Recent

Author Topic: Get SourceCode from Exe ?  (Read 10105 times)

penpen

  • New Member
  • *
  • Posts: 23
Get SourceCode from Exe ?
« on: March 11, 2016, 07:32:37 pm »
Hi!

I lost an old project of mine, and do now only have the binary/exe.

Is it possible to somehow get parts, or the whole code from the exe.

The exe file is huge and probably has lots of stuff/debug? in it, how about the code ?

I hope you can help me, otherwise I will need to rewrite it :X ...

Greetings from germany!!!
Matt

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 10270
  • FPC developer.
Re: Get SourceCode from Exe ?
« Reply #1 on: March 11, 2016, 08:07:28 pm »
I lost an old project of mine, and do now only have the binary/exe.

Is it possible to somehow get parts, or the whole code from the exe.

No. If it is FPC (and not Delphi), then doubly so. There are (very limited) decompilation services for certain Delphi versions (specially D6/D7), but barely for freepascal/lazarus.

Quote
The exe file is huge and probably has lots of stuff/debug? in it, how about the code ?

I hope you can help me, otherwise I will need to rewrite it :X ...

Unless it is so mission critical that it is worth spending 4 digit numbers for just the _investigation_ if it is possible from a specialized firm, I suggest you start rewriting immediately. (and that is for Delphi, it is worse for less popular FPC)

Yes, there are theoretical possibilities, but they are very laborious even if you have the knowledge, so unless it is in some extremely crucial category, rewriting is cheaper.
« Last Edit: March 11, 2016, 08:23:59 pm by marcov »

tr_escape

  • Sr. Member
  • ****
  • Posts: 412
  • sector name toys | respect to spectre
    • Github:
Re: Get SourceCode from Exe ?
« Reply #2 on: March 11, 2016, 08:11:03 pm »
Hello Matt,

Decompiling doesn't gives you whole source code.
If your software is written by Delphi maybe this tool can help you:

http://kpnc.org/idr32/en/


penpen

  • New Member
  • *
  • Posts: 23
Re: Get SourceCode from Exe ?
« Reply #3 on: March 11, 2016, 08:51:39 pm »
It's a FPC programm. Too bad I can't reconstruct it. It's only like 3 critical functions I'm missing, but I can't remember exactly what they were doing. I know that I could find them with a dissasembler, and I know a bit of assembler... But that would be crazy.. I'd be better of rewriting the functions and figure out what they did exactly.

Thank you anways, this community is just so awesome.

Matt

JD

  • Hero Member
  • *****
  • Posts: 1847
Re: Get SourceCode from Exe ?
« Reply #4 on: March 11, 2016, 09:25:48 pm »
This actually gives me some comfort because I've been thinkng about this. My computer was stolen over a year ago along with my backup external disks. I lost my principal project in the process & all I had were the EXEs.

I thought of decompiling it but I quickly abandoned the idea & I rewrote it from scratch. The new application today is much better than what I lost. I'm so glad I rewrote it. I'm now concerned that a client could try decompiling it so I was wondering how effective the code obfuscation option in the Lazarus IDE is.

So what marcov said is music to my ears  :D

JD
« Last Edit: March 11, 2016, 09:53:14 pm by JD »
Windows (10) - Lazarus 2.1/FPC 3.2 (svn 64160 built using fpcupdeluxe),
Linux Mint - Lazarus 2.1/FPC 3.2 (svn 64380 built using fpcupdeluxe),
Delphi

Indy 10.6 series; mORMot; Zeos 7.3; SQLite, Firebird, PostgreSQL & MariaDB; VirtualTreeView 5.5.3 R1

BeniBela

  • Hero Member
  • *****
  • Posts: 844
    • homepage
Re: Get SourceCode from Exe ?
« Reply #5 on: March 11, 2016, 11:41:36 pm »
Perhaps Bero can write a decompiler for you

He always creates complex projects in almost no time

It surely should possible. I just used a decompiler on a flash program. It created 450 files with 100 000 lines, and after some editing, the files compiled back to a working program.

Now flash has the advantage that it is byte code and all the types are known, but if you have debug information, it should tell you about the types as well

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 10270
  • FPC developer.
Re: Get SourceCode from Exe ?
« Reply #6 on: March 11, 2016, 11:51:47 pm »
Now flash has the advantage that it is byte code and all the types are known, but if you have debug information, it should tell you about the types as well

The question is not if it is theoretically possible, but if it is practically less work then rewriting the sourcecode.

And till the decompiler is written and proven, better avoid wasting time, and start rewriting immediately.

I've seen many such discussions and I actually know some cases that went the decompilation way, but usually they had D7, and contacted a professional reengineering firm. If that is beyond your grasp, forget about it.

CM630

  • Hero Member
  • *****
  • Posts: 1007
  • Не съм сигурен, че те разбирам.
    • http://sourceforge.net/u/cm630/profile/
Re: Get SourceCode from Exe ?
« Reply #7 on: June 06, 2022, 10:23:54 am »
I have got an EXE written by a cousin for DOS in TurboPascal. I googled for a TP disassembler, but I found nothing. Maybe s.o. knows how to get some FPC code from it?
Лазар 2,2,2 32 bit; FPC3,2,2; rev: Lazarus_2_2_2 on W10 64bit.

MarkMLl

  • Hero Member
  • *****
  • Posts: 5119
Re: Get SourceCode from Exe ?
« Reply #8 on: June 06, 2022, 10:59:17 am »
I have got an EXE written by a cousin for DOS in TurboPascal. I googled for a TP disassembler, but I found nothing. Maybe s.o. knows how to get some FPC code from it?

Have you actually read the thread to which you're belatedly commenting? This is something that people have been asking for since time immemorial, and is not in the general case possible.

An executable file might have debugging information embedded, but this is basically line numbers cross-referencing an existing sourcefile. Some programming systems which compile to an intermediate representation (Java, .Net) are to some extent amenable to decompilation but the result will still be a very long way from the original source.

In the general case you should be able to use something like IDA or Ghidra- discussion of which are outside the scope of this forum- to generate assembly code with similar function to the original high-level language.

But you'd be best off reverse-engineering your cousin's program by close observation of what it does, familiarising yourself with any applicable algorithms, and then rewriting from scratch.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

440bx

  • Hero Member
  • *****
  • Posts: 3006
Re: Get SourceCode from Exe ?
« Reply #9 on: June 06, 2022, 11:45:21 am »
I have got an EXE written by a cousin for DOS in TurboPascal. I googled for a TP disassembler, but I found nothing. Maybe s.o. knows how to get some FPC code from it?
if the executable has debug symbols in it then a program like IDA Pro can provide some _assistance_ in your rewriting it.  A DOS type program without debugging symbols is extremely laborious to recreate. 

IF settling for an assembly file that operates the same as the original program is "acceptable" then a tool like IDA Pro can definitely be very helpful in getting you there but, as far as getting the Pascal source back, simply forget it.  Also, there are some programs out there billing themselves as "decompilers", IDA Pro has a "decompiler" plug-in, Ghidra offers "decompilation" too as do a number of other programs but, only someone who confuses a dog turd with Swiss chocolate (or someone who'll say anything to get your money) would call the result a "decompilation".  That said, their "decompilation" can be helpful to see the structural flow of a function.  Dis-assemblers are very helpful to investigate a program, not recreating it, provided their user is completely comfortable with Assembler.

if all you want is to analyze a handful of functions in the program then those utilities/dis-assemblers/"decompilers" are definitely helpful.   

FPC v3.0.4 and Lazarus 1.8.2 on Windows 7 64bit.

CM630

  • Hero Member
  • *****
  • Posts: 1007
  • Не съм сигурен, че те разбирам.
    • http://sourceforge.net/u/cm630/profile/
Re: Get SourceCode from Exe ?
« Reply #10 on: June 06, 2022, 11:53:22 am »
Thanks, I will check the IDA. My cousin thinks that he has the source, but getting it might take years.
Лазар 2,2,2 32 bit; FPC3,2,2; rev: Lazarus_2_2_2 on W10 64bit.

MarkMLl

  • Hero Member
  • *****
  • Posts: 5119
Re: Get SourceCode from Exe ?
« Reply #11 on: June 06, 2022, 12:21:20 pm »
Thanks, I will check the IDA. My cousin thinks that he has the source, but getting it might take years.

To be blunt without intending to cause offence, it will be faster for him to find the source than for you to learn IDA or Ghidra. Hell, after all these years working with this sort of stuff /I/ find them daunting.

The key is that when a program in a high-level language is compiled it's first changed into an Abstract Syntax Tree (AST). A compiler like Turbo Pascal or FPC takes the AST, optimises it, and spits out an executable... possibly with debugging xrefs to the lines in the original source, but without incorporating either the source or enough information to reconstruct the AST.

Something like Java or .Net, OTOH, in effect distributes the AST as the executable, with the final stages (optimise and convert to opcodes in memory) done at load time.

Even more accessibly, a traditional BASIC would effectively ship a compressed version of the entire source to the end user, making it trivial to list.

So I have /many/ times been asked for a (Pascal etc.) decompiler, by people who thought that since a BASIC program could be listed one written in Pascal was similarly amenable to inspection. But without the AST it's not, and even then you'd lose all comments etc. and possibly some of the variable and function naming.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

tr_escape

  • Sr. Member
  • ****
  • Posts: 412
  • sector name toys | respect to spectre
    • Github:
Re: Get SourceCode from Exe ?
« Reply #12 on: August 10, 2022, 10:19:12 am »
I forget this topic also IDR can be found in github project:

https://github.com/crypto2011/IDR

Nicole

  • Sr. Member
  • ****
  • Posts: 331
Re: Get SourceCode from Exe ?
« Reply #13 on: August 10, 2022, 10:25:52 am »
here is one.
I did not try, would be great, if you tell us about your experience.

https://www.heise.de/download/product/spices.decompiler-37501

MarkMLl

  • Hero Member
  • *****
  • Posts: 5119
Re: Get SourceCode from Exe ?
« Reply #14 on: August 10, 2022, 10:39:42 am »
here is one.
I did not try, would be great, if you tell us about your experience.

https://www.heise.de/download/product/spices.decompiler-37501

Note that that appears to be specifically for .NET, which is very far removed from FPC etc.

You can do a certain amount with IDA/Ghidra etc., rather more if debugging symbols are in the executable, but it's by no means comprehensive.

Be told.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

 

TinyPortal © 2005-2018