[ale] C code help
Mark Wright
mpwright at speedfactory.net
Tue May 24 08:06:57 EDT 2005
On May 23, 2005, at 11:14 AM, Greg Freemyer wrote:
> Good Luck, that is quite a project.
>
> 2 things:
>
> 1) If this were Linux code, you could run strace on the code and see
> all the kernel API calls, that would pretty much give you the info
> you are interested in. Unfortunately, you don't seem to be talking
> about Linux code here, so I have no ideas.
I think it is Unix like or DOS.
>
> 2) You said you decompiled 2 files. Decompiled is going to have a
> specific meaning to a programmer and to the best of my knowledge,
> there are no tools for decompiling C code. I have to a assume you
> meant you reverse engineered a couple of config files.
I downloaded a command line utility that ran on OS X called the reverse
engineering compiler.
I cd to the directory and took a file called AR.exe that was hex data
viewed in BBEDIT and converted it into the following (just the first
bit of the file):
/* This file was automatically created by
* Reverse Engineering Compiler 1.6 (C) Giampiero Caprino (Mar 31 2002)
* Input file: 'ar.exe'
*/
/* DEST BLOCK NOT FOUND: 00000121 -> 000001ab */
/* Procedure: 0x00000104 - 0x00000123
* Argument size: 0
* Local size: 0
* Save regs size: 0
*/
L00000104()
{
ds = *%cs:0x1ba];
L00000167();
(save)cs;
*L00000928();
bp = sp;
ah = 0x4c;
al = *(bp + 2);
asm("int 0x21");
cx = 0xe;
dx = 0x2f;
goto L000001ab;
}
/* Procedure: 0x00000124 - 0x00000166
* Argument size: 0
* Local size: 0
* Save regs size: 4
*/
L00000124()
{
/* unknown */ void ds;
ax = 0x3500;
asm("int 0x21");
*L0000005B = bx;
*L0000005D = es;
ax = 0x3504;
asm("int 0x21");
*L0000005F = bx;
*L00000061 = es;
ax = 0x3505;
asm("int 0x21");
*L00000063 = bx;
*L00000065 = es;
ax = 0x3506;
asm("int 0x21");
*L00000067 = bx;
*L00000069 = es;
ax = 0x2500;
ds = cs;
dx = 0x11a;
asm("int 0x21");
}
>
> If you truly meant you decompiled a couple of executable or library
> files, I'd be interested to know how to do that efficiently. (I did
> it once over 20 years ago by dis-assembilng a bunch of .o files into
> assembly code, then guessing at the original C code, then compiling,
> comparing, modifying C code, recombiling, recomparing. It took a long
> (and tedious) time to manually reverse compile just a couple of .o
> files.)
>
The truth is I don't know what I have done. Any ideas or comments?
> Greg
>
> On 5/22/05, Mark Wright <mpwright at speedfactory.net> wrote:
>>
>> Hi Folks,
>>
>> I don't really know where to start. The background to my dilemma is
>> important but has little to do with the problem. Suffice it to say
>> that I am not a coder or very experienced writing scripts but I have a
>> disk image that boots a control device that I need to reverse
>> engineer.
>>
>> The ultimate end would be to replace the code with our own but for now
>> just getting diag info from it and understanding it would a great step
>> forward.
>>
>> I have copied the disk to my Powerbooks hard drive and decompiled two
>> files that looked important. Anybody on the list read c well enough
>> to read these and tell me what I should do next? As I said above I
>> need to understand how it logs events and decode its error reporting.
>>
>>
>> Thanks,
>>
>> Mark
>>
>>
>> P.S a little of the background.
>>
>> The short story is I work for a very small company. We have a guy who
>> can probably do this but I know he will never have the time. The
>> future of my job may hinge on knowing the secrets of this device.
>> Like others have commented on their own jobs, I have tons of spare
>> time. I can't sit by and watch my reason for having a job slip away.
>> I need to become a uber coder in a hurry or find enough help to get
>> past this to the next issue down the road.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://www.ale.org/mailman/listinfo/ale
>>
>
>
> --
> Greg Freemyer
> The Norcross Group
> Forensics for the 21st Century
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
More information about the Ale
mailing list