Decompiler.NET reverse engineers your CLS compliant code

[Greg Merideth]

I tried that against the remotesoft decompiler and it finally threw them
a curveball. The resultant code is pretty much a jumble. This is the
first one I've seen that works nicely against their decompiler. Good find.

 

[Nak]

"Being more clear: is Microsoft ready to

Who wrote??

Nick.

 

[Nak]

And if by Nick you mean Vortex Soft.. then yes... he said that... It's

only
derogatory by people that don't know how to use the word.

Aaah, ignore my statement.

Nick.

 

[Mike Newton]

One word: Marketing.

If it weren't for the Massive Microsoft Marketing Machine, we'd all be
complaining about Delphi.

 

[Jonathan Pierce]

Greg,

Although we are not necessary interested in supporting decompiling code that
it intentionally confused by obfuscators, we do want to support the ability
to decompile arbitrary MSIL, even when it is created by hand and compiled
with ilasm. As a result we will be attempting to add support for decompiling
arbitrary code flow obfuscation, even when the obfuscator causes extra
branch instructions to jump around and process the instructions out of
order. Keep an eye out for a future release of our Decompiler.NET product if
this feature is important to you. We can't however, guarantee to undo all of
the other tricks that obfuscators play to confuse decompilers.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

 

[remotesoft]

XenoCode inserts some branch instructions (br) here and there to confuse the
stack, which is very easy to remove. Our desktop version of the decompiler
works very well against those tricks, namely, you won't see those jumble
code. I will post that feature onto our online version in couple of months.

Huihong
Remotesoft, Inc.

 

[Shawn B.]

With the exception of microsoft products, I never purchase software that
ties me to a specific machine considering 1) I use removeable hard disks in
the same machine, 2) I frequently update internal components (video cards,
sound card, network card, new scanner, different digital camera, replacing
PCI modem with a USB model, etc.) such that my machine very quickly appears
to be a new machine, 3) I am a huge fan of Virtual PC/VMWare and like to
install my software into guest OS's, 4) Every 6 months or so I get a new PC,
and 5) I just don't trust software where the company could dissappear in a
year or two and leave dry in the dust.

I'm the exact same way with 3rd party ASP.NET components, they typically
lock you into a domain but for me that simply doesn't work because I might
have http:// ww w.mydomain.com /.net /.org /.info and use the non-.com ones
for mirrors incase my bandwidth usage gets close to my quotas. Most 3rd
parties would requirement to fork up another $399 for a new license for each
sever... blah. Very fortunate that for most components I would normally
have the desire to purchase were it not for the licensing policies they use,
I have the ability to create my own from scratch that often work better and
have better features and are tailored specifically for my own needs.

Decompilers are very useful for understanding the System.* internals and
fortunately there is Reflector which is free and has never let me down. I
therefore don't have the need to dump $500 and be tied to a machine that
will not be the same in even 6 weeks from now considering that I'm about to
upgrade to a dual pentium xeon pretty soon... and in the context of the
message, I'm a home user, this is not for my employment so I'm ever more
cautious when it comes to my own money. And yes, I *do* pay for all my
software, which is why I care so much.

Nonetheless, I have no doubts that its a fine product. Just one that I'll
never review or purchase.


Thanks,
Shawn

 

[Shawn B.]

Huh? VB is very powerful and is good for exactly what C# is good for and
managed-C++/C++/CLI is good for. Due to problems with COM+, we created a
custom transaction manager/server that completely replaces COM+ and work
much faster and does much more and it was written in VB.NET... of course,
now that we learned of the upcoming System.Transactions namespace, I don't
know where that'll leave us... but the point being that we have just as many
projects in this company written in VB.NET as there are C# and there is no
difference between the functionality or featureset or potential of the two
except that the languages they were developed in reflect the comfort of the
developer who wrote them.

If you mean to say "but its good for nothing else but [for me] its good for
nothing else but studying or playing" then I'll buy that. But to make such
a general statement, is incorrect. As a very good VB.NET developer for a
solution and he'll provide one in VB.NET. Ask a very good C# developer for
a solution and he'll provide one in C# and the same with a developer of any
other language. In the .NET world, VB.NET is no more or less capable than
C# (except in the case of operator overloading ala 2003) except VB.NET is
much better with COM-Interop than C# (at least, its easier than C# I should
say) and the IDE support is superior for VB.NET than C#.

Apart from the fact that there are endless holy-wars and religious
discussions regarding C# vs. VB.NET, I say the best tool for the job. In
the end, VB.NET usually wins with me but I've found some unique places where
C# is better suited for the task (such as my .NET-based NES emulator (not
public material, BTW)).

Thanks,
Shawn

 

[Shawn B.]

I've never seen original variable names being shown in the source when I run
ILDASM or Reflector... but of course you'll see all the other meta data that
needs to be there.

 

[Shawn B.]

Its not like everyone developing an application is so unique that no one
else is, just that the management is "convinced" they are the only ones
doing it. I consulted for a company 2 years ago that wanted me to make an
online calendar and contact management system. They even tried to get
patents on it because they were convinced that no one else was using a
calendar quite the way they were (except yahoo calendars, hotmail, and a few
others...).

They had everyone sign NDA and Trade Secret documents and everything... its
a friggin' calendar. I copied the look-and-feel from Yahoo and the same
work flow (which incidentally happened to be the same that this company
wanted) only I implemented it myself and they thought that theirs was the
only one until I showed them a few others that were out there.

My point is that everyone wants to protect their work (rightfully so, I
suspect I'm the same way only I don't care as much since I realize a
determined person will uncover my "secrets" in no time, anyway) all equally
convinced that they are doing something that no one else is doing only, many
people are doing it all equally convinced that they need to "protect" their
IP because no one else is doing it. Its a vicious cycle of nonsense.

In all the places I've consulted and been full-time employed... the only
thing different about their respective business applications is some take
the concept to one extreme while others take it to another... functionality
might be greatly improved in some companies, but in the end, they are all
the same application over and over and over...... input custom info,
generate invoice, balance the books, keep a list of contacts for follow-ups,
post the invoice... post the payment... post this, reverse that, input this,
data-mine that... its all the same, relatively. Nothing novel about it.

Occasionally I see something that is actually quite inique and impressive so
it is the exception... I'd say a good 80% of business apps out there share
much in common with each other and aren't worth "protecting".


Thanks,
Shawn

 

[Shawn B.]

I've on many original source code bases that have no comments... don't need
a decompiler cause me to agree with your statement...

We'll written code, on the other hand, doesn't need comments except in
complex "workflows" more or less explaining a process or business rule, but
in the end, the code itself rarely needs comments. I find it very difficult
to read code with too many comments or the damned C# XML documentation ...
500 lines of XML docs for only 30 lines of C# code... ugh. I document the
XML comments externally using a utility I created...

* Too many comments: bad
* Not enough comments: ok for well-written code, bad for poorly written code
* No comments: see above.

 

[Shawn B.]

Totally agreed. You really articulated my thoughts much better than my
first earlier attempt.


Thanks,
Shawn

 

[Jonathan Pierce]

I've never seen original variable names being shown in the source when I

run
ILDASM or Reflector... but of course you'll see all the other meta data
that
needs to be there.

The local variable names are in the pdb file, and you are correct that
although Decompiler.NET does retain local variables names when you decompile
your assembly with it and have the pdb file, these other two tools that you
mentioned do not support this capability. I recommend that you try the
product that is mentioned in the title of this thread and not make any
asseumptions regarding it's quality or capabilities based on your experiece
with other products that you have tried in the past. Please let me know if
at any point you feel that any of our claims are not 100% accurate or
experience any issues that you want to discuss further based on your use of
the product.

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/

 

[Shawn B.]

I was referring to my decompiles of the System.* namespaces, of which, we do
not have the pdb files, and so therefore, there is no product that will
provide such functionality. I do not decompile assemblies for which I have
the source code for and presumably, I won't have pdb files for assemblies
that I don't have the source code for anyway. I'm not in the habbit of
peeking at other peoples code unless they provide it to me in some way (and
I don't peek at GPL code either as I dissagree with the license terms in
general) and it is so much more fun to come up with my own implementation
and learn along the way, anyway. The System.* namespaces are the only
exception and there is much to be learned about their internal workings and
at the very least, microsoft doesn't condemn doing so and so I feel no
guilt. Of course, there's always Rotor... but... not to go off-topic.

I was not making any comments about the capabilities of your product as I
really have no clue about its capabilities. I was only stating an opinion
of mine and it was not meant to be an authoritive, definitive, factual
conclusion of the matter.


Thanks,
Shawn

 

[Vortex Soft]

I've never seen original variable names being shown in the source when I run
ILDASM or Reflector... but of course you'll see all the other meta data that
needs to be there.

Try BinText 3.0

This is a partial extract of one of my exe dump:

FilePos Mem pos ID Text
0056B45E 1156C45E 0 Countries
0056B468 1156C468 0 CountryCode
0056B479 1156C479 0 CountryName
0056B48F 1156C48F 0 MinTime
0056B497 1156C497 0 Compile
0056B49F 1156C49F 0 Events
0056B3E0 1156C3E0 0 GetText
0056B3E8 1156C3E8 0 FrameSize
0056B3F2 1156C3F2 0 DecodeText
0056B3FD 1156C3FD 0 FileName1
0056B407 1156C407 0 Props
0056B40D 1156C40D 0 get_INIFileName
0056B41D 1156C41D 0 get_Prop
0056B426 1156C426 0 Section
0056B432 1156C432 0 set_Prop
0056B43B 1156C43B 0 Write
0056B441 1156C441 0 INIFileName
0056B452 1156C452 0 Values
0056B45E 1156C45E 0 Countries
0056B468 1156C468 0 CountryCode
0056B479 1156C479 0 CountryName
0056B48F 1156C48F 0 MinTime
0056B497 1156C497 0 Compile
0056B49F 1156C49F 0 Events


VS

 

[Vortex Soft]

In all the places I've consulted and been full-time employed... the only
thing different about their respective business applications is some take
the concept to one extreme while others take it to another... functionality
might be greatly improved in some companies, but in the end, they are all
the same application over and over and over...... input custom info,
generate invoice, balance the books, keep a list of contacts for follow-ups,
post the invoice... post the payment... post this, reverse that, input this,
data-mine that... its all the same, relatively. Nothing novel about it.

Occasionally I see something that is actually quite inique and impressive so
it is the exception... I'd say a good 80% of business apps out there share
much in common with each other and aren't worth "protecting".

If you used the CLS to develop any application (not an applet)
containing non public domain algorithms and released it to the public,
post it's Demo URL here if you don't fear it to be reverse engineered.


Thanks

VS

PS - I put my hand on the Holy Bible and swear not even think about
reverse engineer it even if it has any value (for me.

 

[Jonathan Pierce]

These are not local variable names. They are symbols that are probably field
or property names which are in the compiled assembly. The local variables
are only present in the pdb file.

Jonathan

 

[Vortex Soft]

These are not local variable names. They are symbols that are probably field
or property names which are in the compiled assembly. The local variables
are only present in the pdb file.

Jonathan

Thanks for replying
This MY exe file, I have access to the original source code, I know what
I am saying, no offence to such a illustrious (forgive me my bad
spellings) person.


VS

 

[Jonathan Pierce]

You need to post your code snippet then to make your example complete. I
still don't agree with your assessment.
Post the code here that goes with your claim about what you see in BinHex.

Jonathan

 

[Vortex Soft]

You need to post your code snippet then to make your example complete. I
still don't agree with your assessment.
Post the code here that goes with your claim about what you see in BinHex.

Jonathan

First:
I believe that you din not read clearly my post, I did not refer to your
useful program, I refeered to a public domain program named ------
bixtext.exe --------- a small utility that displays any 'suposed' string
in any file, no mather if it is exe, dll or whatever.

Second:
I think that you did a great contribution to the programmers comunity
exposing what a malware person would hide.

Third:
My code is not public domain (unless the m...f... who entered my system
got it) and the full code has 40+ modules and classes.


Resume:
I am not fighting against you or MicroSoft


Bye

VS