Thread: Decomplieing EXE ???

Hi

Can any one plz Help me out. My friend was working on a project at school. He finished all he programing in C++ but after he complie the program into EXE the C++ file (His program ) got corrupted. He was very angry as he told me it not possible but it happen to him anyway. I know he been workin very hard so i wanted to help him. As my other friend told me, he can use a Decomplier to decomplie EXE back into C++ lang. So can anyone give me a link to a program that can decompile EXE back to C++.

I know nothing about C++ as i have just started lol but my friend do and he don't know about decompliing.

Thanks in Advance for all those that read and helped me. Thanks

There are several good Disassemblers, which take an executable, then turn it into Assembly Language(A very low level programming language), you can then turn the Assembly language into C++. But this is a whole lot of trouble (Assembler's hard ).

You can not decompile a C++ executable and get C++ code back(unless you have some sort of ASM to C++ converter).

http://members.home.net/w32dasm/

thats the best disassembler on the market. I have disassembled alot of things and taken the ASM out and used it in my own programs. In C++ there is a _asm scope. this method is used to make KeyGens and what not.

I have also just taken other peoples DLLs, disassembled them and rewrote them in C++, so i have thier DLLs functionality.

i love reverse engineering.

here is an example, this is something where i was just testing a function that was in a DLL to see if i nailed it right:

Code:

#include <windows.h>

char poo[1000];
void* glob = &poo[0];

void main(){
	//glob = malloc(500);

	_asm{
		mov		eax, glob
		mov		word ptr [eax + 0x00000180], 0x0000 //holds version
		mov		ecx, glob
		mov		dword ptr [ecx + 0x0000016C], 0x00000000 // tracking options
		mov		edx, glob
		mov		dword ptr [edx + 0x00000170], 0x00000000
		mov		eax, glob
		mov		dword ptr [eax + 0x00000174], 0x00000000
		mov		ecx, glob
		mov		dword ptr [ecx + 0x00000178], 0x00000000
		mov		edx, glob
		mov		dword ptr [edx + 0x0000017C], 0xFFFFFFFF //data block options
	}

	int temp = 0x0;

	_asm{ // set all the enablespys to false
		jmp		DIANE
ADDONE:
		mov		eax, temp
		add		eax, 0x00000001
		mov		temp, eax
DIANE:
		cmp		temp, 0x00000054
		jge		ANDY
		mov		ecx, temp
		mov		edx, glob
		mov		dword ptr [edx + 0x04 * ecx + 0x1C], 0x00000000
		jmp		ADDONE
	}

ANDY:
	//free(glob);
    return;
	

}

Well that mean it impossible to change Exe Back to C++
ASM is too hard for me to learn and I hate Maths lol

I always thought if you convert one things to another it is possible to change back. But after looking at what you guys say it seems too hard to change back.

well thanks anyway that alots of info you guys have given me

thanks you^^

Decompilers are illegal, unless you are using it to debug you own program (thats why MSVC++ has one). As to why you can't decompile back to C++, when you take your C++ source, you dont turn that into an exe. First, the compiler turns your source into a binary .obj file. Before that, your code turns into ASM. Then, each ASM instruction is encoded in a binary form (the .obj). Then, its the Linker's job to turn that .obj file into an exe, by linking all of the .obj files in your project, with any libraries your program requires, and puts in the exe header file (so you can run it). So, when you have an EXE, all you have is a string of binary encoded ASM instructions, NOT C++.

ASM is not hard. Learning it is about as hard as learning C++ for the first time. Its just another language (and one that is quite useful).

Z.

Does Borland C++ Builder has the same sort of thing?
I got it a few days ago. It's a big thing and I'm not used to it still.

Decompilers/Disassemblers are now illegal under the Digital Millenium Copyright Act.....

I just wanted to reply to Vlatko's question way up there.

If you write a horrible C++ program, and copile it into Assembly, it's going to run slow. If you Decompiled that slow exe into assembly, all you are left with is sloppy ASM code. The reason ASM is fast is because the people who use it know how to write good ASM code. For example, there is no memory to memory "mov" operation. So, you could move the data in variable x into y like this:

Code:

mov eax, y
mov x, eax

or, like this:

Code:

push y
pop x

The second uses less memory space (and i believe is faster). SO, to answer your question, if the exe is slow to begin with, decompiling it and recompiling the ASM code will not speed it up (it wont for ANY exe).

Z.

Somehow I doubt that they're illegal. If I compile a program, and I want to see what the compiler has created, am I not allowed to look at my own work? (Somehow I doubt someone else has copyrighted the exact same code that I would've just written.)

Besides, isn't the DMCA mainly for the US? (I'm not sure how far the laws have extended into international territories.)

Destined.

YOur code is copyrighted by you. You can use a dissassembler (eg, MSVC++'s), but using it on anyone elses program is very much illegal.

Z.