Decompile C++ application/sourcecode?

[VivaLaVida]

Hello ,
being new in this Forum and very new in programming in C++ I hope the get some help in this Forum.

A EXE-file generates some ISAM-files (ISAM was developed by IBM many years ago). Now we need to figure out how the EXE-file reads or writes These files. All we currently knew is that the sourcecode is written in C++. Is there any chance or hope to decompile this EXE?
Or are there any other methods to figure out what an EXE does in Detail?

Any help will be appreciated

Rgds
Jan

[zerver]

Hi!

You can decompile it, but you will never get C++ source code. The code will be in assembly format.

Someone who is skilled with reading and debugging assembly can possibly figure out how it works.

There is a tool called OllyDbg that I can recommend for a job like that.

As a rule of thumb, it can always be done, but it is more of a question of whether it is worth the many hours of hard work that may be required to reach your goal. Maybe there is another tool, open source or such, that can already do what you are looking for.

Regards

[Paul McKenzie]

All we currently knew is that the sourcecode is written in C++.

There is nothing in an EXE file that determines what language was used to create the program. As a matter of fact, even at the link step, the object code generated to create the final executable is "language neutral" -- look at the number of different languages that use the Microsoft LINK.EXE program.

Bottom line is that all you have is assembly language, and tools that help determine what the assembly language is attempting to do.

Regards,

Paul McKenzie

[VivaLaVida]

Hi!

You can decompile it, but you will never get C++ source code. The code will be in assembly format.

Someone who is skilled with reading and debugging assembly can possibly figure out how it works.

There is a tool called OllyDbg that I can recommend for a job like that.

As a rule of thumb, it can always be done, but it is more of a question of whether it is worth the many hours of hard work that may be required to reach your goal. Maybe there is another tool, open source or such, that can already do what you are looking for.

Regards

Hi ,
thanks for your answer!
OK, I understand that decompiling sourcecode is not possible or as helpful as expected. Is it possible to figure out what an EXE-file exactly does? In our case the EXE-file writes some files - is it possible to determine or tot trace which method (or whatever) the EXE uses to write those files?

Rgds
Jan

[OReubens]

ISAM is a general principle. It doesn't mean a specific means of storage and indexing.

It's same like sayign "a database is SQL", SQL means a method of access, it doesn't say much about the actual way the bytes are stored on disk.

In the same way, ISAM is a general method of access.

--

that said, decompiling an exe with an attempt to get enough insight into the code to figure out how data is stored is going to take quite a bit of time and you'll need experienced people doing it. There is no automated "turn this exe back into C++ code" tool.


You have a much better chance just analyzing the data files and figure out how to extract the raw data (ignoring indexing mechanisms) into a text file.
And then converting to a more modern database system.
You even have a good chance there's tools out there and/or companies you can hire that specialize in data retrieval/extraction, that already have a means to extract the data from that specific format, you know it's from IBM, so there aren't THAT many possibilities since they went to DB/2 for all their database means pretty early on.

[VivaLaVida]

ISAM is a general principle. It doesn't mean a specific means of storage and indexing.

It's same like sayign "a database is SQL", SQL means a method of access, it doesn't say much about the actual way the bytes are stored on disk.

In the same way, ISAM is a general method of access.

--

that said, decompiling an exe with an attempt to get enough insight into the code to figure out how data is stored is going to take quite a bit of time and you'll need experienced people doing it. There is no automated "turn this exe back into C++ code" tool.


You have a much better chance just analyzing the data files and figure out how to extract the raw data (ignoring indexing mechanisms) into a text file.
And then converting to a more modern database system.
You even have a good chance there's tools out there and/or companies you can hire that specialize in data retrieval/extraction, that already have a means to extract the data from that specific format, you know it's from IBM, so there aren't THAT many possibilities since they went to DB/2 for all their database means pretty early on.

Thanks for your reply!
As a matter of fact the ISAM-files in our case are neither C-ISAM nor D-ISAM files. Even worse none of the tools out there (even the one's you have to pay for) are able to open these files. Seems like that the developers have modified "something" that the files are not of the regular or wellknown ISAM standard. And of course the developers are not reachable anymore.
Due to this I thought it could be an alternative to hook onto the EXE and to figure out how the files get accessed and processed. And if that would be possible we could use those "methods" to process the files.

Rgds
JH

[2kaud]

You might like to look at these sites
http://sourceforge.net/projects/exetoc/
http://search.soft112.com/c-decompiler-s1089408.html

One way to approach this issue is to examine the data file(s) to see if the layout of the records can be determined. If the layout can be determined, then a program can be written to create new file(s) that contain the raw data in a known format which can then be used to populate a database of choice. Do you know what the data in one record (preferably the first!) should be? If you do, then use a hex editor to examine the file(s) to work out where the data is stored and the size of a record etc. You don't need to bother about the indexs or the order the data is stored in the file as all you need to aim for is to extract the raw data to another file(s).

Do these .exe programs have the ability to output the data - preferably in a console window? If they do, then another approach would be to capture this output into a file.

Unless you know exactly how these data files are structured, I would advise against trying to do any writes to them as you may corrupt them and loose the data. I would treat them as read-only file(s).

[razzle]

OK, I understand that decompiling sourcecode is not possible or as helpful as expected. Is it possible to figure out what an EXE-file exactly does?

If you know what tool, say some version of MS VC++, created the .exe files then chances are much greater the original C/C++ code can be recovered. Not symbolic names of course because they get lost in compilation but the general structure. It's definately worth a try.

Why not search the net? I found this,

http://download.cnet.com/C-Decompile...-10969943.html

Naive ISAM implementations usually are b-tree based. They usually consists of fixed-size "pages" each containing a variable number of "records". First on the isam file there's often a fixed-size bitmap where each bit position tells if the corresponding "page" is in use or free. The bitmap is often followed by the root "page". The number of actual "records" on a "page" is often stored at the beginning of each "page" together with two additional numbers representing the left and right child "pages".

The easiest way to deduct the structure is to start with an empty isam file and then add records. After each new added record the file is copied. Finally the files are compared. This usually reveals what took place.

[OReubens]

YEs, it is possible to "hook into" an exe to make said exe do stuff it wasn't intended for (done that myself before), but this too will require some experienced people and a lot of their time. Unless you can find someone that'll do this "for the challenge" alone, the reality of the matter is that any sort of decompilation/reverse engineering/patching into the executable will very likely take so much time from an expert that just paying their hourly rate is going to be quite high.

You're basically asking to reverse engineer an entire database system (once you figure out where it is among all the non-database code the exe does), we're talking easily several thousand lines of c++ code just for the database code. That is a LOT of code to reverse engineer.

Again, putting this into reality, it would probably be cheaper to hire a couple temporary workers to manually transcribe/reinput the data into a new database system.

-

Data extraction is a much more realistic path.

If the exe and data are still operational...
Maybe the exe itself has means to dump/output the database. Printouts can be intercepted and converted to a database. Maybe there's even a "save to tekst/csv/..." option
A display into a grid, listcontrol can be fairly easily intercepted and redirected to file.
...

If you only have the data files, then there's ways to figure out what the layout is (at least the actual data, figuring out the indexing method can be difficult) by applying a bit of common sense. ISAM is "old" technology, the "records" are typically flat binary structures usually grouped together into "pages" of a certain size (a multiple of 256 usually, often a straight power of 2).
There are even companies specializing in this sort of data extraction. If you can't do it yourself, give them a call to ask for a quote.

there may not be tools readily available on the net to extract the data, but companies specializing in extraction have their own internal tools (which they tend to keep secret of course).

Even if there's no ready made tools, there might be explanations of how the layout is on the net.

It might help telling us what the actual application is, maybe someone here knows it, and has experience with how to access it.

[Arjay]

Isn't MS Access ISAM based (or a flavor of)? You could change the file extensions and try to open them in Access.

[OReubens]

afaik...

MS Access was initially intended to be based on R-Base, with basic as main scripting language.
Neither of this was released and it split off into 2 separate projects (ms access and Visual basic).

The very first version of MS access was MS Jet based (jet red).


Lots of databases have an ISAM core, even if the ISAM functionality cannot be accessed publicly (or is, but documentation is scarce) and the database only has a SQL front.
Like I said before, ISAM is a method of access (low level database calls such as "insert record", "update record", "delete", various forms of "seek" operations, ...) not a method of storage (the bytes on disk).

This is apparently a specific IBM product, so the "ISAM" may even refer to the actual database IBM developed and sold under the name "ISAM" (though the term has been used in broader context since). If so, that ISAM was eventually replaced by VSAM and eventually DB2.



I don't think IBM ever used MS JET for any of it's products, so trying it in MS Access probably won't work (but it's worth a try I guess). If the app is indeed from IBM, then installing DB2 and trying the importers from DB2 might be a better shot.