Results 1 to 5 of 5

Thread: Reversing win16 applications???

  1. #1
    BobRock
    Guest

    Reversing win16 applications???

    Hello,

    what tools (debuggers, disassemblers, etc) can be used to reverse a win16 application?
    Thx.

    Regards,
    Bob Rock
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    foxthree
    Guest

    NE File format...

    Hi there:

    16-bit windows applications come in what is called as NE-file format... a format that is not particularly appealing.. if you know what I mean However, I think W32DAsm can handle NE Files. I remember working with it a long time back. For Debugging, what better than SoftICE for Win3.x! Take a look at exetools.com/debuggers.

    Signed,
    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Registered User cah's Avatar
    Join Date
    Sep 2001
    Location
    CYBERABAD
    Posts
    58

    Hayya foxthree

    How to find free space & lengthen the code segment of NE file format? Any tools/utilities/knowledge available on this subject.

    Thanks in advance
    Cah....

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,124
    Blog Entries
    5
    Hi Cah,

    Interesting problem. It'd be best to study the NE file structure and figure out how to add a new segment, or increase the length of the last one. There are NE docs at wotsit.org, d/l them all there and examine them.

    Taking a look at the New EXE ("NE") Header file NEWEXE.H, I'd be playing with the values in certain fields you can find as offsets to the ascii "NE" (same as in a PE file), such as:

    NE + 1Ch - Specifies the number of entries in the segment table.

    NE + 22h - Specifies a relative offset from the beginning of the Windows header to the beginning of the segment table.


    Then I'd try to figure out how to add a new segment to the segment table, or maybe easier, lengthen the last segment.


    ;-----------------------------------------------
    struct new_seg /* New .EXE segment table entry */
    {
    unsigned short ns_sector; /* File sector of start of segment */
    unsigned short ns_cbseg; /* Number of bytes in file */
    unsigned short ns_flags; /* Attribute flags */
    unsigned short ns_minalloc; /* Minimum allocation in bytes */
    ;-----------------------------------------------

    Segment Table
    ฿฿฿฿฿฿฿฿฿฿฿฿฿
    The segment table contains information that describes each segment in an
    executable file. This information includes the segment length, segment type,
    and segment-relocation data. The following list summarizes the values found
    in the segment table (the locations are relative to the beginning of each
    entry):

    Location ณ Description
    อออออออออุอออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออออ
    00h ณ Specifies the offset, in sectors, to the segment data (relative
    ณ to the beginning of the file). A value of zero means no data
    ณ exists.

    02h ณ Specifies the length, in bytes, of the segment, in the file. A
    ณ value of zero indicates that the segment length is 64K, unless
    ณ the selector offset is also zero.

    04h ณ Specifies flags that describe the contents of the executable
    ณ file. This value can be one or more of the following:

    06h ณ Specifies the minimum allocation size of the segment, in bytes.
    ณ A value of zero indicates that the minimum allocation size is
    ณ 64K.
    ;---------------------------------------------------------------


    There may other things you'd have to change also and I don't know how well this would work, but it seems to be the starting idea. Your 16 bit app will probably crash and burn the first few times, but it'd be interesting to hear a report of your attempts.

    Cheers,
    Kayaker

  5. #5
    Registered User cah's Avatar
    Join Date
    Sep 2001
    Location
    CYBERABAD
    Posts
    58

    Hayya Kayaker

    thanks for your reply. I will play & dig more about this NE code segment lengthening.

    Cah...

Similar Threads

  1. win16 soft over nt
    By potros in forum The Newbie Forum
    Replies: 1
    Last Post: September 23rd, 2005, 19:09
  2. How can I debug MS VC++ applications?
    By Vortex in forum OllyDbg Support Forums
    Replies: 6
    Last Post: March 21st, 2003, 14:43
  3. Replies: 2
    Last Post: January 28th, 2003, 14:54
  4. APIHooking and ConsoleMode applications
    By foxthree in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: July 1st, 2002, 20:34
  5. Advice about win16 apps
    By allan in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 25th, 2001, 16:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •