Reverse compile?

Pena · 02-01-2006, 10:58 AM

Hei..
This may "X" question..but..okey.
Howto reverce compile virus.Like this (picture.txt.pif)Winvirus.
I use slacky 10.2
I try rec Decompiler..ain't work.
I only want to see source.

I hope sombody know and understand my spesial english

TV:PP

xhi · 02-01-2006, 11:21 AM

generally there is no way to decompile a binary file.. the compiler makes so many changes that to get it back to the highlevel source code impossible to do with accuracy..

there are disassemblers where you can break an executable down into assembly.. this is the most common way to do what you are requesting..

depending on what lang the binary was written in there can be some exceptions.. i believe there is a relatively good VB disassembler that can generate source.. but i am not familiar with them other than in just a quick read a long time ago..

btw there is no decompiling,, only thing that can be done is to disassemble and then generate highlevel code from the assembly..

Penguin of Wonder · 02-01-2006, 04:33 PM

This is a touchy topic. I guess no one will complain when "decompiling" viruses, but to do this to copyrighted software, i.e. anything made by Microsoft is very illegal. I don't know how to do it and where to get software to do it with, but I thought I should bring that up.

dinojerm · 02-01-2006, 08:25 PM

To add on to what xhi said: generally, you can disassemble an executable pretty easily using the "objdump -d" command. The output from this, however, will be essentially useless to you if you don't know assembly.
Depending on what type of file it is, it may be helpful to view the literal strings stored in the file; the "strings" program can do this. You can also try to view the whole file as text (using a program like "less") or with a hex dumper ("hexdump" or "hd").
These latter techniques might be most helpful for understanding a pif file; you can refer to a documentation about the format at http://http://www.smsoft.ru/en/pifdoc.htm

peter_89 · 02-01-2006, 08:33 PM

There's no "decompile." Like others have said, there are disassemblers, but only the most experienced of software engineers can really use them, and a lot of the programs used for doing this are rather... "fringe," in other words, they are developed by a few lone hackers, there's rarely any large support for them given the legal issues.
By the way, hex editors are completely useless to most of the computer using world, unless you know how to read machine language.

Pena · 02-02-2006, 05:46 AM

Very Thanks..
Now I must looking some other way.
Let's see howmany years this get.

Now things seem more cleary.

when it's hard you rememrber it better.

TV:PP

Hko · 02-02-2006, 05:52 AM

Quote:

Originally Posted by Penguin of Wonder

but to do this to copyrighted software, i.e. anything made by Microsoft is very illegal.

That depends very much what country you live in. E.g. in my country it is allowed, no matter what some license/EULA states about it. And rightly so IMO.

Penguin of Wonder · 02-02-2006, 07:42 AM

Quote:

Originally Posted by Hko

it is allowed

There aren't any international laws that would cover you, even if you are on the other side of the Alantic?

Pena · 02-02-2006, 11:49 AM

He
hee!
bill's bills.
In finland we have new law...If you write to here and ask..how to decoding something..you are griminal and you can get 1year in prison.
If you have decoding printed on you t-shirt it's griminal.
Today kids with mp3 player are griminal...Funny

Anyway I want to see that virus.Maybe I put winblows in my laptop and see what happend.
No Bill's.I try it with slacky..
And again you are wonderful!
Hups this ain't chat.Sorry

Hko · 02-02-2006, 05:58 PM

Quote:

Originally Posted by Penguin of Wonder

There aren't any international laws that would cover you

I heard "free speech" is sort of an international law. But that apparently doesn't cover "free reading" when it comes to reading code that runs on our computers. :-(

varrojo · 02-02-2006, 05:59 PM

Micro$oft EULA's usually says that the software product is covered by the US legal restictions, so when you agree to the EULA you are giving up your country's right to disassemble and/or reverse engineer ms stuff.

Read your EULA's people.

KimVette · 02-02-2006, 05:59 PM

Quote:

Originally Posted by Penguin of Wonder

This is a touchy topic. I guess no one will complain when "decompiling" viruses, but to do this to copyrighted software, i.e. anything made by Microsoft is very illegal.

Actually, disassemblers are very legal.

Hko · 02-02-2006, 06:03 PM

Quote:

Originally Posted by KimVette

Actually, disassemblers are very legal.

Yes. But I think "disassembling" isn't always legal. (I'm not a lawyer though.)

mlaich · 02-02-2006, 06:34 PM

hi all,
just a curious question from novice viewpoint. as

Quote:

there are disassemblers where you
can break an executable down into assembly..
this is the most common way to do what you are requesting..

Suppose I have a C file compiled on RH9. The a.out file shows all the information about on which OS the file was compiled using which compiler...
i tested it with vi editor and "vi a.out" shows (just the part of it, it was actually in single line, but I am breaking it into many lines):

Code:

GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.)^@^@GCC: (GNU) 3.2.2 20030222 (Red Hat Linux 3.2.2-5)^
@^@GCC: (GNU) 3.4.5^@^@GCC: (GNU) 3.4.5^@^@GCC: (GNU) 3.4.5^@^@GCC: (GNU) 3.2.2 20030222 (Red Hat Li
nux 3.2.2-5)^@^@^\^@^@^@^B^@^@^@^@^@^D^@^@^@^@^@ <84>^D^H$^@^@^@^@^@^@^@^@^@^@^@,^@^@^@^B^@  ^@^@^D^
@^@^@^@^@D<96>^D^H^T^@^@^@T<83>^D^H^L^@^@^@D<84>^D^H#^@^@^@^@^@^@^@^@^@^@^@$^@^@^@^B^@Ã  ^@^@^D^@^@^
@^@^@Z<96>^D^H^E^@^@^@i<83>^D^H^B^@^@^@^@^@^@^@^@^@^@^@!^@^@^@^B^@<84>^@^@^@<9c>^H^@^@<84>^H^@^@_IO_
stdin_used^@^@^@^@^@<80>^@^@^@^B^@^@^@^@^@^D^A^@^@^@^@ <84>^D^HD<84>^D^H../sysdeps/i386/elf/start.S^
@/usr/src/build/231499-i386/BUILD/glibc-2.3.2-20030313/csu^@GNU AS 2.13.90.0.18

now my question is what exactly do dissamblers do.
do they read the complete executable file and then create the assembly language of it or
do the a.out have to be executed on the machine to be able to create the assembly code.
in which case the kernel read line by line of the commands to be executed arising from a.out and create the assembly code???

thanx --mlaich

graemef · 02-02-2006, 07:17 PM

Quote:

Originally Posted by varrojo

Micro$oft EULA's usually says that the software product is covered by the US legal restictions, so when you agree to the EULA you are giving up your country's right to disassemble and/or reverse engineer ms stuff.

Read your EULA's people.

Not true the following is from section 17 APPLICABLE LAW of Microsoft's EULA for XP:

Quote:

If this Product was acquired outside the United States, then local law may apply.

An earlier thread discussed this in detail with a strong leaning towards it doesn't matter what they put in the EULA if it can't be enforced, and much of it is to scare you away.