drawing vertical blue lines separated by a single pixel one pixel at a time going across the screen. Oh yeah, and it beeped some. I reached for the power switch. Never know if it's writing to the hard drive, so speed it essential in these situations. *Slaps self* Sorry, I lapsed into a programmer tale! Won't happen again.

[edited by - bob_the_third on February 6, 2004 11:56:44 PM]

Share this post


Link to post
Share on other sites
Though instructions and data look the same in memory, it''s *usually* the case that they are not mixed. When the executable is loaded into memory, the loader places the data segment in a seperate place from the text segment. The stack and heap also have base addresses that one can find without too much hassle.

That said, there''s nothing to stop the mixing of data and instructions as others have noted.

For windows executables, you can google PE (Portable Executable) Format for more information on how windows executables are stored on disk and loaded into an address space when a process is loaded.

Share this post


Link to post
Share on other sites
There are decompilers around, but they don''t do a very good job. The problem is the varied heuristics that today''s compilers use to optimize code; it''s very complicated to reverse engineer today''s binaries. Similarly, a decompiler knows nothing of the ''human'' intent of the program and it''s components, so decompilers give functions and variables ugly names that easily confuse we humans.

The best way to see what''s going on inside a binary is to disassemble it and look at the machine ops. A good assembly programmer can usually pick out what''s going on, particularly if he/she is familiar with the code-generation techniques of the compiler that generated the binary.

It is almost always possible to tell the difference between code and data in memory. Since today''s op-codes are complex, variable sized beasts, it''s very unlikely that a random stream of bits (data) would make sensible code. Thus, an experience assembly-level programer would generally be able to tell the difference. For example, can you tell the difference between written english and this: "luhasrulhaklask jasdlh asdjk".

Me too.

Share this post


Link to post
Share on other sites
Umm, a compiled program in memory is clearly divided, the first block is the data block, the next is instructions, and the last, i forgot what that was...

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
quote:
Original post by Khaos
Realistically, how easy is it for someone to decompile your .exe file into easily readable source code?

- Also, are there any good, free decompilers around?

And secondly, is it possible to access the source code for Windows? If it is loaded into memory, and you dump your memory and decompile it, is it possible to obtain the source somewhat? If so, or if not, please explain. Inform me of anything related to decompiling or the security of code inside the .exe file or in memory. Thanks.

- On a side note: in memory, how can one tell the difference between data and instructions? Doesn''t it all look the same? How does this work?

Thanks for any help.


Search Google for NASM it has a disassembler.

I am not sure how to word this, and the fact that it''s late doesn''t help so bear with me. The way data is stored with machine code is dictated by instruction. For example, some instructions require two arguments to work, the instruction and it''s argument would be stored in an order something like, instruction argument1 argument2. Let say you have the instruction "Mov" which requires two argument, a memory address, and a value to be place at that address. Let''s also say it''s represented by the byte 0x43. So if I assemble Mov [120], 8 (which would store 8 at the memory location 120) I would get
0x43 120 8, when the processor incounter the instruction 0x43 it know the following two bytes are the arguments for that instruction.

I hope that help some.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Good answers, everyone, you left out a small detail, though. A page loaded into memory must have the executable-attribute set, or the computer will refuse to execute whatever is there if you try calling it. Your program will crasch with a page-fault error.

Likewise, for you to be able to modify the code in the program with write-instructions, the page must have the writeable attribute set. It is on by default in windows for code-pages, but off in linux.

Share this post


Link to post
Share on other sites
Net code (Managed code) can be decompiled into the orginal version (c++ etc), java class-stuff can be decompiled, you also get all orginal comments (or my decompiler is just 1337 and knows what and how a programmer would comment), flash maybe, i only have a tool to look inside (see source, save stuff), but i cant reverseenginer it to a flash project. Most other apps can be decompiled into asm code and some few need some knowledge how to remove bad instructions (these will stop disassemblers)


but i will not name any of the products, its higly illegal to reverseenginer something that is not yours or when you are not allowed to reverseenginer (noone will allow you to reverseenginer his/''her'' game/app if you dont get the source for free [ except hackthis contest... ]).


T2k

Share this post


Link to post
Share on other sites
quote:

but i will not name any of the products, its higly illegal to reverseenginer something that is not yours or when you are not allowed to reverseenginer


I''m fairly sure it is legal, as long as you don''t modify and distribute it.
quote:

java class-stuff can be decompiled, you also get all orginal comments


I highly doubt that is possible. Did you write it yourself, or is it someone elses? I wouldn''t be surprised that the decompiler found the acually source code and gave you that instead of acually decompiling it.

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!