How can I see the source code of an executable compiled by Delphi or C++?
Please help me.
After Edit:
I have a program. When I start this program, it shows a dialog and asks for a password. This password is saved in source code. I want to take this password quickly and easily.
You can't.
An enormous amount of information is thrown away when the compiler reduces human readable text source code down to machine executable code. Local variables don't need names in machine code, for example, they're just register bits in the instruction opcode.
This is why debugging a compiled executable to step through the original source files line by line can only be done if you have the compiler debug symbols to go with the executable.
There are utilities that attempt to reverse engineer machine code into source code, but the result is less readable to humans than the original machine code, in my opinion. Machine generated function names, machine generated local variables and arguments, and many times the utility has to guess as to the exact data types of arguments and local vars. (is this arg a signed int or an unsigned int? Hard to tell when it's just a stack slot or machine register)
Compiling to an intermediate representation, as is done in Java and .NET, provides for much more reversibility because the types and symbol names of much of the original code are retained. Reflector, for example, can emit C# source code that is very close to the original human written source code.
You can't. The compiler takes the source code and turns it into machine instructions leaving 'no trace' of the original source code behind.
There are programs called de-compilers, but they just basically automate reverse-engineering, they can't actually access the original source code because that's long gone.
by using a disassembler or decompiler. You can't ever get the original source code back from a binary though. That information is lost.
How Can I See a Source Code of Executive File Compiled By Delphi or C++?
You can't, because source code does not exist in compiled Delphi/C++ program.
I Have a Program.When I Start This Program,Show a Dialog And Ask a Password.This Password Saved in Source Code.I Want take This Password Quickly And Easily.
Trying to crack something, huh?
It is quite possible that password is not saved in source code. Hash function can be used on a password to check if it is valid without storing password in a source code. Even if you find a hash, it won't be easy to get a password from it.
You can get an assembler listing from program using a disassembler (Ida Pro, OllyDBG, or similar tool). And you could debug your program even without source code, although you'll see pure assembly. AFAIK, "decompilers" exist, but I haven't ever used one of them, and doubt that they will be useful for C++/Delphi code (the one that compiles into native application).
There are a few simple techniques that would allow to hack program and bypass password check (if some conditions are met, program author wasn't into security, protection is easy, etc), but I'm not sure if this is allowed discussion topic on stackoverflow.
Anyway, if you're interested in reverse engineering for legal purposes, you could try a book called "Reversing: Secrets of Reverse Engineering".
When you say "executive" do you mean "executable"? If so, decompiling will only get you assembly. Some decompilers will try to turn the assembly into a more readable form, but there's no general way to get the source code from an exe unless you actually compile the source code into the file.
First off, the password is not saved in the source code. The compilation process is one-way only; the finished product isn't going to go altering its source. (Or its binary, for that matter, in most cases at least.) The password is most likely saved in a data file someplace. And if the program's author is at all competent, the password is hashed or encrypted in some way. Decompiling the program won't help you much.
Also, as InsertNickHere mentioned, we're not a hacking site here. We're honorable coders helping each other out with the complexities involved in building legitimate software. Please take your shady questions elsewhere.
Related
Is it possible to decompile C++ Builder exe?
Is C++ Builder safe programming tools or anyone can decompile it and see the code?
The short answer, yes, it can be decompiled, and it's not "safe". Anything ran on a computer can be disassembled and from that inspected by reading the disassembly. Decompiling would mean restoring even some of the original compiled source code - which indeed is possible, to some extent. After all, it is "just" about writing a program which can translate assembly to the desired language. If a human can do that, then a program can do that too, because it is only about applying known rules and logic to translate the program from different representation/language to another. However, it is not just that simple...
Lots of information (like source files, variable names, some unused code, comments etc.) gets lost in the compilation process. This is further worsened by compiler optimizations which usually make the resulting disassembly near unreadable in some cases. As such, the decompiled source code can only give mere clues about the implementation details and mainly just the logic, not the actual source code used to build the project.
Please note that this has near nothing to do with any form of "safety" or security of a program itself. Any program can be disassembled in a way or another, any logic behind a working program can be inspected and reverse-engineered. There can be no secrets inside a program, nothing can be hidden if it can be run.
It is often much easier to disassemble a piece of executable and work through its logic in assembly, than trying to rely on very vague and usually broken reconstruct in high-level language such as C which many such decompilers still produce. Sometimes though, tools can produce readable and very clear high-level representations by disassembling, but they are often the simple cases and short excerpts of code.
The bottom line is, that you don't need a decompiler to inspect, reverse-engineer and understand a target program. All one needs is the access to the executable, a disassembler and understanding of assembly language. There is no way to avoid this fact, and it is very rarely a real problem.
I have a compiled program which I want to know if a certain line exist in it. Is there a way, using my source code, I could determine that?
Tony commented on my message so I'll add some info:
I'm using the g++ compiler.
I'm compiling the code on Linux(Scientific)/Unix machine
I only use standard library (nothing downloaded from the web)
The desired line is either multiplication by a number (in a subfunction of a while group) or printing a line in a specific case (if statement)
I need this becouse I'm running several MD simulations and sometimes I find my self in a situation where I'm not sure of the conditions.
objdump is a utility that can be used as a disassembler to view executable in assembly form.
Use this command to disassemble a binary,
objdump -Dslx file
Important to note though that disassemblers make use of the symbolic debugging information present in object files(ELF), So that information should be present in your object files. Also, constants & comments in source code will not be a part of the disassembled output.
Summary
Use source code control and keep track of which source code revision the executable's built from... it should write that into the output so you can always cross-reference the two, checkout the same sources and rebuild the executable that gave you those results etc..
Discussion
The desired line is either multiplication by a number (in a subfunction of a while group) or printing a line in a specific case (if statement)
I need this becouse I'm running several MD simulations and sometimes I find my self in a situation where I'm not sure of the conditions.
For the very simplest case where you want all the MD simulations to be running the latest source, you can compare timestamps on the source files with the executable to see if you forgot to recompile, compare the process start time (e.g. as listed by ps) with the executable creation time.
Where you're deliberately deploying multiple versions of the program and only have the latest source, then it gets pretty tricky. A multiplication will typically only generate a single machine code instruction... unless you have some contextual insight you're unlikely to know which multiplication is significant (or if it's missing). The compiler may generate its own multiplications for e.g. array indexing, and may sometimes optimise multiplications into bit shifts (or nothing, as Ira comments), so it's not as simple as saying 'well, it's my only multiplication in function "X"'. If you're printing a specific line that may be easier to distinguish... if there's a unique string literal you can search for it in the executable (e.g. puts("Hello") -> strings program | grep Hello, though that may get other matches too, and the compiler's allowed to reuse string literal sequences so "Well Hello" might cater to your need via a pointer to 'H' too). If there's a new extern symbol involved you might see it in nm output etc..
All that said (woah)... you should do something altogether different really. Best is to use a source control system (e.g. svn, cvs...), and get it configured so you can do something to find out which revision of the codebase was used to create the executable - it should be a FAQ for any revision control system.
Failing that, you could, for example, do something to print out what multipliers or conditions the progarm was using when it starts running, capturing that in your logs. While hackish, macros allow you to "stringify" their parameters, so you can log and execute something without typing all the code twice. Lots of other options too.
Hope some of that helps....
I want to print the code of a function in a DLL.
I loaded the dll, I have the name of the desired function, what's next?
Thank you!
Realistically, next is getting the code. What you have in the DLL is object code -- binary code in the form ready for the processor to execute, not ready to be printed.
You can disassemble what's in the DLL. If you're comfortable working with assembly language, that may be useful, but it's definitely not the original source code (nor probably anything very close to it either). If you want to disassemble it, loading it in your program isn't (usually) a very good starting point. Try opening a VS command line and using dumpbin /disasm yourfile.dll. Be prepared for a lot of output unless the DLL in question is really tiny.
Your only option to retrieve hints about the actual implemented functionality of said function inside the DLL is to reverse engineer whatever the binary representation of assembly happens to be. What this means is that you pretty much have to use a disassembler(IDA Pro, or debugger, e.g. OllyDbg) to translate the opcodes to actual assembly mnemonics and then just work your way through it and try to understand the details of how it functions.
Note, that since it is compiled from C/C++ there is lots and lots of data lost in the process due to optimization and the nature of the process; the resulting assembly can(and probably will) seem cryptic and senseless, but it still does it's job the exact same way as the programmer programmed it in higher level language. It won't be easy. It will take time. You will need luck and nerves. But it IS doable. :)
Nothing. A DLL is compiled binary code; you can't get the source just by downloading it and knowing the name of the function.
If this was a .NET assembly, you might be able to get the source using reflection. However, you mentioned C++, so this is doubtful.
Check out this http://www.cprogramming.com/challenges/solutions/self_print.html and this Program that prints its own code? and this http://en.wikipedia.org/wiki/Quine_%28computing%29
I am not sure if it will do what you want, but i guess it may help you.
learned english as a second lang, sorry for the mistakes & awkwardness
I have given a peculiar project to work on. The company has lost the source code for the app, and I have to make changes to it. Now, reverse engineering the whole thing is impossible for one man, its just too huge, however patching individual functions would be feasible, since the changes are not that monumental.
So, one possible solution would be compiling C code and somehow -after rewriting addresses- patching it into the actual binary, ideally, replacing the code the CALL instruction jumps to, or inserting a JMP to my code.
Is there any way to accomplish this using MingW32? If it is, can you provide a simple example? I'm also interested in books which could help me accomplishing the task.
Thanks for your help
I use OllyDBG for this kind of things. It allows you to see the disassembly and debug it, you can place breakpoints etc, and you can also edit the binary. So, you could edit the PE header of that program adding a code section with your (compiled) code inside, then call it from the original program.
I can't give you any advice since I've never tried, although I thought about it many times. You know, lazyness.. :)
I would disassemble the program with a high-quality disassembler that produces something that can be assembled back into a runnable app, and then replace the parts you need to modify with C code.
Something like this will let you reverse the machine code into source. It won't be pretty but it does work.
http://www.hex-rays.com/idapro/
There are also tools for runtime patching http://www.dyninst.org/ for instance. They really aren't made for patching but they can do the trick.
And of course the last choice is to just use an assembler and write machine code :)
Is there anyway for a program to know if it has been modified since it was compiled and built?
I'd like to prevent the .exe from being modified after I build it.
You could use a private key to sign the EXE, and public key to check that signature. I haven't worked with the EXE file format in nearly 20 years, but as I recall there are spaces where you could store such a signature. Of course, the portion of the file that you're checking would have to exclude the signature itself.
However, if you're trying to do this to prevent cracking your EXE, you're out of luck: the cracker will simply patch out the code that validates the signature.
even if you know.. the person who knows you had such a prevent, will change computer time to your build time than modify this exe..
so it can not be a prevention..
Is it possible for a program to know if it has been modified since it was built?
Yes. A checksum of the rest of the program can be stored in an isolated resource string.
Is it possible for a program to know if it was maliciously modified since it was built?
No. The checksum, or even the function that executes and compares it, could be modified as well.
Are you talking about Tamper Aware and Self Healing Code?
The article demonstrates detecting
hardware faults or unauthorized
patches; back patching the executable
to embed the expected hash value of
the .text section; and demonstrates
the process of repairing the effects
of hostile code (for example, an
unauthorized binary patcher). The
ideas presented in the article work
equally well whether the executable
was patched on disk or in-memory.
However, the self repair occurs in
memory.
Most popular compilers have a switch to fill in the "Checksum" field of the PE header, or, you can leave it blank and supply your own custom vale. At any rate this is the 'standard' place to store such data.
Unfortunately there's no real way to stop someone tampering with a binary, because you'll have to put checks inside the exe itself to detect it, at which point they can be patched out.
One solution to this problem is to encrypt certain functions and use the checksum of some known data as the key (for example the checksum of another function). Then, when you leave the function you reencrypt it. Obviously you'll need to come up with your own prologue/epilogue code to handle this. This is not really suitable if your program is heavily multi-threaded, but if you're single-threaded or only lightly threaded (and can serizalize access to the functions and control all entry points) then this will 'raise the bar' if you will.
That is a step above most 'packers' which simply encrypt the .text/.data/.rdata/etc sections and decrypt it all at runtime. These are very easy to 'dump', as all you have to do is run the program, suspend all its threads, then dump the memory to a file. This attack works against Themida for example (one of the most aggressive packers). From there all you need to do is rebuild the IAT, fix up some relocs, etc.
Of course it's still possible for the attacker to use a debugger to dump out the unencrypted code and hence 'unpack' the exe, but obviously nothing is foolproof.