15 replies to this topic

[shii]

hi dudes, i'm beginning to unpack/pack compil exe files using C++ programming code, and i hope someone could help me !!!

Indeed, i would like to know how to unpack/decompile a C++ exe file !!!!

When a use an Hex editor program i got only ASCII characters....

Thanx a lot

[twistedps]

id suggest grabbing a dissassembler like ida pro. [havent ever used it but ive heard a LOT of goog things about it], as far as translating into c++, its not just gonna convert to that from opening it up. With a program like ida pro that dissassembles the exe, its gonna give you the asm output for it, and from there you have to translate the asm -> c++, which isnt easy... i know for sure i cant do it lol.

but hey man, if your willing to readup hardcore on asm and stuff i say give it a try, no harm in trying.

best of luck!

[shii]

ok twistedps

i'll try to grab and test your ida pro utilitie if u telle it's hard enough to translate the ASM, damn i won't be able to do it but i'll have a look anyway

thanx a lot man

[kevin007]

Indeed, i would like to know how to unpack/decompile a C++ exe file !!!!

I don't know if you're aware(I suspect from the nature of your post not), but, unlike say Java you can't just decompile a C++ file, the executable isnt a simple step away from getting the source code due to the nature of the compilation process (unless its been compiled in debug mode? Not sure on that).

I'm not an expert by any means, however I believe that decompiling a C++ source is not as easy as you might believe, its not like you can grab a windows .exe file and decompile it, thats why so many vulnerabilities are still hidden away in there . Instead its pretty much a one way process as the C++ compiler just creates machine code for the machine that its compiled on (for example a windows based i386 box)

[DaClueless]

The best way to take a part a C++ exe file is use a low-level debugger like soft-ice. And step through it.

[JDog45]

Unpacking/Dissasembling are two completely different things.

Unpacking refers to when a .exe is packed with a packer to protect the .exe from being dissasembled. Usually the packers also compress the .exe down on size as well.

If you're dissasembling something you'll be looking right at the code of the .exe. IDAPro will work, or WinDASM32 or even Olly (my favorite). Although Olly is a debugger more than a dissembler.

[shii]

ok JDog45 i might have been more specific about my question

actually i'd like to be able to dissaembling the exe in order to be able to read the ASCII characters which means nothing for me......

anyaway i'm gonna try all those tools

thanx dudes

[JDog45]

ok JDog45 i might have been more specific about my question

actually i'd like to be able to dissaembling the exe in order to be able to read the ASCII characters which means nothing for me......

anyaway i'm gonna try all those tools

thanx dudes

If you want to Dead List an .exe use WinDASM 32. If you want to debug it, use Olly (my prefernce) or SoftICE.

[pr0t0type]

RE C++ is a bitch, each compiler has its own specified, bout only unified thing is ECX holds this pointer.

My suggestion, buy Kris Kasperskys book, he teaches you how to use IDA like a Pro. He also has like 150-200 pages on just disassembling C++ from recognizing constructers, etc.

I can recommend that book too, complex but worth the effort. Hacker dissasembling uncovered it's called.

[FTPServerTools]

Apart from the book you can find a nice program called rec which you can find easily with google (rec decompiler) it has a complete source code and can handle itself reasonably well. The sourcecode is free as well, it has all kinds of import files that can translate code back to printf and kernel routines etc.. The code is not optimized once it comes out of the decompiler but it is fairly easy to read.

[belgther]

Unpacking is generally so:
1)Find a way to get to OEP as fast as you can.
2)Dump your EXE/DLL at OEP.
3)Fix the import table.
4)Fix OEP and other necessary things, and everything is fine...

I'd suggest you starting with UPX. And use olly as a debugger. Some compilers really have problem with system-level debuggers, which are hard to handle by a newbie(I also have problem with them). And if you unpack a proggy with a system-level debugger, it will be harder to decide whether your imports are all right or not. You dump a file, but don't fix the imports, but the file works perfect on your computer, then send it to a friend, and he/she gets an error on the EXE. That's why I prefer olly for unpacking purposes.

[Zbewl]

Try to import the exe files and dll if joined with visual studio, but firstly u have to mlake a new project in C++ windows application.
good luck, the file can have been crypted.

[320X]

unpack a c++ file ? lol, or dissasemble it...
you can try this debuggers
win dasm32
ida pro
softice
ollydbg
and don´t forget gdb