Jump to content
Tuts 4 You

Is there a code ripper for C++ (not inline ASM)?


u-jean

Recommended Posts

Is there a plugin that allows to translate basic asm code from olly to c++/c# commands?

I'm talking really the most basic commands like:

SHL EAX,0A --> EAX = EAX << 0x0A

OR EAX, ESI --> EAX = EAX | ESI

AND EAX, ESI -> EAX = EAX & ESI

XOR EAX,EBX --> EAX = EAX ^ EBX

MOV EAX, EDX -> EAX = EDX

etc...

Please don't tell me to use inline asm because I'm programming in C#, which apparently does not support inline asm.

And at the same time please dont tell me to use C++ as i already coded a lot of code for this keygen I'm working on and I'm not going to translate the code to c++.

Link to comment

@Borov: I'm not going to distribute the keygen, its just a hobby project, more of a challenge, and it wouldn't run on most machines anyway as it uses .Net-4-beta for parallelized computation on multicore CPUs for the SHA1 bruteforcing part.

@EmberTheVulprix: Thanks for the hint, but that would still require to make many adaptations to the ripped asm code. I was looking for something that would just save some time while keygenning in C# not actually ripping the whole algo. Also once i'm finished with the algo, i would have to go back and reverse (write it backwards) 50 percent of the code as the key in question is introduced into the algo in the middle already and is not the end result unfortunately.

Edited by u-jean
Link to comment

Based on your posting you translated all those commands wrong in the example anyway. You got Intel and AT&T syntax confused.

Anyway, I'd seriously consider either learning ASM like a champ (because you'll be using it anyway) and then translating the instructions to your language of choice, or finding a new language. There's a reason keygens and other assembly intensive projects are never written in such a HLL like C#.

Answering your question directly you're looking for a decompiler. However, decompilers are notoriously inaccurate and it's commonplace in even the most advanced enterprise decompilation software to mistranslate an instruction. Keep in mind for loops and while loops are structurally similar in ASM, but the difference in a language like C could mean the difference between working code and non-working code if translated wrong. Evaluate the time-cost value of a decompiler. Are you really saving time? Probably not because you'll be double checking to make sure the decompiled code is right if you're any good at what you do.

Look at it like this:

1.) Learning ASM is like learning a second language. You understand every aspect of it and can translate exactly what you want.

2.) Using a decompiler is like using Google Translate to do your homework. It MIGHT get it right, but more than likely it will muff up a line and throw your entire structure off.

Let's summon google for you (because you CAN use inline ASM in C# through unmanaged C and ATL if you knew anything about it).


/>http://www.codeproject.com/KB/cs/unmanage.aspx
/>http://www.codeproject.com/KB/cs/inline_asm_for_c_.aspx

Simply wrap some unmanaged C (your assembly code) in a COM object and call it from C#. It's really easy.

Edited by c0dex
Link to comment

@c0dex: Thanks for the reply, more so considering you chose your first post to be a reply rather than a question.

Thanks for the links, I'll have a look into that.

But you a wrong about me looking for a decompiler.

I can read ASM and I also can translate it to C#.

While most of the time its rather easy, sometimes it gets more difficult (most difficult to translate was MUL, ROL, ADC so far).

But if I look at a code in Olly and understand what it does exactly, I then have to translate it, having a plugin in Olly that translates the basic things would allow me to fast and easy copy small code snippets which are repetitive and indeed this would help me save some time. It shouldn't take the work of my hands, just make it more efficient.

I'm probably better off writing the plugin myself, there is only a limited number of commands in ASM which can be translated unambiguously.

And btw: the syntax is correct in my previous post, thats how OllyDGB is showing it by default if I'm not mistaken. MOV EAX,EDX means copy EDX to EAX.

@Gabor:

This is actually not an option, I'm not talking about whole Algorithm but only smaller parts, the whole algo is spread all over the app and i have already more than 700 lines of code with several functions defined. I'm not going to "outsource" every little step into its own external-function, this just doesnt seem like its going to be a time saver.

Edited by u-jean
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...