April 20th, 2004, 10:32 AM
IDA pro, is a very good tool. Theres a trial version that only disassembles x86 instruction sets, but i think thats all you need. I think im right in saying that..
I want to get the full blown version so i can disassemble ARM processor types, although there are other disassembles IDA is by far the nicest to use.
April 20th, 2004, 04:25 PM
The answer is "NO"................... you obviously do not appreciate what is involved.
Also, why do you want to "edit" an executable (incidentally, there are far more than .exe files)?, particularly if you suspect that it is malware. As already pointed out, if it isn't malware, it belongs to someone else..............so leave it alone. It is NOT your intellectual property...............if you make adjustments and it doesnt work, it still has the original authors name on it?
If you are that clever................write the source yourself, then you can do what you like, and it might even work because you would understand what it does, and why?
Anyway, this is what you face with an executable object file (as opposed to source):
1. Decompress..............so what is it? self executing zip, UPX..?????????????
2. Decrypt.................bound to be encrypted isn't it.............what algorithm, XOR......?
I guess that is the point at which you will fail miserably
3. Oh! you got this far...........well now that you have the raw object code you need to disassemble it.
4. OH dear..........what language is that............do I know how to format the statements? do I have a compiler? Or should I apply for the job of sub-editor on a Thai language Bangkok newspaper?
I am beside myself with curiosity as to why you wish to edit an executable from its compiled code? You have NOT supplied a satisfactory explanation of that.
Well, those are my thoughts............you will never be able to do it untill you really understand what is involved.
Good luck, an DO go and learn a programming language thoroughly............they are like human foreign languages, once you have done the first others are much easier as you will have developed your personal learning style, and developing that style is vitally important.
April 20th, 2004, 07:19 PM
did i do something illegal
After reading your post I thought of something.
When i modded part's of the diablo .exe was that illegal ?
Because then i violated the law eeuh (insert large number here) times.
And thanks the rest for hinting me on IDA pro, this beats Ollydbg anytime.
All this talk about disassbling makes me long back to those long night I
spend yust because that one thing I wanted to add to my mod (wich never saw version 1.0).
Wait I know i still have it around somewhere *gets lost searching through cd's*
Does anyone here have any experience with decompiling stuff, is it really worth the headaches it gives me when I try or not ?
nihil after reading your post I thought you were going a bit to rough on the kid. So I reread the enire thread and conclude that you are right.
Dissasebling is a long tedius and boring bit of work, don't start yust because you wan't to learn how a 'malicous' piece of software works because you are interestid.
I have been doing this for a bit of time, and believe me it's only fun if you get some results of some kind.
And why do you wan't to know how 'malicous' software works. Yust get rid of it.
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?