PB Decompiler

Kaisen2100 · Post by **Kaisen2100** » Mon May 30, 2005 9:52 pm

Does exists any PureBasic Decompiler??

Its easy to decompile a program made with PureBasic? ... i just want to know hard (or easy) is to decompile PB programs (Windows, Linux, Mac, Amiga)

And if it is posible to decompile, how can i do to avoid (or to make it a very hard work) anyone to decompile my program?

Thanks

Paul · Post by **Paul** » Mon May 30, 2005 10:03 pm

Use a disassembler to veiw the compiled EXE as ASM source.
Every program can be viewed as ASM code regardless of what it is.

Post by **Fred** » Mon May 30, 2005 10:46 pm

you could try to look for PB pattern while decompiling, but it will be really hard to read IMHO (unless you know perfectly assembly).

Kaisen2100 · Post by **Kaisen2100** » Tue May 31, 2005 1:28 am

hehehe ... ok i understand ... its impossible to stop anyone decompliling your programming

... but you can make it harder to him

... but how???

Kaisen2100 · Post by **Kaisen2100** » Tue May 31, 2005 1:30 am

Fred wrote:you could try to look for PB pattern while decompiling, but it will be really hard to read IMHO (unless you know perfectly assembly).

i do not understand this

... "PB pattern"? ... what you mean with that? ... my english is bad

sorry

zapman* · Post by zapman* » Tue May 31, 2005 6:12 am

"Patern" is the name that can be given to any sequence of ASM instructions corresponding to one PB instruction.
Because compilation is an automatic process doing anything in the same way when it has to do it, you can find statistical correspondences when you compare an original PB code and its compiled version.
If you have three loops using "for-next" in your PB code, you'll have three similar paterns of ASM instructions in the compiled code.

To come back to your original question, stand on the idea that it is so hard to decompile an ASM compiled program that you can (at this moment) consider this operation as practically "impossible".
It is "theorically" possible (I made an interresting beginning of Microsoft QuickBasic decompiler some years ago) but I promise you that it is a HUGE work probably much harder than creating a complete new compiler.

As far as I know, there is not any efficient decompiler of any high language (Basic, C, C++,...) available on the market. The one that will do it is a King Master

and it would be very more interresting to decompile C++ than PureBasic.

So, I YOUR program is not one of the best softwares of the last 20 years or a master piece of the national security system of your country, they are very few chances that anyone spends enough time to decompile it.
Keep quiet

Note : because your are not english native, you perhaps thinck that the "IMHO" abbreviation used by Fred was a very complexe programming notion or the name of a secret part of the API... It only means "In My Humble Opinion". Yes, Fred is Humble even if he is probably one of the very few people that would be able to make a decompiler

.

Bonne_den_kule · Post by **Bonne_den_kule** » Tue May 31, 2005 6:44 am

The only good decompiler is the java decompiler.

zapman* · Post by zapman* » Tue May 31, 2005 6:52 am

You can find some Java and Flash decompilers but I don't believe that these languages are "really" compiled (not in ASM).

PB · Post by PB » Tue May 31, 2005 9:04 am

> Does exists any PureBasic Decompiler?

If you mean like a Visual Basic decompiler, which takes the final exe and then
turns it back into VB source code, then no, nothing like this exists for PureBasic.

thefool · Post by **thefool** » Tue May 31, 2005 9:34 am

the big problem is that you dont decompile code to crack it. simply no need for that. so you got to have something that maybe encrypts your registration code block [live. Self modifying code, yeah it is possible in pb], some checks to see if the registration block has been modified, and a lot of other checks and stuff. more checks the better!

Tommeh · Post by **Tommeh** » Tue May 31, 2005 11:04 am

There are all kinds of decompilers, ASM, Java, Flash, VB4 etc

But PureBASIC code is decompilerable, but only to a certen extent.

Here is what you do:

Make a very simple program in PB, something like message requester 'hello world'

and make PB make the ASM file of it, in that ASM you can see clearly what is going on, all you have to do is extract stuff like that from the final exe by yes, looking for the patterns

Kaisen2100 · Post by **Kaisen2100** » Tue May 31, 2005 11:24 am

Thanks people for your help ... but now i have another question

thefool wrote:the big problem is that you dont decompile code to crack it. simply no need for that. so you got to have something that maybe encrypts your registration code block [live. Self modifying code, yeah it is possible in pb], some checks to see if the registration block has been modified, and a lot of other checks and stuff. more checks the better!

How can i do "Self modifying code" ?? ... i was read a few times about it ... but i dont know can i do it in my program? ... exist any example of that? ...

By the way ... Decompile a Java program is easy ... i think ... because it is no compiled to ASM (it is compiled to byte code for the Java Virtual Machine)

thefool · Post by **thefool** » Tue May 31, 2005 11:30 am

viewtopic.php?t=3650&highlight=selfmodi ... odeexample

however you need to remove the encryption that is done at runtime, and then encrypt it directly in the file. Then at runtime it decrypts

traumatic · Post by **traumatic** » Tue May 31, 2005 12:54 pm

Without trying to be a know-it-all I'd like to share my 2ct. as well...

Nothing will ever stop anyone from reversing your code, the only
aim of protection methods is to make it harder.

A decompiler decompiles bytecode (VB, Java, Jamagic

, C#, etc.)
whereas for 'real' applications a disassembler is needed.

Common methods to protect your code from reversing are self-modifying
code, compression and cpu-emulation. Of course all of these methods can
be bypassed as well without even knowing what exactly is going on as the
exe still gets executed at some time, so the wanted code can be obtained
from memory. That's why all 'better' protection-schemes include a check
for commonly used debuggers and disassemblers.

Out of curiosity, do you worry about your app being cracked (bypass
protection) or about secret algorithms being stolen?

thefool · Post by **thefool** » Tue May 31, 2005 2:21 pm

traumatic wrote: Nothing will ever stop anyone from reversing your code, the only
aim of protection methods is to make it harder.

A decompiler decompiles bytecode (VB, Java, Jamagic , C#, etc.)
whereas for 'real' applications a disassembler is needed.

true, again

Common methods to protect your code from reversing are self-modifying
code, compression and cpu-emulation. Of course all of these methods can
be bypassed as well without even knowing what exactly is going on as the
exe still gets executed at some time, so the wanted code can be obtained
from memory. That's why all 'better' protection-schemes include a check
for commonly used debuggers and disassemblers.

checks, checks, checks and checks!
if you can find something about how to disturb an disassembler from finding out wich api calls you made. A way would be api hooking!

check if the registration routines has been altered, and do more checks! so if 1 check is altered, all the other is too. problem is, when a keygen is done then you cant check for it. also if people give out stolen serials. so have somekind of blacklist so if more people uses that number or you see it on asta****.box.** , or any other places, put it on the blacklist. Alter the position of checks and even how the checks are performed, alter encryption algorithms too for each release you make.

PureBasic Forums - English

PB Decompiler

PB Decompiler

Re: PB Decompiler