CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 2 of 12 FirstFirst 12345 ... LastLast
Results 16 to 30 of 174
  1. #16
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    jase, if they could get your source code by using Soft-Ice, then why don't you just keep your executables, erase all your source files, and just use Soft-Ice to get your source code back.

    As you can see, I'm saying this with a lot of sarcasm. No, your source code is safe. The only thing that a hacker sees are symbols and certain patterns within the code that identify function calls, loops, etc. They do not see your std::strings, vectors<>, smart pointer classes, and whatever other source code. All a hacker cares about is to figure out how to "jump around" certain parts of your code, or to change maybe a variable or register here or there.

    If this were the case that hackers can see the full source code (chuckle), I sure wish I could get the source code to AutoCad. Maybe I should just get Soft-Ice and it will give me their entire class structure. Of course this sounds ridiculous, because it is.

    If you are using Java, then you can have a problem. With Java, your code can be decompiled, very easily into the equivalent source language, since the byte codes in determine the source.

    Regards,

    Paul McKenzie


  2. #17
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    Thankyou Paul, your view on this topic is what i believed to be the case. you surely can't take an exe and produce a set of compilable class files from it ...

    ... but i did think the symbols were only included in the debug release. if they are in the release version too, then perhaps it would be prudent to rename some of the more obvious.

    are all class name, function and variable symbols left in the exe ?


    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  3. #18
    Join Date
    Apr 1999
    Posts
    27,449

    Re: "pretty" example of DCC (GNU disassembler)

    Todd don't worry. Unless you write in straight assembly language, your source code is safe. See my responses to jase and kbomb.

    Basically, I said that if the source code can be recovered, then why do backups? Just get Soft-Ice, and you can throw all your source away.

    I have done a lot of assembly coding in the past, and have a lot of knowledge in how hackers work. They only have good assumptions in what a certain module is doing using a tool such as soft-ice. Yes they can get the functions as symbols, and can detect a function call by seeing what is pushed onto the stack. But no, they won't see your Super-Sophisticated 3-d cad source code.

    A hacker cannot get the original Cor C++ source unless you give it to him/her.

    Regards,

    Paul McKenzie


  4. #19
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    Not all of them. If you need any affirmation, how about when you get that dreaded exception error, and you go to look at the call stack to see what happened. How many times have you seen this:

    NTDLL (some number)
    NTDLL (some number)
    etc.
    etc.

    The best that you can make out of this is the name of the module that bombed out and some hex address. If you built your application using debug symbols, then yes, the symbols are there, since you will see the names of the functions. Note that when you download a service pack to fix one of MS operating systems, you get the choice of downloading the symbols also. The symbols are used so that instead of NTDLL(whatever), you see the actual NTDLL function name that caused the error.

    Regards,

    Paul McKenzie


  5. #20
    Join Date
    Sep 1999
    Location
    Philadelphia, USA
    Posts
    195

    Re: reverse engineering

    Yes this is my understanding. If you lost your source code, you could "virtually" get Soft-ICE and reverse-engineer your executable back into source code. It would not have the VC++ directory structure and filenames, but all the code would be there. Some parts MAY look differet, but most functions and names will be just like the original. Try downloading SoftICE and see for yourself the results.


    Easy Internet Software @
    http://www.DummySoftware.com
    ============================
    Tired of popup windows while you surf the web?
    Get PopupDummy! http://www.popupdummy.com

  6. #21
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    Sorry, but I've used soft-ice since it was a 16-bit product so I know what I speak of. It does not do this. Once your source code is gone, it's time to either write it again, cry, get fired, sued, or worse.

    There are other products such as Sourcer that supposedly did this. Again, translation was never exact and these products told you as such. The best you can do is get some obsfuscated 'C'-like output, which will most likely look nothing like your original code. Especially with such a complicated language such as C++, how in the world can you deduce a

    std::vector< std::map< MyClass, std::list<int> > >

    from a mere assembly listing? Add to that, you have different compilers that produce different executables.

    Regards,

    Paul McKenzie


  7. #22
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    Thanks Paul, that's what i figured. I was taken aback when kbomb987 implied otherwise, because i haven't used softice. I'm pleased to hear you dismiss his claims though, I can sleep again now



    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  8. #23
    Join Date
    Apr 2001
    Location
    USA, Knoxville, TN
    Posts
    255

    C++ structure

    ok, that is very good news, so you don't get C++ class structure back in any form? (I don't care so much for variable names . . .)




  9. #24
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    What about


    bool CRegsitrationClass::IsRegistered()




    or similar. Is this type of information available in SoftICE or does it just return a mangled name ? Do i need to rename any registration sensitive class names, functions and variables to something a little more esoteric ?


    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  10. #25
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    That all depends on what compiler you used.

    The way to tell for sure is to put a line in your source code right after the opening of the function call that will cause an execption. Something like this:

    bool CRegsitrationClass::IsRegistered()
    {
    char *p = NULL;
    *p = 'A';
    // The rest of your code
    }



    Recompile in release mode, no symbols, nothing. When you run your program, a memory exception will occur, and if you have VC++ installed, it will take you to the spot where the exception occurred. Take a look at the call stack and generated assembly code. If you see things like IsRegistered or anything like that, then yes, SoftIce will be able to get the symbol, otherwise no. There are no "hidden symbol tables" floating around in your EXE somewhere that Soft-Ice knows about that VC++ doesn't know about.

    Regards,

    Paul McKenzie


  11. #26
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    doing this does not show the stack in visual studio when it crashes. you can hit the debug button, but it forces you to terminate the app and no call stack is available


    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  12. #27
    Join Date
    Apr 1999
    Posts
    27,449

    Re: reverse engineering

    I'm using NT, and it works. If not, then whatever you're using is not setup correctly. If you ever wanted to debug an access violation from a piece of running code, then you're saying you can't do it? I just did it with this simple app. I just ran this program, and it didn't force the app to close:

    #include <stdio.h>
    int main()
    {
    char *p = NULL;
    *p = 'A';
    }



    I was asked to press Cancel to debug. Pressing cancel brings up Visual Studio. Then a dialog box states what the error is. Clicking OK there takes me right to the assembly window, where I can see the call stack, plus the code where the violation occurred. The code is still running, it hasn't terminated until I tell it to (the execution arrow is still pointing to the *p = 'A' line).

    Regards,

    Paul McKenzie


  13. #28
    Join Date
    Mar 2000
    Location
    Birmingham, England
    Posts
    2,520

    Re: reverse engineering

    Hi Paul,

    I'm at work now and you're right, it works on NT4.
    But back at home, XP Professional doesn't allow it. It forces you to close the app.

    And the call stack and assembly window show no symbols of any kind at the point i broke it (in my registration routines)


    Jase

    http://www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.

    Jase

    www.slideshowdesktop.com
    View your images and photos on your desktop with ease using SlideShow Desktop, the desktop wallpaper manager for Microsoft Windows.
    ...

  14. #29
    Join Date
    May 1999
    Location
    Southern California
    Posts
    12,266

    Re: reverse engineering

    kbomb987, you should be more careful about what you say. Perhaps you are not familiar with the debug information that is included in debug builds but not release builds. Perhaps you are not familiar with SoftIce enough to know that it must have that debug information. So when you are guessing you should say you are not sure.

    As has been explained in many other replies, none of the preventive techniques you provide would prevent an exe from being decompiled from disk.

    Something that I do not see mentioend is that the determined hacker can purchase a PC expansion board that does most of what SoftIce does but without degrading performance very much and that cannot be detected by any software running in the system. However even they cannot decompile a C/C++ program any better than software decompilers can.


    ****************************************************************************************************
    Ratings are unimportant but follow-up is. Try to somehow let the helper and the worldwide community know what works.
    http://www.cpp.atfreeweb.com
    "Signature":
    My web site is Simple Samples.
    C# Corner Editor

  15. #30
    Join Date
    Aug 2001
    Location
    North Bend, WA
    Posts
    1,947

    Re: reverse engineering

    I haven't used Soft Ice either, but I have used similar products. The ones that work on release builds have all required an accompanying .pdb file This is the Program Data Base, where vc++ puts all the symbols & etc. that you need to decompile.


Page 2 of 12 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured