hi dudes, i'm beginning to unpack/pack compil exe files using C++ programming code, and i hope someone could help me !!!
Indeed, i would like to know how to unpack/decompile a C++ exe file !!!!
When a use an Hex editor program i got only ASCII characters....
Thanx a lot
twistedps
May 19 2004, 05:31 PM
id suggest grabbing a dissassembler like ida pro. [havent ever used it but ive heard a LOT of goog things about it], as far as translating into c++, its not just gonna convert to that from opening it up. With a program like ida pro that dissassembles the exe, its gonna give you the asm output for it, and from there you have to translate the asm -> c++, which isnt easy... i know for sure i cant do it lol.
but hey man, if your willing to readup hardcore on asm and stuff i say give it a try, no harm in trying.
best of luck!
shii
May 19 2004, 06:09 PM
ok twistedps
i'll try to grab and test your ida pro utilitie if u telle it's hard enough to translate the ASM, damn i won't be able to do it but i'll have a look anyway
thanx a lot man
kevin007
May 19 2004, 06:33 PM
QUOTE (shii @ May 19 2004, 05:16 PM)
Indeed, i would like to know how to unpack/decompile a C++ exe file !!!!
I don't know if you're aware(I suspect from the nature of your post not), but, unlike say Java you can't just decompile a C++ file, the executable isnt a simple step away from getting the source code due to the nature of the compilation process (unless its been compiled in debug mode? Not sure on that).
I'm not an expert by any means, however I believe that decompiling a C++ source is not as easy as you might believe, its not like you can grab a windows .exe file and decompile it, thats why so many vulnerabilities are still hidden away in there . Instead its pretty much a one way process as the C++ compiler just creates machine code for the machine that its compiled on (for example a windows based i386 box)
DaClueless
May 19 2004, 07:19 PM
The best way to take a part a C++ exe file is use a low-level debugger like soft-ice. And step through it.
JDog45
May 19 2004, 07:21 PM
Unpacking/Dissasembling are two completely different things.
Unpacking refers to when a .exe is packed with a packer to protect the .exe from being dissasembled. Usually the packers also compress the .exe down on size as well.
If you're dissasembling something you'll be looking right at the code of the .exe. IDAPro will work, or WinDASM32 or even Olly (my favorite). Although Olly is a debugger more than a dissembler.
F34R
May 19 2004, 08:11 PM
great info guys... I've been wondering how to decompile .exe's as well for various reasons... good to know... appreciate it... peace.
shii
May 19 2004, 09:20 PM
ok JDog45 i might have been more specific about my question
actually i'd like to be able to dissaembling the exe in order to be able to read the ASCII characters which means nothing for me......
anyaway i'm gonna try all those tools
thanx dudes
JDog45
May 19 2004, 09:51 PM
QUOTE (shii @ May 19 2004, 09:20 PM)
ok JDog45 i might have been more specific about my question
actually i'd like to be able to dissaembling the exe in order to be able to read the ASCII characters which means nothing for me......
anyaway i'm gonna try all those tools
thanx dudes
If you want to Dead List an .exe use WinDASM 32. If you want to debug it, use Olly (my prefernce) or SoftICE.
archphase
May 20 2004, 02:52 AM
RE C++ is a bitch, each compiler has its own specified, bout only unified thing is ECX holds this pointer.
My suggestion, buy Kris Kasperskys book, he teaches you how to use IDA like a Pro. He also has like 150-200 pages on just disassembling C++ from recognizing constructers, etc.
pr0t0type
May 20 2004, 10:51 AM
QUOTE (archphase @ May 20 2004, 02:52 AM)
RE C++ is a bitch, each compiler has its own specified, bout only unified thing is ECX holds this pointer.
My suggestion, buy Kris Kasperskys book, he teaches you how to use IDA like a Pro. He also has like 150-200 pages on just disassembling C++ from recognizing constructers, etc.
I can recommend that book too, complex but worth the effort. Hacker dissasembling uncovered it's called.
FTPServerTools
May 20 2004, 02:21 PM
Apart from the book you can find a nice program called rec which you can find easily with google (rec decompiler) it has a complete source code and can handle itself reasonably well. The sourcecode is free as well, it has all kinds of import files that can translate code back to printf and kernel routines etc.. The code is not optimized once it comes out of the decompiler but it is fairly easy to read.
belgther
Jul 8 2005, 03:18 AM
Unpacking is generally so: 1)Find a way to get to OEP as fast as you can. 2)Dump your EXE/DLL at OEP. 3)Fix the import table. 4)Fix OEP and other necessary things, and everything is fine...
I'd suggest you starting with UPX. And use olly as a debugger. Some compilers really have problem with system-level debuggers, which are hard to handle by a newbie(I also have problem with them). And if you unpack a proggy with a system-level debugger, it will be harder to decide whether your imports are all right or not. You dump a file, but don't fix the imports, but the file works perfect on your computer, then send it to a friend, and he/she gets an error on the EXE. That's why I prefer olly for unpacking purposes.
Zbewl
Jul 8 2005, 01:04 PM
Try to import the exe files and dll if joined with visual studio, but firstly u have to mlake a new project in C++ windows application. good luck, the file can have been crypted.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
. Instead its pretty much a one way process as the C++ compiler just creates machine code for the machine that its compiled on (for example a windows based i386 box)
