Results 1 to 8 of 8

Thread: Reverse Engineering C++ DLL

  1. #1
    tabacky
    Guest

    Reverse Engineering C++ DLL

    Does anyone here have some hints on how to reverse engineer c++ DLL's source and header files?

    I know this info is compiler specific, im more or less just trying to use a DLL in a program. i can generate the lib's from the dll but i need the header file to use the lib's. Any replies will be helpful thx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    If I understand correctly what you are asking, you want to: Manually generate the Header files for some DLL's you have available, so you can use their functions in you own programs?

    1. It is POSSIBLE. If you disassemble the DLL in IDA and look at the export list, you may see an uncommented list of all the parameters that each exported function takes. You would then have to figure out what each of those parameters is: An Index, A string, a Structure, the pointer to some Structure? an array of Pointers? and understand what the function does with the parameters. . . At the end of the day, you would have to consider what is more time and brain consuming, fully reverse engineer the DLL, or at least the functions you are intersted in? or write you own functions from scratch.

    2. If these DLLs are commercially available, perhaps you may find copies or demos of the headers floating around in Cyberspace. I assume you have searched and searched the web site of the company that made the dll and companies that use the dlls. Also search for the names of the exported functions, sometimes they are described in very user friendly manuals, PROTOTYPES included.

    3. If you are coding a program for sale, be aware that the dll code will be under CopyRight, so you may as well buy now the DLLs, headers included, than have to pay a law suit later on.
    Last edited by naides; June 5th, 2005 at 08:03.

  3. #3
    tabacky
    Guest
    I have the exported functions and their demangled names with the params, but how would i obtain what is inside a struct or a defined array? Thank you for your input
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Well, That is exactly what I was talking about. Unless the dll function(s) take trivial parameter types, like and int, string or something simple like that, the brunt of your work is to Reverse Engineer the structures and arrays the function takes. Without fully understanding (Bonafide reverse engineering) what the function does with all those, possibly very convoluted data types, you have little use for the function's code.

    If you have an exe file that calls the dll functions, with a little patience you stand a chance of figuring out what is the contents and the meaining of all the parameters passed by reference and value, how they are needed and they are used by the function; but chances are it will not be an easy or quick job.

    Other more senior reverse engineers in the board may give you more info.

  5. #5
    tabacky
    Guest
    Is it possible to create an accurate source just from the disassembly of the DLL coded in c++, i dont wanna buy a program to do this i wanna learn how its done
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,085
    Blog Entries
    5
    Hi

    It's back to the same answer I think, reverse engineering both the calling exe and the dll exactly as Naides described. Are you saying you don't have the exe? In that case I can't see there's much hope if you can't trace the exported functions during real use to *try* to figure out what the parameters are, a dead listing alone is of little use.

    If you do have the exe there's lots you could do. Live trace the exe/dll for one of course. You could also use an API spy on the exported functions, a log of their use will clarify things immensely. APISpy32 for example lets you create your own Library files (libedit.exe) for exports monitoring. Here is the listing of the supported argument types, which also gives a small idea of what you have to figure out from hands on RE.


    void - No arguments
    DWORD - Integer type 4 bytes length
    WORD - Integer type 2 bytes length
    BYTE - Integer type 1 bytes length
    LPSTR - pointer to zero terminated string
    LPWSTR - pointer to unicode string
    LPDATA - pointer to any data
    HANDLE - any handle 4 bytes length
    HWND - window handle 4 bytes length
    BOOL - boolean type 4 bytes length
    LPCODE - pointer to any code
    LPBYTE - pointer to BYTE type variable
    LPWORD - pointer to WORD type variable
    LPDWORD - pointer to DWORD type variable
    FLOAT - FLOAT type variable
    LPFLOAT - pointer to FLOAT type variable

    Kayaker

  7. #7
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    Quote Originally Posted by tabacky
    Is it possible to create an accurate source just from the disassembly of the DLL coded in c++, i dont wanna buy a program to do this i wanna learn how its done
    A program to rebuild C++ sources? I don't think such a beast is available, even if you are willing to pay. Compilation is not a reversible process, even if you target it at some specific compiler, especially for the presence of the optimization step.
    Further steps, like packers/encrypters which are able to scramble sensitive parts of the code, make the reverse process even more unfeasible.
    So the only answer is the one naides/Kayaker gave you...
    My approach is:
    (a) use your brain as most as you can
    (b) use a good debugger to singlestep or break at some points and verify what have you found with your brain
    (c) obviously the experience (previous targets you reversed) and learning from others (well-done tutorials) will help a lot
    Sorry if these hints are extremely vague... I cannot be more specific without knowing your target.

    Best regards, bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  8. #8
    tabacky
    Guest
    Thanks a lot for your replies, ill take what you said and do what i can =)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. CSI x Reverse Engineering
    By funtikar in forum Off Topic
    Replies: 24
    Last Post: September 8th, 2009, 22:59
  2. VB Reverse Engineering
    By asifpervez in forum The Newbie Forum
    Replies: 6
    Last Post: July 23rd, 2008, 00:13
  3. Reverse Engineering at University
    By Kayaker in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: September 27th, 2007, 22:14
  4. Reverse Engineering Challenges!!!
    By dcuba20 in forum Off Topic
    Replies: 6
    Last Post: May 29th, 2006, 15:16
  5. Reverse Engineering Libraries
    By tabacky in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: May 17th, 2006, 20:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •