[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

> Good Luck, that is quite a project.
>
> 2 things:
>
> 1) If this were Linux code, you could run strace on the code and see
> all the kernel API calls,  that would pretty much give you the info
> you are interested in.  Unfortunately, you don't seem to be talking
> about Linux code here, so I have no ideas.

I think it is Unix like or DOS.

>
> 2) You said you decompiled 2 files.  Decompiled is going to have a
> specific meaning to a programmer and to the best of my knowledge,
> there are no tools for decompiling C code.  I have to a assume you
> meant you reverse engineered a  couple of config files.

I downloaded a command line utility that ran on OS X called the reverse 
engineering compiler.
I cd to the directory and took a file called AR.exe that was hex data 
viewed in BBEDIT and converted it into the following (just the first 
bit of the file):


/*	This file was automatically created by
  *	Reverse Engineering Compiler 1.6 (C) Giampiero Caprino (Mar 31 2002)
  *	Input file: 'ar.exe'
  */

/* DEST BLOCK NOT FOUND: 00000121 -> 000001ab */
/*	Procedure: 0x00000104 - 0x00000123
  *	Argument size: 0
  *	Local size: 0
  *	Save regs size: 0
  */

L00000104()
{



     ds = *%cs:0x1ba];
     L00000167();
     (save)cs;
     *L00000928();
     bp = sp;
     ah = 0x4c;
     al = *(bp + 2);
     asm("int 0x21");
     cx = 0xe;
     dx = 0x2f;
     goto L000001ab;
}

/*	Procedure: 0x00000124 - 0x00000166
  *	Argument size: 0
  *	Local size: 0
  *	Save regs size: 4
  */

L00000124()
{
	/* unknown */ void  ds;



     ax = 0x3500;
     asm("int 0x21");
     *L0000005B = bx;
     *L0000005D = es;
     ax = 0x3504;
     asm("int 0x21");
     *L0000005F = bx;
     *L00000061 = es;
     ax = 0x3505;
     asm("int 0x21");
     *L00000063 = bx;
     *L00000065 = es;
     ax = 0x3506;
     asm("int 0x21");
     *L00000067 = bx;
     *L00000069 = es;
     ax = 0x2500;
     ds = cs;
     dx = 0x11a;
     asm("int 0x21");
}
>
> If you truly meant you decompiled a couple of executable or library
> files, I'd be interested to know how to do that efficiently.  (I did
> it once over 20 years ago by dis-assembilng a bunch of .o files into
> assembly code, then guessing at the original C code, then compiling,
> comparing, modifying C code, recombiling, recomparing.  It took a long
> (and tedious) time to manually reverse compile just a couple of .o
> files.)
>

The truth is I don't know what I have done.  Any ideas or comments?


> Greg
>
> On 5/22/05, Mark Wright <mpwright at speedfactory.net> wrote:
>>
>> Hi Folks,
>>
>> I don't really know where to start.  The background to my dilemma is
>> important but has little to do with the problem.  Suffice it to say
>> that I am not a coder or very experienced writing scripts but I have a
>> disk image that boots a control device that I need to reverse 
>> engineer.
>>
>> The ultimate end would be to replace the code with our own but for now
>> just getting diag info from it and understanding it would a great step
>> forward.
>>
>> I have copied the disk to my Powerbooks hard drive and decompiled two
>> files  that looked important.  Anybody on the list read c well enough
>> to read these and tell me what I should do next?  As I said above I
>> need to understand how it logs events and decode its error reporting.
>>
>>
>> Thanks,
>>
>> Mark
>>
>>
>> P.S    a little of the background.
>>
>> The short story is I work for a very small company.  We have a guy who
>> can probably do this but I know he will never have the time.  The
>> future of my job may hinge on  knowing the secrets of this device.
>> Like others have commented on their own jobs, I have tons of spare
>> time.  I can't sit by and watch my reason for having a job slip away.
>> I need to become a uber coder in a hurry or find enough help to get
>> past this to the next issue down the road.
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
&gt;&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;&gt;
&gt;
&gt;
&gt; -- 
&gt; Greg Freemyer
&gt; The Norcross Group
&gt; Forensics for the 21st Century
&gt; _______________________________________________
&gt; Ale mailing list
&gt; Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00854" href="msg00854.html">[ale] C code help</a></strong>
<ul><li><em>From:</em> greg.freemyer at gmail.com (Greg Freemyer)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00796" href="msg00796.html">[ale] C code help</a></strong>
<ul><li><em>From:</em> mpwright at speedfactory.net (Mark Wright)</li></ul></li>
<li><strong><a name="00800" href="msg00800.html">[ale] C code help</a></strong>
<ul><li><em>From:</em> greg.freemyer at gmail.com (Greg Freemyer)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00832.html">[ale] Take the &quot;too passe?&quot; war on-list</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00834.html">[ale] C code help</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00834.html">[ale] C code help</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00854.html">[ale] C code help</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00833"><strong>Date</strong></a></li>
<li><a href="threads.html#00833"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>