Orbiter-Forum  

Go Back   Orbiter-Forum > Orbiter Space Flight Simulator > General Questions & Help
Register Blogs Orbinauts List Social Groups FAQ Projects Mark Forums Read

General Questions & Help General & Advanced Orbiter flight questions, Orbiter installation questions, to all other help topics here.

Reply
 
Thread Tools
Old 09-10-2019, 01:01 PM   #1
gattispilot
Addon Developer
 
gattispilot's Avatar
Default Decompiling a dll

I get asked this question. Can you decompile a Dll? I usually say "No". But I was goggling to see if that was true.

It seem I might be wrong.


https://www.dll-decompiler.com/dll2c.html



Any thoughts on this?

Last edited by gattispilot; 09-10-2019 at 01:11 PM.
gattispilot is online now   Reply With Quote
Thanked by:
Old 09-10-2019, 01:36 PM   #2
IronRain
Moderator
 
IronRain's Avatar


Default

I'm not a C++ developer, but the first thing that popped into my head was https://downloadmoreram.com/ (THAT'S FAKE PEOPLE).
IronRain is offline   Reply With Quote
Thanked by:
Old 09-10-2019, 02:13 PM   #3
Urwumpe
Certain Super User
 
Urwumpe's Avatar

Default

Quote:
Originally Posted by gattispilot View Post
 I get asked this question. Can you decompile a Dll? I usually say "No". But I was goggling to see if that was true.

It seem I might be wrong.


https://www.dll-decompiler.com/dll2c.html



Any thoughts on this?
Looking at the results on the homepage, it is just coarsely pattern matching disassembly code into C-like code, but it does not even look like any standard API of windows.

It might be easier to read than assembly language files for some, but I doubt you will enjoy the output if you have an optimized math-heavy Orbiter module there (There assembly output might even be easier to read).

Hell, I am sure, it could not even get the includes for OrbiterAPI right, let alone properly identify the standard library of Orbiter.

Better stay away from it, if you are not experienced in reverse engineering.
Urwumpe is offline   Reply With Quote
Old 09-10-2019, 02:21 PM   #4
gattispilot
Addon Developer
 
gattispilot's Avatar
Default

Thanks. I am not going to try it.

Maybe a tool to help see how dll from the past worked and maybe rework like AFcs,....
gattispilot is online now   Reply With Quote
Old 09-10-2019, 02:21 PM   #5
soumya-8974
Wiktronaut
 
soumya-8974's Avatar
Post Re: Decompiling a dll

I tried to use DnSpy for decompiling DLL, but for some reason, I do not use it.
soumya-8974 is offline   Reply With Quote
Thanked by:
Old 09-10-2019, 02:48 PM   #6
Face
Beta Tester
 
Face's Avatar

Default

In principle it is possible to decompile a DLL, because you can certainly disassemble it. If you have a disassembly, you could search for patterns that C-compilers usually emit when compiling code, and then sort of guess what C-code it originated from.

However, this is not a trivial task and error-prone for sure. In the worst case, all these generators produce is a bunch of skeleton C functions with many ASM statements inside. In the best case, you still have to decipher random variable names for their logical meaning, because C compilers usually do not embed meta-data containing variable names and somesuch. In combination with debug builds and debug databases (pdb), it might make sense, though.
Face is offline   Reply With Quote
Thanked by:
Old 09-10-2019, 03:11 PM   #7
gattispilot
Addon Developer
 
gattispilot's Avatar
Default

So I am going to be ignorant. So what would dissembling a dll look like?
gattispilot is online now   Reply With Quote
Old 09-10-2019, 03:45 PM   #8
Face
Beta Tester
 
Face's Avatar

Default

Quote:
Originally Posted by gattispilot View Post
 So I am going to be ignorant. So what would dissembling a dll look like?
Take a look at IDA Pro and ollydbg . Especially the former is pretty good at showing not only the assembler code, but also diagrams of code relations (e.g. loops and calls). The later tool allows you to step through the code while the program is running.

Both essentially produce an address-numbered list of assembler mnemonic, representing the machine code of your binary. Usually you have the address in the first column, followed by several bytes in hexadecimal notation, followed by the assembler mnemonic for those bytes. Most also give additional information in a 4th column, like e.g. a cross-reference to static text content or already known function entry points.
In addition, good disassemblers can also detect various calling-conventions for functions and display the function signature together with automated argument naming (e.g. arg1, arg2, etc.).
Face is offline   Reply With Quote
Thanked by:
Old 09-10-2019, 09:01 PM   #9
Col_Klonk
Orbinaut
Default

Quote:
Originally Posted by gattispilot View Post
 So I am going to be ignorant. So what would dissembling a dll look like?
The normal Assembly language.
IDA has released a later version as freeware.

A DLL is nothing more than 'object code'

Your code links to it by querying a function via the Kernel ( Colonel )
If successful the query returns a 'Function address' which is nothing more than a procedure.
Your code then 'branches' (Calls) to the function address, correctly setting up the stack.
Parameters usually supplied are via pointers.
The DLL would have it own (private) variables to maintain.

This is all hidden from you, the C/C++/ and higher.. developer.

To learn more pop along to http://www.masm32.com/board/index.php
You won't regret it...

Last edited by Col_Klonk; 09-10-2019 at 09:09 PM.
Col_Klonk is offline   Reply With Quote
Thanked by:
Old 09-10-2019, 09:22 PM   #10
gattispilot
Addon Developer
 
gattispilot's Avatar
Default

Yes I got the freeware one. It did open the dll.
gattispilot is online now   Reply With Quote
Old 09-11-2019, 10:00 PM   #11
Col_Klonk
Orbinaut
Default

Long time since I played with a DLL, but IIRC...

The first function would be the entry function. I think it's called a constructor in c++ and other RADs.

This function sets up all the DLL internal control variables.
There should be an function/procedure export table there somewhere.
The 'unload function' (Destructor) would be there as well.

WinAPI 'Loadlibrary' handles the loading and intialisation of the DLL.

The rest of the DLL should be your normal assembler code from IDA.
IDA can also be used to load other DLL and modules that this DLL uses.

The Orbiter OAPI uses a similar framework.
Col_Klonk is offline   Reply With Quote
Thanked by:
Old 09-11-2019, 10:06 PM   #12
gattispilot
Addon Developer
 
gattispilot's Avatar
Default

For grins I tried to open the AFCS.dll and see how it works so we can make one for 2016.
gattispilot is online now   Reply With Quote
Thanked by:
Old 09-20-2019, 10:39 AM   #13
gattispilot
Addon Developer
 
gattispilot's Avatar
Default

This is what I see. I expected more detail
gattispilot is online now   Reply With Quote
Old 09-20-2019, 11:12 AM   #14
martins
Orbiter Founder
Default

You may have more luck when looking at a function that is actually implemented in that DLL. VESSEL2::clbkPostStep is not. That is implemented in orbiter.exe. So all you see here is the function entry point, which, I assume, is linked into the DLL vla orbiter.lib. Curiously, this seems to include a conversion of the interface from a C-style format (with the object passed as the first parameter) to a C++-style format, where the function is called as a member of that object.
martins is online now   Reply With Quote
Thanked by:
Old 09-20-2019, 11:41 AM   #15
Face
Beta Tester
 
Face's Avatar

Default

Quote:
Originally Posted by gattispilot View Post
 This is what I see. I expected more detail
Well, IDA is an expert tool, really. You need to dig a bit deeper on PE format and DLL inner workings to understand what you see. I know that I only understand half of it yet.

What you posted there looks like the import jump thunk table for virtual methods that gets resolved once the DLL is loaded. The single JMP there will point to the Orbiter core function. In essence it means that this function was not implemented by the DLL, and so instead it uses the base function of the VESSEL2 class, which of course is implemented in the core.

If you have a "real" implementation of a callback, IDA probably lists it in the functions menu as something like "sub_10001040", not with the neat lib name it gets from the import/export tables. IIRC, all those pink-background function names are thunks resulting from virtual methods pointing back to the core, not the actual override implementations.

---------- Post added at 13:41 ---------- Previous post was at 13:38 ----------

ed by the man.
Face is offline   Reply With Quote
Reply

  Orbiter-Forum > Orbiter Space Flight Simulator > General Questions & Help


Thread Tools

Posting Rules
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Jump


All times are GMT. The time now is 01:27 AM.

Quick Links Need Help?


About Us | Rules & Guidelines | TOS Policy | Privacy Policy

Orbiter-Forum is hosted at Orbithangar.com
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
Copyright 2007 - 2017, Orbiter-Forum.com. All rights reserved.