BinEditPlus
News (July 25, 2006):
As part of a PowerBASIC feature to create binaries which are resistent to
decompilation, the contents of their data sections are shifted around by
their start-up code. It's unclear at the moment how complex this protection
feature is, but it should not pose a problem if it is compiled back into them.
It does make it difficult to study the decompiled code though, since references
to the data section are often incorrect.
Various solutions to this are being considered, such as compiling a version
with a procedure added which dumps its data section in its run-time state to a
binary file.
BinEditPlus will be able to completely decompile EXE and DLL files into a
recompilable form. It is hoped it will be able to port Windows software automat-
ically to Linux by recompiling the generated sources with
FASM for Linux.
It currently generates:
- disassembly of code sections
- dump of data sections
- dump of imports
- dump of exports
- list of relocations
- most binary files from resources
- nearly compilable resource scripts (definition files)
It decompiles resource sections without using any API calls. Cursors are about the
only part left to go. For unamed resources, it generates equate names with resource-
type-specific prefixes plus it appends comments containing any text associated with
the resource to help indicate what each ID belongs to.
Potential Uses:
- Porting Win32 programs to Linux. This would be achieved by translating
Win32API calls found in the disassembly. Perhaps some API functions could be
borrowed from the WINE project
if Linux doesn't have equivalents for all of them.
- Embedding and linking LIBs
- Creating COM servers in PowerBASIC programs.
- Embedding and exporting "method" and "property" tables for "objects"
- Editing import sections to use substitute DLLs.
- Removal of selected portions of functionality.
- Substituting some custom RTL
- Automated and manual optimization of PowerBASIC created code
- Removal of procedures' prolog and epilog code to create high-speed "fastcall"
procedures
- Creating listings of EXEs and DLLs for study.
- Removal of procedure divider bytes (00 00 00 00 00 00 00 70 62)
It's only 9 bytes per procedure, but they could add up (and why have them
anyway?)
Last updated: July 25, 2006
The source code is in the "bineditplus" folder of the CVS directory.
Browse CVS
Website Home
Project Summary Page at SourceForge.net
This project is sponsored by TheirCorp
(formerly TheirWare Corporation)
