Announcement

**Michael Mattias** · 28 May 2009, 07:47 AM

Since fifteen years of internet use has conclusively disproven the theory one billion chimpanzees typing nonstop will ultimately recreate the collected works of Shakespeare, I think you're on safe ground here.

As we've seen here before, trying to go from compiled code back to source code is like trying to go from hamburger back to cow.

**Marco Pontello** · 28 May 2009, 08:04 AM

Originally posted by Martin Dorfinger View Post

is it still true that nobody in the world can decompile or reverse engineer Power Basic .exe or .dll?

It's true, in the sense that's not possible in a sort of automatic way with some kind of tool / application to get a meaningful / useful PB source from the compiled code.

On the other way, a competent (or a team of) "wizard" can, given enough (*) time, resources and motivations, decompile (i.e. recover the logic / algo and eventually translate into some other language) almost anything.

(*) Enough may of course be a very big, but not infinite, quantity.

Bye!

**Kev Peel** · 28 May 2009, 08:39 AM

IMO, PB is harder as there are many branches to the runtime code. I tested a decompiler on a VB6 app (native code), and the code was very readable - right down to form/control names, loops and labels. You could see references to the VB runtime as external DLL calls. I was shocked at the level of detail

**John Gleason** · 28 May 2009, 08:58 AM

a competent (or a team of) "wizard" can, given enough (*) time, resources and motivations, decompile (i.e. recover the logic / algo and eventually translate into some other language) almost anything.

I'm certain I read somewhere--probably Wikipedia--that it's safe to say anything can be decompiled, tho the time involved may be large, but doable. So you're going to need encryption with a separate password to be sure your data is locked down.

**Gösta H. Lovgren-2** · 28 May 2009, 09:20 AM

Originally posted by Martin Dorfinger View Post

Hi,

This would be great help for me, because I am going to write PB Code which should be impossible to decompile!

thxs

Dunno about decompile but I seen (written) code that's pretty near impossible to debug. {grin}

**Conrad Hoffman** · 28 May 2009, 09:26 AM

You can disassemble pretty much anything into machine code, but so what? You can also look at what it does on the screen and make a pretty good guess as to how to code it. My experience is that when people are excessively concerned about secrecy, they haven't explored the field in sufficient depth to realize what they are trying to keep secret, is more widely known than realized, or can be derived more easily than first thought. Now, if you're talking data, like credit card numbers or such, that's a different matter that requires different security measures.

**Michael Mattias** · 28 May 2009, 09:33 AM

Anybody good enough to decompile it and actually use it will also be good enough to beat any protection scheme you come up with.

**Marc van Breemen** · 19 Sep 2009, 07:49 AM

Big plus for Win32/PB vs. .NET

PowerBasic compiles to Win32 native code which is hard to reverse engineer. In contrary to that even a chimp can decompile a .NET assembly (EXE/DLL) to source which is almost identical to the original code!. I found this out a few months ago, which made me decide to step over to a native code compiler again (PB) and leave .NET. I still can't believe that it's so easy and that MS, and many other .NET followers, just raise their shoulders about it. As if it's not important to protect you're IP. Yes, it's possible to reverse engineer every program, but it should not be *that* easy as with .NET .....

HUGE selling point for PowerBasic I believe!

**Edwin Knoppert** · 19 Sep 2009, 08:05 AM

The good news is that a .NET exe and dll can be executed from memory
So far i havent found proof of writting the actual assembly to disk when executed.
Once the assembly get's executed it is recompiled to some machine depending code.
I am not sure if it's possible to decompile that result though.

If you want an exe executing a .NET (v2) assembly from memory.. let me know

**Michael Mattias** · 19 Sep 2009, 10:15 AM

>The good news is that a .NET exe and dll can be executed from memory

And this is good news because ?????

Enquiring Minds Want to Know!!

**Edwin Knoppert** · 19 Sep 2009, 10:23 AM

I mean that could be a way to prevent decompiling.
Executing goes by binary array and it's up to the programmer how to embed the assembly and how to pass it to the Common Language Runtime.

I ever did a short investigation and seems to me that this can help.
I just can not guarantee it though..

**Marc van Breemen** · 19 Sep 2009, 11:35 AM

Originally posted by Edwin Knoppert View Post

The good news is that a .NET exe and dll can be executed from memory
So far i havent found proof of writting the actual assembly to disk when executed.

Sorry but I don't understand you're saying here. If a .NET program is installed on a clients PC, the EXE *is* on the disk available to decompile in 1 second.

**Michael Mattias** · 19 Sep 2009, 12:32 PM

Personally, I think worrying about someone decompiling my programs to get algorithms is silly.

Maybe you can get data or decryption strings if the data are not added with some kind of encryption, but trying to get usable logic from this exercise is a waste of time.

Besides, my algorithms cannot possibly be all that 'unique' anyway.

(Yes, I DO encrypt certain program data.. eg. serial numbers, as well as 'table-like' data it took me many hours to find and organize into a table format useful for programming).

**Marc van Breemen** · 19 Sep 2009, 12:40 PM

Originally posted by Michael Mattias View Post

Personally, I think worrying about someone decompiling my programs to get algorithms is silly.

I think it's a problem. .NET is "open source". The tools which decompile are doing their job so good that it's hard to see much difference which the original code, except for the missing code remarks.

I want to protect my work because it's my IP. If I don't care about that then I could just put the original source code on my website (or sourceforge) for everyone to download. That's what the .NET executables are: open source.

I guess you don't want *your* source code to be freely available?

**Edwin Knoppert** · 19 Sep 2009, 01:02 PM

Originally posted by Marc van Breemen View Post

Sorry but I don't understand you're saying here. If a .NET program is installed on a clients PC, the EXE *is* on the disk available to decompile in 1 second.

And.. do you want to understand?

**Marc van Breemen** · 19 Sep 2009, 01:04 PM

Originally posted by Edwin Knoppert View Post

And.. do you want to understand?

Yes, why wouldn't I? If I don't I won't ask it.

**Edwin Knoppert** · 19 Sep 2009, 01:12 PM

You didn't..

I mentioned that .NET can run stuff from memory.
Unless you are able to intercept that process it seems that my assembly is not in the open this way.
I speculate this and.. i dare you to investigate this by trying to decompile my exe with .NET assembly embedded.
If you succeed.. you win and i gain knowledge..

**Marc van Breemen** · 19 Sep 2009, 01:21 PM

Originally posted by Edwin Knoppert View Post

You didn't..

I mentioned that .NET can run stuff from memory.
Unless you are able to intercept that process it seems that my assembly is not in the open this way.
I speculate this and.. i dare you to investigate this by trying to decompile my exe with .NET assembly embedded.
If you succeed.. you win and i gain knowledge..

Maybe we don't understand each other. Let me give an example.

I have created a program for a customer; that's an EXE which will be installed on the clients PC. The EXE is needed to run the program.

Now let's suppose the client wants to get all or some of my code. He downloads and installs the free Reflector program, which can download here. In Reflector he opens the EXE, which is on his PC of course, and then he's free to examine all classes and code ('disassemble'). Easy as that.

I've read several posts about this subject and remarkably MVP's and even people from Microsoft don't see a problem with that. The program Reflector is even recommended on their site ....

**Edwin Knoppert** · 19 Sep 2009, 02:45 PM

I failed to explain it properly i guess.

Here is a PowerBASIC executable running a .NET assembly i wrote from memory.
Please read the readme.txt as well.
I think that decompilation got much more difficult but maybe not impossible.

If you are interested...:

http://www.hellobasic.com/trials/HackProofOrNot.zip

Anybody in for a hack today?

Announcement

Decompilation

Decompilation

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment