|
I do believe it is what you see when opening a compiled DLL in notepad, so an ILL decompiler is what he is looking for I think!
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
It isn't, it doesn't have a PE header or anything like that, and I would be able to read it. It's some weird unknown format.
And of course he opened it with a hex editor
|
|
|
|
|
That looks interesting, but I couldn't find out what type of file it was. The closest I got was "maybe some type of Ghost Recon mission script", without any explanation as to how those things work.
Purely going by the contents, I guess that
1 introduces an import
2 introduces a field declaration
3 introduces a method declaration
4 "opens" a class declaration
5 "closes" a class declaration
It's a little tricky to read it like this, I'm used to being able to select the text and see the corresponding bytes highlighted.
|
|
|
|
|
You are exactly right, with your explenation it is a ghost recon Advanced warfighter 2
Deisel script file, I have a console aplication that compiles file extention *.dsf to *.dxe
that is what you see in hex is the dxe file.
What I am working on is decompileing them back to dsf
here is some of the c# code I have so far:
MainForm.cs
namespace DxeDasm
{
public partial class MainForm : System.Windows.Forms.Form
{
private System.Windows.Forms.TreeNode lastNode { get; set; }
private string file_path { get; set; }
private object new_node { get; set; }
[System.Flags]
public enum FileFlags
{
Import = 0x01,
Field = 0x02,
Class = 0x03,
Assembly = 0x04,
Script = 0x05
}
public MainForm()
{
InitializeComponent();
}
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
private void Openfile(string file)
{
treeView1.Nodes.Clear();
lastNode = new System.Windows.Forms.TreeNode(System.IO.Path.GetFileName(file_path));
treeView1.Nodes.Add(lastNode);
var d = new dxe_dasm.Program.ScriptDecompiler();
d.FoundClassCallback = new dxe_dasm.Program.ScriptDecompiler();
d.FoundMethodCallback = new dxe_dasm.Program.ScriptDecompiler();
d.FoundMemberVarCallback = new dxe_dasm.Program.ScriptDecompiler();
d.FoundGlobalVarCallback = new dxe_dasm.Program.ScriptDecompiler();
d.FoundImportCallback = new dxe_dasm.Program.ScriptDecompiler();
d.FoundEndOfCassCallback = new dxe_dasm.Program.ScriptDecompiler();
d.DecompileHeader = file;
richTextBox1.Text = d.Decompile(new_node);
}
public void CallbackFoundClass(string file)
{
System.Windows.Forms.TreeNode new_node = null;
new_node = new System.Windows.Forms.TreeNode();
lastNode.Nodes.Add(new_node);
lastNode = new_node;
}
public void CallbackFoundMethod(string file)
{
}
public void CallbackFoundVarMember(string file)
{
}
public void CallbackFoundVarGlobal(string file)
{
}
public void CallbackFoundImport(string file)
{
}
public void CallbackFoundEndOfClass(string file)
{
}
}
}
Program.cs
namespace DxeDasm
{
static class Program
{
///
/// The main entry point for the application.
///
[STAThread]
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Application.Run(new MainForm());
}
internal class ScriptDecompiler
{
public ScriptDecompiler FoundClassCallback;
public ScriptDecompiler FoundEndOfCassCallback;
public ScriptDecompiler FoundGlobalVarCallback;
public ScriptDecompiler FoundImportCallback;
public ScriptDecompiler FoundMemberVarCallback;
public ScriptDecompiler FoundMethodCallback;
}
internal object DecompileHeader
{
set
{
if (value == null)
{
throw new ArgumentNullException("file");
}
else
{
throw new NotImplementedException();
}
}
}
public string Decompile(object o)
{
throw new NotImplementedException();
}
}
}
}
some help with this would be great
my program will load a dxe file and decompile it bakk to dsf
I'm going to have to use some java code for the script enum though
I'm also studying up on decompilation_thesis Reverse Conpilation Techniques by Cristina Cifuentes
I will be applying alot of her techniques in the control flow graph
aswell as some techniques from Redgates .net decompiler
I hope some fellow programmers can help me with this task.
thank you
|
|
|
|
|
It would be easier to help if you had a specific problem that you needed help with, giving help at random harder.
But I can make a couple of remarks.
Making several instances of the decompiler to bind to the different callbacks is probably a bad thing. The decompiler object has to receive all those callbacks, otherwise it effectively only sees part of the script.
Also, this
[System.Flags]
public enum FileFlags
{
Import = 0x01,
Field = 0x02,
Class = 0x03,
Assembly = 0x04,
Script = 0x05
}
is weird. The flags attribute is meant to be used for enums that contains a bunch of power of two's that can be combined, and that's not what this enum is.
|
|
|
|
|
Well,
That's the problem I'm having. I need a better way to find the opcodes from the dxe file.
cause right now I'm just trying to guess what they are.
can you help with that?
|
|
|
|
|
You can just infer them, right? Compile some simple stuff and see what comes out.
I suppose I can take an other look though. It would be more convenient if I had an actual file.
|
|
|
|
|
Here is the same file Ammosupply.hex = Ammosupply.dxe
you can import it into a hex editor then save it as a .dxe
hence: Ammosupply.dxe
:020000040000FA
:1000000044584500460700000000000000000000C2
:1000100001756E6974732E74797065732E42617305
:10002000650001756E6974732E657874656E736909
:100030006F6E732E44616D6167650001756E697442
:10004000732E657874656E73696F6E732E5472616A
:100050006E73706F72740001436F6E7461696E65C8
:1000600072730001496E7075740001576F726C6491
:1000700000014170706C69636174696F6E00014DBD
:100080006174680001476C6F62616C0001536F75A9
:100090006E6400014C6F63616C697A657200014E99
:1000A0006574776F726B0004416D6D6F537570707E
:1000B0006C7944657363726970746F720003EF0149
:1000C0000000696E69740003F701000064657374D1
:1000D000726F790003FB0100006372656174655FF4
:1000E000657874656E73696F6E000504416D6D6FA0
:1000F000537570706C7900025F6261736500025F16
:1001000065787400025F756E697400025F757664CD
:1001100000025F737570706C795F6576656E740050
:10012000025F7365745F746F5F737570706C7900D4
:10013000025F69676E6F72655F776561706F6E00F1
:10014000031E02000073757065720003290200002F
:10015000696E6974000385020000757064617465DE
:1001600000038D0200007365745F746F5F737570B8
:10017000706C7900036D0300007573650000032A3D
:10018000040000636865636B5F757361626C655F33
:100190006D6573736167650003D4040000656D705D
:1001A00074795F7570646174650003D8040000643D
:1001B000616D6167655F6578706C6F73696F6E0004
:1001C00003E00400006578706C6F64650003E4046C
:1001D0000000616972737472696B650003ED04005D
:1001E0000064657374726F7900031D05000073610C
:1001F00076650003060600006C6F61640005002749
:1002000002270227020A0027000A00270227020C01
:100210000D002D002C696E69740010002E10012E47
:100220000A2E2D032F291D02000027020A00270095
:100230000E0029280200000A00270227020F000CE6
:1002400000002C42617365002D002C696E697400FA
:1002500010012E2D012F280F021001280F01100070
:10026000280F04070000000000280F0509280F06CA
:10027000070000000000280F030E022C7665686955
:10028000636C655F64617461002F280B2984020030
:100290000027020A002704270427040A002703274F
:1002A000030C06002C64656275670007416D6D6F75
:1002B000547275636B3A3A7365745F746F5F7375EC
:1002C00070706C792829002E2D01150F051000285B
:1002D00010002B1903000029CC0200000E022C6232
:1002E0006173655F64617461002C757361626C6534
:1002F0000008280E022C757361626C655F6461747E
:1003000061002C686F7665725F636865636B5F661A
:10031000756E6374696F6E0008280F041001280F52
:100320000610022829690300000E022C6261736521
:100330005F64617461002C757361626C65000928EB
:100340000E022C757361626C655F64617461002CD0
:10035000686F7665725F636865636B5F66756E6311
:1003600074696F6E0009280F040700000000002860
:100370000F060700000000002827030A00270127B6
:10038000010C06002C646562756700074D756C658D
:100390003A3A75736528292C205F737570706C79F3
:1003A0005F6576656E743D000E041607205F696711
:1003B0006E6F72655F776561706F6E3D00160E0639
:1003C000162E2D01150C0B002C73657276657200CC
:1003D0002D002C66726F6D5F636C69656E745F6172
:1003E000736B5F666F725F696E76656E746F72793C
:1003F0005F756E697400082E2D01150E042B2604FE
:10040000000029F70300000C0B002C736572766561
:1004100072002D002C66726F6D5F636C69656E747F
:100420005F61637469766174655F6576656E74009B
:100430000E042E2D011527010A00270127010C06A5
:10044000002C646562756700074D756C653A3A6308
:100450006865636B5F757361626C655F6D6573730F
:100460006167652829002E2D01150C0A002C6C6F80
:100470006F6B757000076D6573736167655F746F8F
:100480005F7265737570706C79002E2D012C72652A
:10049000706C61636500073C2A3E00002E0C08006A
:1004A0002C696E7075745F6D616E61676572002C8A
:1004B0005F62696E64696E6773002C6765745F6262
:1004C0007574746F6E5F7472616E736C6174656461
:1004D0005F6E616D65002F2E2D022F29D304000061
:1004E00027010A0027000A002702270227020A0024
:1004F00027000A0027000E0F2D00150A00270027ED
:100500000111000E022C76656869636C655F646199
:100510007461002F280E002C64657374726F79006B
:100520002D00150F000A280F020A280A00270127AC
:100530000127020C06002C646562756700074D7583
:100540006C653A3A736176652829002E2D011511E4
:10055000010E022C76656869636C655F6461746185
:10056000002F2810002C7361766500077365745F97
:10057000746F5F737570706C79002E0E052E2D02EE
:100580001510002C736176650007737570706C79B7
:100590005F6576656E74002E0E042E2D0215100018
:1005A0002C736176650007757361626C65002E0EB1
:1005B000022C626173655F64617461002C75736104
:1005C000626C65002F2E2D021510002C736176656C
:1005D0000007686F7665725F636865636B5F667559
:1005E0006E6374696F6E002E0E022C757361626CFF
:1005F000655F64617461002C686F7665725F636823
:1006000065636B5F66756E6374696F6E002F2E2D68
:10061000021527010A00270127010C06002C64653A
:1006200062756700074D756C653A3A6C6F616428B6
:1006300029002E2D01150E0A10002C6C6F6164002C
:10064000077365745F746F5F737570706C79002EDB
:100650002D012F2E10002C6C6F61640007737570D4
:10066000706C795F6576656E74002E2D012F2E10EB
:10067000002C6C6F6164000769676E6F72655F774D
:100680006561706F6E002E2D012F2E2D03150E0249
:100690002B01070000298A0600000E022C626173FC
:1006A000655F64617461002C757361626C65001034
:1006B000002C6C6F61640007757361626C65002EBD
:1006C0002D012F280E022C757361626C655F6461C9
:1006D0007461002C686F7665725F636865636B5F39
:1006E00066756E6374696F6E0010002C6C6F6164C8
:1006F0000007686F7665725F636865636B5F667538
:100700006E6374696F6E002E2D012F282942070039
:10071000000C06002C6572726F7200075468652029
:10072000416D6D6F537570706C7920646964206ED3
:100730006F74206C6F6164206974732075736162DB
:100740006C6520696E666F207269676874002E2D73
:06075000011527010A005B
:00000001FF
modified 18-Feb-14 10:20am.
|
|
|
|
|
Well, not with the hexeditor I'm using, apparently. Why not just post a link to the raw file?
|
|
|
|
|
I'm using BreakPoint Software Hex Workshop v6.7
you can import:
Hex Code(*.hex) 8 bit 16 bit 32 bit
Motorola S-Records(*.S19,*.S28,*S.37,*.mot)
you can export:
ANSI Text(*.txt)
UTF-8 Text(*.txt)
Unicode Text(*.txt)
HTML (*.htm,*.html)
RTF (*.rtf)
C Source (*.c,*.cpp)
Java Source (*.java)
Hex String (*.txt)
Hex Code(*.hex) 8 bit 16 bit 32 bit
Motorola S-Records(*.S19,*.S28,*S.37)
Base 64 Encoding (*.b64)
UUEncode (*.uue)
An awesome program
on the last reply I hit email
didn't that email you?
|
|
|
|
|
daddy356 wrote: on the last reply I hit email
didn't that email you? Maybe, you did email me and I emailed back.
Seriously though, just post the file. There are like a million file lockers that you could use, and dropbox. Or email it to me, that's fine too.
|
|
|
|
|
All right, here are a couple of findings.
07 makes a string
2C seems to access named fields/functions
0E XX loads a field of a this object? XX is index of field?
06 starts the body of a function?
0A ends the body of a function?
29 4A has something to do with returning?
29 5B has something to do with branching?
I'm not sure about anything any more. Especially not what happens to integers. I've tried many forms of "return 12345" and the results are just .. weird.
|
|
|
|
|
I have no Idea how you got that info
but it will be real usefull
I know that the code is within the console application
it just needs to be reversed
thank you
|
|
|
|
|
I compile very simple code, then I change 1 thing in it and compile it again, then I look at what changed in the output.
As for integers, I've figured that out: there are no integers, only floats.
06 XX XX XX XX loads a 32bit floating point number, stored with the bytes in reversed order.
So 06 can't also be the start of a function, I'm not yet sure what's up.
16 is addition, it looks like it "pops" two things and pushes the result.
17 is subtraction
18 is multiplication
|
|
|
|
|
Man that is awesome you sure are fast
I need to get ahold of Morpheus, So we can meet up with him
and jack in to the program construct and he can download your memory banks
and upload them to my memory banks
Wish that was going to happen in our life time
it would put schools out of bussiness.
thanks man for all your time
you can keep going if ya like
I'm not as smart as you Sir.....WOW!
|
|
|
|
|
Now now, I'm not that great..
I'd like that brain interface thing though
Anyway, 19 is division, and I still don't understand the control flow. It's weird. 29 is definitely involved somehow.
For example, take
import units.types.Base;
class Test
{
object _first;
object _second;
somefunction()
{
return 1 / otherfunction();
}
otherfunction()
{
return 1;
}
}
Compiled to:
44584500 72000000 00000000 07E54100 // header stuff?
01 // import
756E6974 732E7479 7065732E 42617365 00 // import name
04 // class
54657374 00 // class name
02 // field
5F666972 737400 // field name
02 // field
5F736563 6F6E6400 // field name
03 // function def
50000000 // pointer to function code (little endian, add 0x10)
736F6D65 66756E63 74696F6E 00 // fundtion name
03 // function def
64000000 // pointer to function
6F746865 7266756E 6374696F 6E00 // function name
05 // end of class?
00 // ???
27 // ?? always seems to start a function, no idea what it does
00 // possibly an argument to the 27?
06 0000803F // load 1
0E 03 // load 3rd thingy of this-object (otherfunction)
2D 00 2F // probably something to do with invoking that function
19 // the division
29 63000000 // jump to 00000063 ?? (see label1)
0A // dunno, always seen near the end of a function
00 // dunno either, always at the end of a function, label1 points here
27 // already covered
00 //
06 0000803F // load 1
29 71000000 // jump to label2
0A // ??
00 // label2 points here
Label refs are little endian absolute addresses and start at 0 directly after the 16-byte header.
|
|
|
|
|
Awesome stuff
You certainly got farther then I ever did
you see if I can get a good decompiler for the dxe files
I can add new vehicles to the game, like boats and new tanks
cause right now there are no boats in it and you can only mount
ground guns. You can't drive anything or mount any of the guns on the vehicles
but ai can, so that just means we will be able too
I have made new vehicles with 3ds max and right now I can only replace one of the ingame
vehicles, but I did manage to get the Stryker and apache working and they only worked
in the first version of the game but not in the 2nd version
if you've never seen it or tried it, it's an Awesome first person shooter
it uses XML files for the mission scrips so thats easy amd even comes with
a map editor so you can create your own missions
this game has been out for a long time and will never get old
because of the new missions
I have also modded all of the Grand theft auto versions aswell
well enough of that, I'm rammbling
check out Cristina Cifuentes reverse techniques now that is a smart woman
|
|
|
|
|
I have this code so far, and am having issues with lining up the information output correctly. I'm not sure what I'm doing wrong at the moment. It's mainly the bold section that I can't get to output correctly
It is supposed to look like
Price .10 .15 .20 .25
--------------------------------------
10.00 1.00 1.50 2.00 2.25
15.00 1.50 2.25 3.00 3.25
20.00 2.00 3.00 4.00 5.00
25.00 2.50 3.75 5.00 6.25
But it looks like
.10 .15 .20 .25
10.00 15.00 20.00 25.00
1.00 1.50 2.00 2.25 1.50 2.25 3.00 3.25 etc.
namespace TippingTable2GUI
{
public partial class frmMain : Form
{
public frmMain()
{
InitializeComponent();
}
private void buttonCalc_Click(object sender, EventArgs e)
{
double dinnerPrice = Convert.ToDouble(minPrice.Text);
double tipRate;
double tip;
double maxRate = Convert.ToDouble(maxTax.Text);
double lowRate = Convert.ToDouble(minTax.Text);
double minDinner = Convert.ToDouble(minPrice.Text);
double maxDinner = Convert.ToDouble(maxPrice.Text);
const double TIPSTEP = 0.05;
const double DINNERSTEP = 10.00;
tipRate = lowRate;
label1.Text = "";
label6.Text = "";
label7.Text = "";
for (tipRate = lowRate; tipRate <= maxRate; tipRate += TIPSTEP)
label1.Text = label1.Text + String.Format(" {0, 8}", tipRate.ToString("F"));
label1.Text = label1.Text + String.Format("{0, 8}", tipRate.ToString("C"));
const int NUM_DASHES = 50;
for (int x = 0; x < NUM_DASHES; ++x) ;
while (dinnerPrice <= maxDinner)
{
label6.Text = label6.Text + String.Format("{0, 8}", dinnerPrice.ToString("C"));
while (tipRate <= maxRate)
{
tip = dinnerPrice * tipRate;
label7.Text = label7.Text + String.Format("{0, 8}", tip.ToString("F"));
tipRate += 0.05;
}
dinnerPrice += DINNERSTEP;
tipRate = lowRate;
}
}
}
|
|
|
|
|
Use a mono spaced font and pad you text
Use a proper label printing tool
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
There are a number of problems there, such as this:
for (int x = 0; x < NUM_DASHES; ++x) ;
Which does nothing.
And the very wasteful way you are assembling strings: they are immutable, remember, which means that each time you add two strings, you create a new, bigger string and copy both originals into it. You should consider looking at StringBuilder if you are going to do that in future.
But...as Mycroft said, a monospaced font and manual padding will work.
I just wouldn't do it.
Instead, I would use a DataGridView to display the data - it's a lot prettier, a lot more flexible, a lot friendlier for the user, and once you are used to it a lot easier to use.
Try it! Drag one onto your form, and give it 5 columns, with appropriate headings.
Then just add rows - MSDN will help you with an example.
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952)
Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
|
|
|
|
|
I agree with OriginalGriff if you don't have to output in a cmd window eg. try using a grid or listview or something.
aligning text into columns is not as easy as it looks.
|
|
|
|
|
i want to open emplyee profile by clicking datagrivew cell how it possible ? first i load all emplyees in datagribview and now i want to make click event on employee to show it profile in other form...
i am sok
|
|
|
|
|
Add an event handler for the function you wish to capture: CellClick, CellDoubleClick etc. You can do this in the properties window of the DataGridView, or just double click in the cell in the Form Design window in Visual Studio.
Veni, vidi, abiit domum
|
|
|
|
|
Create a cell click handler dynamically:
dataGridView1.CellClick += new DataGridViewCellEventHandler(dataGridView1_CellClick);
private void dataGridView1_CellClick(object sender, DataGridViewCellEventArgs e)
{
}
|
|
|
|
|
When i try to deserialize hexadecimal value it throws following exception?
hexadecimal value 0x03, is an invalid character.
While i am trying serialize ascii charactors it's not providing any type of issues,but when i try to deserialize it throws above exception.How to solve above issue?
Here i have attached sample project PFA.
https://skydrive.live.com/redir?resid=4A762A0B7460096A%21171
In above sample project ,i can able to serialize the input data but after serialization successful i can't do deserialization ,it throws some exception.Please give some solution .If unable to deserialize hexadecimal to ascii from serialized data means why should you allow to serialize the ascii characters?
|
|
|
|