Reversing

New to FreeBASIC? Post your questions here.
TurtleProgrammer
Posts: 37
Joined: Jan 26, 2017 7:54

Reversing

Postby TurtleProgrammer » Nov 16, 2017 16:35

I've been looking around the net to answers about this but still don't understand so I thought I would ask on here.

If I wrote a program like:

#include "pepper.bi"

print "salt and pepper have a concentration of ", 1324 ' This is made up code and is probably full of errors but it's just an example.

Then I compile the program to an EXE that looks something like:

4A 5C 3A FF 00 00 FA 3C

(I only put in the first few hexadecimals to save time.)

Then I lost the original .BAS file and wanted to take the above code and convert to the original .BAS code could I do and and if so how?
Munair
Posts: 834
Joined: Oct 19, 2017 15:00
Location: 't Zand, NL
Contact:

Re: Reversing

Postby Munair » Nov 16, 2017 17:04

You would probably be better of rewriting the source file.
TurtleProgrammer
Posts: 37
Joined: Jan 26, 2017 7:54

Re: Reversing

Postby TurtleProgrammer » Nov 16, 2017 18:46

I'll try to explain my question better. I want to take the hexadecimal file and decrypt it somehow to see what the original program code was/is.
Munair
Posts: 834
Joined: Oct 19, 2017 15:00
Location: 't Zand, NL
Contact:

Re: Reversing

Postby Munair » Nov 16, 2017 20:17

TurtleProgrammer wrote:I'll try to explain my question better. I want to take the hexadecimal file and decrypt it somehow to see what the original program code was/is.

There's probably a lot on the internet about reverse engineering. If you want your binary file to be reversed to FreeBasic code, think again. You will need to enter the world of opcodes and assembler. Perhaps some assembler nerts here on the forum can give you more hints.

ADVICE: always have a backup of your files, and preferably source code printed on paper. ;)
integer
Posts: 378
Joined: Feb 01, 2007 16:54
Location: usa

Re: Reversing

Postby integer » Nov 16, 2017 23:09

[quote="TurtleProgrammer"]I've been looking around the net to answers about this but still don't understand so I thought I would ask on here.
If I wrote a program like:
...[\quote]
One of the major difficulties: you lose ALL variable names. What you then have is address1, address2, address3, etc.
It is not difficult to find out which BASIC keyword was used, however, you will need a bit of detective work to guess what the address contained.
Oh the other side, If you did NOT write the program, the learning curve is much steeper.

I do not want to discourage you. You should write a small program (20 to 40 lines of code) that calls a function, and a subroutine.
You need to have about a dozen variable names. Compile to exe .
That is when the fun begins.

e.g.
a=2 : b=2 : c = a+b

when compiled and restored:

addr1 = 2
addr2 = 2
addr3 = addr1 + addr2

Any way, proceed to have some diversion
sancho3
Posts: 358
Joined: Sep 30, 2017 3:22

Re: Reversing

Postby sancho3 » Nov 17, 2017 2:17

@integer:
Isn't it true that as soon as the code accesses a device, it jumps from simple to extremely complicated? So even a print command.
jj2007
Posts: 1210
Joined: Oct 23, 2016 15:28
Location: Roma, Italia
Contact:

Re: Reversing

Postby jj2007 » Nov 18, 2017 2:40

Munair wrote:You would probably be better of rewriting the source file.


Exactly. Of course, you can load the executable into a debugger like OllyDbg, but you would typically see something like this:

Code: Select all

Address         Hex dump              Command                     Comments
00406AF3        ³.  53                push ebx
00406AF4        ³.  83EC 2C           sub esp, 2C
00406AF7        ³.  A1 38904000       mov eax, [409038]
00406AFC        ³.  C74424 10 0000000 mov dword ptr [esp+10], 0
00406B04        ³.  C74424 14 0000000 mov dword ptr [esp+14], 0
00406B0C        ³.  3D 4EE640BB       cmp eax, BB40E64E
00406B11        ³. 74 0F             je short 00406B22
00406B13        ³.  F7D0              not eax
00406B15        ³.  A3 3C904000       mov [40903C], eax
00406B1A        ³.  83C4 2C           add esp, 2C
00406B1D        ³.  5B                pop ebx

This is an excerpt from the disassembly of a tiny little FreeBasic program, about 44k. There are over 8,000 lines like this. I am a very experienced user of this debugger, and if I have the *.bas source side by side, I can try to decipher what the code is doing. Without the source, I will be completely lost, unless I invest some weeks studying what the proggie does. Does that sound encouraging? In short: Rewrite the program. Version 2 will be much better than the old one ;-)
St_W
Posts: 1468
Joined: Feb 11, 2009 14:24
Location: Austria
Contact:

Re: Reversing

Postby St_W » Nov 18, 2017 3:46

In short: no, you cannot convert an Exe back to a Bas file. What you can do is to study the Exe (e.g. using ollydbg or IDA) and rewrite a bas doing the same things using that information. Anyway, that won't match the original bas most certainly.
Munair
Posts: 834
Joined: Oct 19, 2017 15:00
Location: 't Zand, NL
Contact:

Re: Reversing

Postby Munair » Nov 18, 2017 7:56

It may sound crazy to some, but I still have a lot of source code of my QuickBASIC programs from the 90s ON PAPER. My wife complained about the boxes several times: "Isn't it time to through that old stuff away?" NO. 1. It was a LOT of work writing that code and 2. they still provde good examples of how certain things were done. Even though for 16bit DOS, most code could still be applied today.

While harddisks break in time, paper won't if you store it properly. :-) :-) :-)
TurtleProgrammer
Posts: 37
Joined: Jan 26, 2017 7:54

Re: Reversing

Postby TurtleProgrammer » Nov 18, 2017 13:25

How about this. Can, and if so, how can I write a HEX Editor of my own?
grindstone
Posts: 640
Joined: May 05, 2015 5:35
Location: Germany

Re: Reversing

Postby grindstone » Nov 18, 2017 14:04

TurtleProgrammer wrote:Can, and if so, how can I write a HEX Editor of my own?
i don't know if you can do it, but it's surely possible. :-)
Munair
Posts: 834
Joined: Oct 19, 2017 15:00
Location: 't Zand, NL
Contact:

Re: Reversing

Postby Munair » Nov 18, 2017 14:10

TurtleProgrammer wrote:How about this. Can, and if so, how can I write a HEX Editor of my own?

I wouldn't even bother trying. There are plenty of HEX editors out there. Writing your own wouldn't give you anything of greater benefit. But if you would like to try out of fun, start with studying the hexadecimal system. There's plenty of documentation on the internet. ;)
MrSwiss
Posts: 3190
Joined: Jun 02, 2013 9:27
Location: Switzerland

Re: Reversing

Postby MrSwiss » Nov 18, 2017 14:32

Have a look at: HxD, the one I'm using, to figure out requirements ...
You'll probably have to use a "fixed" font, to get there.
D.J.Peters
Posts: 7780
Joined: May 28, 2005 3:28

Re: Reversing

Postby D.J.Peters » Nov 18, 2017 18:27

As an advaced programmer you can translate some sub assembler listing (the result of disassembler)
back to BASIC (it's helful if you wrote the BASIC code self) but a complete program is a nightmare and no fun.

here are an example how it looks if you translate a sub from ASM listing back to BASIC:

Code: Select all

sub CalcIt(byval pDes as ubyte ptr, _
           byval pSrc as ubyte ptr, _
           byval size  as long)

    'mov edi,[pDes]
    dim as ubyte ptr pedi=pDes
    'mov esi,[pSrc]
    dim as ubyte ptr pesi=pSrc
    'mov ebx,[size]
    dim as integer iebx=size
    'mov eax,ebx
    dim as integer ieax=iebx
    'mul ebx
    ieax*=iebx
    'mov ecx,eax
    dim as integer iecx=ieax
    'sub ecx,ebx
    iecx-=iebx
    'sub ecx,ebx
    iecx-=iebx
    'dec ecx
    iecx-=1
    'xor edx,edx
    dim as integer iedx
    'sub edx,ebx
    iedx-=iebx
    'add edi,ebx
    pedi+=iebx
    'add esi,ebx
    pesi+=iebx
    'push ebp
    dim as ushort ax16,bp16
    'loopit:
    while iecx
      'movzx ax,byte ptr [esi-1]
      ax16=pesi[-1]
      'movzx bp,byte ptr [esi+1]
      bp16=pesi[ 1]
      'add ax,bp
      ax16+=bp16
      'movzx bp,byte ptr [esi+edx]
      bp16=pesi[iedx]
      'add ax,bp
      ax16+=bp16
      'movzx bp,byte ptr [esi+ebx]
      bp16=pesi[iebx]
      'add ax,bp
      ax16+=bp16
      'shr ax,1
      ax16 shr=1
      'movzx bp,byte ptr [edi]
      bp16=pedi[0]
      'sub ax,bp
      ax16-=bp16
      'and ah,&HFF
      if ax16 and &HFF00 then
        *pedi=0
      else
        *pedi=ax16 and &HFF
      end if
      'jz saveit
      'xor al,al
      'saveit:
      'mov [edi],al
      'inc esi
      pesi+=1
      'inc edi
      pedi+=1
      'dec ecx
      'jnz loopit
      iecx-=1
    wend
    'pop ebp
end sub

Return to “Beginners”

Who is online

Users browsing this forum: No registered users and 6 guests