OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: August 4, 2007 23:09 CDT by Grama .

is there any efficient way to decompile .dll files used in windows xp? i am doing a little learning and trying to figure out why i am having some problems with my program but i would like to decompile a few .dll files first. if their isn't any way thats ok, i'll keep going about the way i have.. :) thanks in advance.

Grama

eamous		August 5, 2007 06:25.31 CDT
> Grama: is there any efficient way to decompile .dll files used in windows xp? i am doing a little learning and trying to figure out why i am having some problems with my program but i would like to decompile a few .dll files first. if their isn\'t any way thats ok, i\'ll keep going about the way i have.. :) thanks in advance. > > Grama Hello there, If you're talking about .Net assemblies (exe, dll, � ) you might be able to decompile them using spices.Net decompiler: http://www.9rays.net/Products/Spices.Net/ Other than that, you may only disassemble the executable binaries using the Win32 disassembler: http://www.geocities.com/~sangcho/disasm.html Or using IDA Pro (highly recommended): http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/IDA-PRO.shtml Hope this helps. Cheers, Essa Amous.

Grama		August 5, 2007 12:16.50 CDT
thanks for the info! i am talking about dlls such as directx and such..... mostly my friends dlls (he apporves) and a few microsoft dlls but yah. i have got ida pro up and running and as well as ollydbg, and i have downloaded the spices.net trial and while i have used it to get the source code of many of my friends dlls, it was not able to retrieve the source code from the microsoft dlls. part of the reason i want to get the source code is so that i can reassemble the dlls on another installation of windows as well as reactos to see if my program is even compatible with reactos currently (except for the missing dlls that i am attempting to recompile) i realise wut i am hoping to do may be completely not possible, but i am looking at the possibility of using the assembly to recompile as well. is this possible? if so, how can i use the assembly produced from ida pro or ollydbg or the win32disasm and recompile on say, linux or reactos or even another installation of windows? i have examined asm in such programs (except win32disasm will look at thanks) but never attempted to straight up recompile. thanks again!

jms		August 7, 2007 11:26.48 CDT
Well spices will only do .NET assemblies, and the stock MS dlls are not written in .NET. Getting the source code is not really possible (you could beg Ilfak for a copy of hexrays), this is the nature of reverse engineering!

Grama		August 7, 2007 13:53.05 CDT
of course it is! i try and oversimplify things my friends say lol! thanks gain for the info, i will continue on my mary way! thanks again!

eamous		August 9, 2007 01:01.30 CDT
Hello Grama, Yes, when dealing with PE (Executables and dynamic Libraries) the only way is to disassemble the code and create ASM file using IDA Pro (File -> Produce File -> Create ASM File) and then you can inject or modify the code but reassembling the ASM file will need ALOT of work to get it done! (I usually use MASM32 for this purpose). In your first post you were saying that you are doing all this because you're having some problems with your program. So if you can brief us with your case in particular, I guess we can work it out without going through all this headache. Cheers, Essa Amous.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit