Author Topic: decompiling .exe file (Read 1459 times)

endless · « **on:** June 17, 2003, 10:55:44 AM »

is it possible to decompile a .exe file? let's say the .exe file was compile using visual basic. if so, what software to use?

idolkosimanoy · « **Reply #1 on:** June 17, 2003, 11:09:22 AM »

@endless:

Bro, tried it once using a decompiler I downloaded from the net. Pero yung code na lumabas, eh, parang code ng assembly. Am still looking, though.

arz · « **Reply #2 on:** June 17, 2003, 03:42:06 PM »

Yes, it is possible to decompile an exe file. Understanding what you just decompiled is another thing. You need to know Assembly language in order to make something out of it.

Decompiling an executable created by most High Level languages (HLL) like Pascal, Visual Basic, C/C++, is a big no-no, since some unnecesarry(?) libraries/routines/garbage are also included in the executable itself.

Sig · « **Reply #3 on:** June 17, 2003, 03:51:52 PM »

there exist a couple of VB decompiler, but no available for all.

Those tools are kept by their authors.

VB made executables in particular are relatively easier to decomp than static linked exes made by other compilers.

Sig · « **Reply #4 on:** June 17, 2003, 03:55:12 PM »

Arz.

somehow you got it wrong

VB cant do static linking, so it doesnt inlucde libraries/routines/garbage.

And I know personally that u can decomp vb progs with vb source being the output

idolkosimanoy · « **Reply #5 on:** June 17, 2003, 04:11:58 PM »

@sig:

bro, will this decompiler work if your vb files are converted into dll's? TIA!

arz · « **Reply #6 on:** June 18, 2003, 10:53:58 AM »

Sig:

I may have placed my words wrongly, but basically my idea was that VB executables are larger than its ASM counterpart. Upon experience, I can make a small window with buttons, text boxes, and winsock routines, in Win32 ASM (host-ip resolver proggy) and upon compilation it only takes around 8K in size. In VB it takes a whole lot more, and to me it is garbage. And if you check the binary with a hex editor, you will see some things that are oddly placed in it. Run a disassembler on that executable, and it will take you a while in trying to figure out what it does, if ever you succeed in doing so.

I have seen some VB decompiler (freeware/shareware) that claims that it can convert your executable to VB source code, but only if it was created using VB4. I don't know if it is real or not, since I haven't bothered using it.

idolkosimanoy · « **Reply #7 on:** June 18, 2003, 11:10:27 AM »

Quote

I have seen some VB decompiler (freeware/shareware) that claims that it can convert your executable to VB source code, but only if it was created using VB4. I don't know if it is real or not, since I haven't bothered using it.

@arz:

bro, I got those decompilers also, pero hindi ko nasubukan kasi nga for VB4 lang. All of our projects were made using VB6. I was able to use one decompiler, pero as I've stated before, eh, assembly code ang hitsura niya...

I was particularly interested in getting a decompiler because we want to protect some of our projects without resorting to PGP. I tried decompiling para malaman ko kung ilalabas nga niya yung VB code kapag dine-compile mo ang .exe.

endless · « **Reply #8 on:** June 18, 2003, 11:34:53 AM »

is there any particular site that you can download the vb decompiler for vb4?

idolkosimanoy · « **Reply #9 on:** June 18, 2003, 11:52:54 AM »

Quote

is there any particular site that you can download the vb decompiler for vb4?

bro, google is your friend... =)

http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=vb4+decompiler

arz · « **Reply #10 on:** June 18, 2003, 03:24:42 PM »

idolkosimanoy:

You need to obfuscate the compiled executable then. Then whoever will resort to decompile the executable will then be presented with the additional work of de-obfuscating your binary executable before running a dissasembler on it.

Common methods of obfuscation is packing the executable (UPX http://www.sourceforge.net/projects/upx), inclusion of anti-debugger/disassembler/run-time encyption-decryption routines (I know of some techniques but only in ASM), or to make your life easier look for softwares which does this.

http://snow.prohosting.com/~clone99/tzweb/files.html

Hmm... Protect your projects? Please elaborate.

PGP? I wonder how you will be able to use PGP.

idolkosimanoy · « **Reply #11 on:** June 18, 2003, 03:39:38 PM »

Quote

Hmm... Protect your projects? Please elaborate.

PGP? I wonder how you will be able to use PGP.

ganito kasi yun bro, we were developing softwares before. kaso gusto nung client na i-provide pa rin namin yung source kahit hindi naman kasama sa contract na ibibigay namin yung source sa kanila although me provision sa contract na pwede sila mag-additional ng bayad para makuha nila ang source. ngayon, yung isang director namin, hinigi yung cd back-up namin. we later found out na inadvice nya pala dun sa client na ganun ang set-up nila, hihingiin niya ang cd- back-up then ipapa-analyze na lang sa programmer nila. kaya, hayun, we tried first the compiled version, then convert it to dlls. we were thinking sana to use PGP kaso hindi siya mara-run kapag in-encrypt lang...

btw, thanks for the links. will check them out.

Sig · « **Reply #12 on:** June 18, 2003, 03:44:35 PM »

Idolkosimanoy.

Its been a while since I used VB, and It didnt occur to me that those decompilers are capable of Decomp Dll.

Whether Com dlls or not, I cant recall, if ever its possible.

idolkosimanoy · « **Reply #13 on:** June 18, 2003, 04:03:28 PM »

@sig,

thanks, bro! will still try to research...

endless · « **Reply #14 on:** June 18, 2003, 04:26:05 PM »

i tried downloading a vb4 decompiler and i believe i got the shareware.

anyway, i have an .exe file here and i believe that it was coded using VB but not sure of the version. i tried decompiling the .exe and an error came out...."assertion failed..aborting" sa title bar tapos "known VB version" sa main window. when i click OK ito naman ang lalabas..."Stop statement ecountered"

i then tried it on a VB6 .exe and this came out..."not a recognize VB program" then "assertion failed..aborting" sa title bar tapos "known VB version" sa main window. when i click OK ito naman ang lalabas..."Stop statement ecountered.

anyone knows what these means? does it mean that it's not VB4 in the first one? or was it just protected against decompilers?

arz · « **Reply #15 on:** June 18, 2003, 05:16:46 PM »

idolkosimanoy:

If you want to protect your source code against prying eyes, even though you make it available publicly here's what I used to do (*evil grin*):

code a script (perl, vbs, etc) that will rename all your variables/constants/procedure names to something obscure.

From:

Sub Proc()

'DoWhatEver

End Sub

Sub Main()

var1 = ""

const = 5050

Proc()

End

End Sub

To:

Sub p00001()

'DoWhatver

End Sub

Sub Main()

v00001 = ""

c00001 = 5050

p00001()

End

End Sub

Or you could use the Search & Replace function in Visual Studio's IDE.

Better check if it compiles well afterwards.

Make sure you keep the original source code to yourselves just in case you needed it. If your clueless bosses/client ask you for the source then give them the obfuscated copy. If they doub't if it is the real thing, then compile and run it in front of them.

That will give anyone, including your client's programmers a hard time tying to figure out what that piece of code is trying to do even if they have your source code.

Get the point???

*ngising demonyito*

idolkosimanoy · « **Reply #16 on:** June 18, 2003, 05:29:22 PM »

@arz:

uy, ok yan bro! maraming salamat!

dean · « **Reply #17 on:** November 12, 2019, 11:37:44 AM »

whoa! thanks for sharing!