I have old executable com file and I need to find out what it do.
What is the simplest way to decompile or diassemble or debug com file?
You can debug your file using the old debug command on Windows XP or lower. A good manual is provided by Kip Irvine here. Additionally, you can disassembly it using NASM with this command, but it is not guaranteed to work.
you may try
executable.com /?
If it was done by a "real" programmer, it would give you some hints.
Also try -?, -h, /h, -help, /help
I have even seen things like --help
probably you did, but to be complete: did you google the filename?
A .com file is basically a .exe file with a size limit, so unless you have the source code (in which case you likely wouldn't need our help), or how it was compiled, it's impossible to do this in modern Windows. Sorry.
By the way, I'm guessing you don't really understand what .com files do, so try this website called https://fileinfo.com. It has information on most file extensions and types, and it can tell you what programs are able to open it. I think you could find it useful
Related
Well.... the question sort of says it all. If possible I would like to be able to do so from a Linux or macOS environment, but I have virtualized Windows if need be.
Thanks in advance!
There is no general answer for this because different installers/applications use different storage methods. You should first try to identify the author of the installer software by looking for clues in the version information and maybe with a hex editor.
My first suggestion is to try 7-zip, it can extract from NSIS based installers and some MSI based installers.
If the setup was created with Inno Setup then you can try this.
If all else fails, try Universal Extractor but even that will fail for obscure and custom .exe files.
It depends. Assuming you have a PE file (windows executable), you can use a resource editor https://stefansundin.github.io/xn_resource_editor/ to extract icons, messages or dialog layouts. This assumes that the author of that file used the native resource system. Other data would only be available if you knew the address within the PE file, or had appropriate debug symbols. But then, you must guess content type, and maybe also file size.
I am working on a compiler for a small (toy) language that produces 16-bit com-files, which are executable in Windows XP. However, in more modern releases of Windows com-files are executable only with the help of tools such as DosBox. I would like my compiler to produce exe-files that can be executed directly in Windows 10.
As I understand it, the exe-file needs a header that instructs the system of how to execute it. My idea is to simply add the header at the beginning of the com-file to extend it into an exe-file. I wonder if anyone can recommend an appropriate tutorial that describes how exe-files works. More specifically, I am looking for a tutorial of how to build the smallest possible working exe-file.
I also wonder if there is a difference between exe-files for 32-bit or 64-bit Windows?
Best Regards,
Stefan
You can download description exe format here. You need pecoff.docx file.
Also you may look on this old but detailed doc here.
I am trying to debug my apps in lazarus on ubuntu 14.04, I searched and made all instructions described at lazarus wiki but when I try to use debugger I am getting dialog about missing syscall-template.s file and whether I want to locate it myself.
Is it some sort of bug or where could I find that file it is asking for?
I am getting dialog about missing syscall-template.s
Probably it is asking about syscall-template.S (which is slightly different from what you said, and small details often matter in programming).
That file is part of GLIBC. You can install GLIBC sources, and locate that file there, but it's not at all interesting, and a better choice for you would be to ignore this file and concentrate on what you are actually trying to debug.
I have some crucial data written decades ago by an ancient 16bit DOS application.
There are no docs, no source, and no information about the author. Just the 16 bit exe.
I guess it's time for me to learn how to decompile stuff, since it seems the only way to restore file format.
I've tried OllyDbg, it looks really great, but it can't 16 bit.
So, is there a disassembler/debugger capable of working with such executables?
Thanks.
UPD: I know DOSbox, the app runs in it all right. The problem is, I don't need to run it, I need to understand the file format in which it writes data. Or maybe I don't know something about DOSbox and it can run as a debugger/decompiler as well? Or do you mean starting some old 16bit DOS debugger/decompiler in DOSbox? The latter sounds like an idea, but could you please name a decent DOS debugger, then?
disassembling tool:
use IDA Freeware https://www.hex-rays.com/products/ida/support/download_freeware.shtml
you won't find any better tool for reversing - even for old dos programs :)
most other tools are only capable of doing disassembling for 32bit and don't reach in any way the analyze features of IDA - its the gold standard tool of reverse engineering
debugger:
dosbox got its own builtin debugger (reachable through the "debug" command on command line)
but you need to build your own version of dosbox with activated debugger (oder better heavy-debug) see: http://www.vogons.org/viewtopic.php?t=3944
or if you got a ida licence with the sdk there is an dosbox<->ida-debugger plugin available
currently linux only https://github.com/wjp/idados
file format:
do you know what the file contains (what do you want from the file)
very complex information or "just" some lists of values?
maybe its better to start here with an hex-editor (http://mh-nexus.de/de/hxd/) and known result-values to compare
what program uses the data currently (or only the program itself)? maybe its possible to understand how the data is read in this program?
program itself:
how large is the exe?
console program or a big super gfx power app?
real 16bit or 32bit with dos-extender?
a single exe or overlays(dos-dlls)?
can you give access to the executable?
your turn
You're looking for IDA. It's the de-facto disassembler for pretty much anything.
You can get more help on this at https://reverseengineering.stackexchange.com/
You do not necessarily need to disassemble a program in order to figure out the format in which it writes data.
Perhaps you can do differential analysis on it. Change some inputs to the program, have it write the data, and watch how the file changes.
I have some vintage hardware devices here which can dump their NVRAM settings over MIDI in a binary format (in one case, a single SysEx message with a binary blob in it). If I wanted to know what the format is, I'd make small, systematic changes to the settings, and perform dumps, then see what bits in the binary data are changing.
You really are probably best off attacking the data, rather than the program.
Dosbox is probably a thing to try.
You might also look at http://hte.sourceforge.net/ .
How can I go about finding out command line arguments for a given application? I know you can use /? and, if the app supports it, it'll display the switches, but is there a way to find 'unofficial' ones in a program?
Obviously google is the easiest answer... barring that... I don't think there is any special alternative to /? that will give you additional options. You might try running "strings" against the executable in question. That may spit out some hidden options. "strings" comes with most(all?) unix distributions, for windows: http://technet.microsoft.com/en-us/sysinternals/bb897439
If your not familiar with strings... it just spits out every string it can find inside an executable... it's often useful for finding hidden things.
For finding silent install switches, I found Universal Silent Switch Finder 1.5.0.0 to be helpful. Because the original version is very old, I cannot find it on the original website, but softpedia has a download up: http://www.softpedia.com/progDownload/Universal-Silent-Switch-Finder-Download-180984.html