Any programming expert in here?

[DirtyProfits]

Anybody knows about keyloggers, trojans etc.? Is it possible to see the source of an .exe file when it has been exe compiled?

[GrouchyAdmin]

You can break it back to pseudocode and subroutines, but no, unless the source is explicitly included, you can't get 'the source' back.

[Eriic]

decompile....................................

[chelo - adultcopywriters]

Hi, Sorry friend but no it's not possible to see the source from an exe file (compiled).

It would be like trying to get an mp3 of cd quality out of an mp3 recorded at very low quality.

[chelo - adultcopywriters]

Quote:

Originally Posted by Eriic

decompile....................................

does that word even exists?!

You're talking nonsense Eriic, nothing personal.

[d-null]

don't beat around the bush

what is your question?

[Eriic]

Quote:

Originally Posted by chelo - adultcopywriters

does that word even exists?!

You're talking nonsense Eriic, nothing personal.

http://whatis.techtarget.com/definit...804135,00.html

You decompile using a C++ program

Dumbass

[chelo - adultcopywriters]

Quote:

Originally Posted by Eriic

http://whatis.techtarget.com/definit...804135,00.html

You decompile using a C++ program

Dumbass

hehe, Ok so the word does exists. You beat me there
But I can assure you this reverse engineering process is far from being perfectioned. Probably the C++ decompiler will only work in exe files compiled from C++ source. So here you have a new problem and that is, how do you know the language in which the exe file was initially written? The link you provide says the following.

Quote:

Decompilation is not always successful for a number of reasons. It is not possible to decompile all programs, and data and code are difficult to separate, because both are represented similarly in most current computer systems. The meaningful names that programmers give variables and functions (to make them more easily identifiable) are not usually stored in an executable file, so they are not usually recovered in decompiling.

So there you have it, the most probable thing is that you're fucked up and you won't see a tiny piece of code that's readable. Think about what could happen if all programs could be decoded, all software would be opensource, there will be no Microsoft, no Google, Internet would probably be a total anarchy.

[brandonstills]

That's how I used to crack games back when I was a kid. Ahh, the good old days.

Decompile is the wrong word. It does exist but not for .EXE files. It's extremely rare to be able to decompile a program. Only certain environments/languages let you do it. You're thinking of disassemble. It will give you the assembly language listing. Sometimes symbolic data is embedded but usually not once a program is distributed. There are programs which will construct C code as well from an exe but I don't think they are very good.

Explain in more detail what you are trying to do.

[fluffygrrl]

Basically, if you're trying to understand what a certain infector did to your system, you're better off matching subroutines.

There's only a finite number of ways trojans log your clicks, for instance, and this is how anti-virus software "heuristics" work.

It is however pretty deep arcana, and probably not worth your time, or the money to pay a couple 250$ an hour engineer wiz ppl.

[moeloubani]

Back in my day I used to use a program called Win32dasm or something, it disassembles anything down to its machine assembly code.

It was when I was like 13 though so I don't know if its still around/if it works, back in those days I used it to find the parts of programs that tested for a registration key then I opened up the program in a HEX editor and I would change it and bypass the registration.

I've only gotten dumber since then

[DirtyProfits]

Quote:

Originally Posted by brandonstills

Explain in more detail what you are trying to do.

Well a while back I forgot my icq password. I used two programs, a ICQ Password Hasher to get the hash code from the Owner.mdb and then I used this hash code with another program called ICQ MD5 Password Changer to change my forgotten but still saved password to a new one.
Now exactly 1 month later, my account was hacked. I did some research and found out that the program was written by a Russian and they sell short icq uins on their Russian site. They claim to have over 200,000 uins.

Now I am trying to find out if that particular .exe file did only send out my icq password OR if other passwords were shared too.
When I try to download / save that file again on my hdd or try to unpack it I get an error message telling me that I have no admin rights for that. I then renamed the .exe into abc without no extension and was able to unpack it but 1 second later the file disappeared. I was not able to find it on D: again. I then went to folder options and enabled hidden files but I only see the abc file now and not the .exe on D:

[woj]

I would say odds are 7 to 1 that it was that russian program that stole your icq pass...

[DirtyProfits]

Yeah it was a Russian program. Is there no way of finding out if that program only sends out the icq password or if it also logs keys?