[ale] C code help

Mark Wright mpwright at speedfactory.net
Tue May 24 08:06:57 EDT 2005


On May 23, 2005, at 11:14 AM, Greg Freemyer wrote:

> Good Luck, that is quite a project.
>
> 2 things:
>
> 1) If this were Linux code, you could run strace on the code and see
> all the kernel API calls,  that would pretty much give you the info
> you are interested in.  Unfortunately, you don't seem to be talking
> about Linux code here, so I have no ideas.

I think it is Unix like or DOS.

>
> 2) You said you decompiled 2 files.  Decompiled is going to have a
> specific meaning to a programmer and to the best of my knowledge,
> there are no tools for decompiling C code.  I have to a assume you
> meant you reverse engineered a  couple of config files.

I downloaded a command line utility that ran on OS X called the reverse 
engineering compiler.
I cd to the directory and took a file called AR.exe that was hex data 
viewed in BBEDIT and converted it into the following (just the first 
bit of the file):


/*	This file was automatically created by
  *	Reverse Engineering Compiler 1.6 (C) Giampiero Caprino (Mar 31 2002)
  *	Input file: 'ar.exe'
  */

/* DEST BLOCK NOT FOUND: 00000121 -> 000001ab */
/*	Procedure: 0x00000104 - 0x00000123
  *	Argument size: 0
  *	Local size: 0
  *	Save regs size: 0
  */

L00000104()
{



     ds = *%cs:0x1ba];
     L00000167();
     (save)cs;
     *L00000928();
     bp = sp;
     ah = 0x4c;
     al = *(bp + 2);
     asm("int 0x21");
     cx = 0xe;
     dx = 0x2f;
     goto L000001ab;
}

/*	Procedure: 0x00000124 - 0x00000166
  *	Argument size: 0
  *	Local size: 0
  *	Save regs size: 4
  */

L00000124()
{
	/* unknown */ void  ds;



     ax = 0x3500;
     asm("int 0x21");
     *L0000005B = bx;
     *L0000005D = es;
     ax = 0x3504;
     asm("int 0x21");
     *L0000005F = bx;
     *L00000061 = es;
     ax = 0x3505;
     asm("int 0x21");
     *L00000063 = bx;
     *L00000065 = es;
     ax = 0x3506;
     asm("int 0x21");
     *L00000067 = bx;
     *L00000069 = es;
     ax = 0x2500;
     ds = cs;
     dx = 0x11a;
     asm("int 0x21");
}
>
> If you truly meant you decompiled a couple of executable or library
> files, I'd be interested to know how to do that efficiently.  (I did
> it once over 20 years ago by dis-assembilng a bunch of .o files into
> assembly code, then guessing at the original C code, then compiling,
> comparing, modifying C code, recombiling, recomparing.  It took a long
> (and tedious) time to manually reverse compile just a couple of .o
> files.)
>

The truth is I don't know what I have done.  Any ideas or comments?


> Greg
>
> On 5/22/05, Mark Wright <mpwright at speedfactory.net> wrote:
>>
>> Hi Folks,
>>
>> I don't really know where to start.  The background to my dilemma is
>> important but has little to do with the problem.  Suffice it to say
>> that I am not a coder or very experienced writing scripts but I have a
>> disk image that boots a control device that I need to reverse 
>> engineer.
>>
>> The ultimate end would be to replace the code with our own but for now
>> just getting diag info from it and understanding it would a great step
>> forward.
>>
>> I have copied the disk to my Powerbooks hard drive and decompiled two
>> files  that looked important.  Anybody on the list read c well enough
>> to read these and tell me what I should do next?  As I said above I
>> need to understand how it logs events and decode its error reporting.
>>
>>
>> Thanks,
>>
>> Mark
>>
>>
>> P.S    a little of the background.
>>
>> The short story is I work for a very small company.  We have a guy who
>> can probably do this but I know he will never have the time.  The
>> future of my job may hinge on  knowing the secrets of this device.
>> Like others have commented on their own jobs, I have tons of spare
>> time.  I can't sit by and watch my reason for having a job slip away.
>> I need to become a uber coder in a hurry or find enough help to get
>> past this to the next issue down the road.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://www.ale.org/mailman/listinfo/ale
>>
>
>
> -- 
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list