We are looking for quick basic decompiler. The program is very old, written in DOS now we wish to enhance that code in Windows with additional functionalities. Unfortunately the developer is not traceable and only hope is decompilation.
Please suggest the best way to achieve this challenge.
Thank you
[ By Dan in the QB forum on http://qbasicnews.com , May 04, 2003 ]
Here's Microsoft's response to that question:
Microsoft does not currently offer any product capable of "decompiling" an object (.OBJ) or executable (.EXE) file back to the original source code (.BAS). The following are several reasons for this:
No decompiler could exactly reproduce the original source code.
When a program is compiled to an object and linked to produce an executable, most of the "names" used in the original program are converted to addresses. This loss of names means that a decompiler would have to create unique names for all the variables, procedures, and labels, and these names would not be meaningful in the context of the program.
Obviously, source language syntax no longer exists in the compiled object file or executable. It would be very difficult for a decompiler to interpret the series of machine language instructions that exist in an object or executable file and decide what the original source language instruction was.
If such a decompiler did exist and was available, anyone could use it to decompile any executable program produced in the language the decompiler was designed for.
For instance, if a Microsoft BASIC decompiler existed, anyone with that decompiler could use it on an executable that you had produced and from that executable obtain a copy of your source code. The source code to any program you wrote in Microsoft BASIC would be available to anyone with the decompiler. Few developers of commercial software would want to use a language product that could be deciphered, thus allowing others to obtain their source code.
There's some talk from ex-microsoft programmers who swear there was one made for thier private use. I've also seen a Basic decompiler service on a web site which does provide some working BAS code from your exe, but it's a mess and not worth the money asked for the service (http://02c1289.netsolhost.com).
I can tell you as a BASIC software developer for nearly all of my career that this is not what you want. When it came time to "port" my accounting software from DOS BASIC to Visual BASIC having the source code and a complete understanding of the code, since it was my own code, did not help in the least. It may be an over-used expression, but DOS and Windows are apples and oranges. You cannot simply convert the code, you must redesign and code the system.
All you need to do that is what you already have - a working version of the compiled code. Use it's screens to design your databases and screens in Windows, then write the underlying code. The design of those two things is often half to 90% of the work anyway. Now it did help me to have my own source for things like "how did I calculate those taxes again?" I could copy the pure logic code from DOS to Windows with little or no change, but anything involving the database or user interface had to be completely redone.
If you're not up to it, look for someone who is.
Again, you do NOT need the source code unless there's some kind of secret algorithm that you need to duplicate and don't understand yourself.
My scenario is as follows, a .NET 4.0 Solution with several projects (one host and some dlls), one (dll) in particular making use of the MySQL .NET Connector in order to only call upon stored procedures. I've also signed all my assemblies with a private key.
I'm curious if a hacker could somehow obtain the password to the database user from the connection string (even though that user only has permission to EXECUTE).
Also I'm curious whether a hacker would be able to find out the stored procedures I call on and whether he could Select/Insert/Delete arbitrarily with the use of my stored procedures.
All this with the presumption that the hacker only has a copy of the compiled solution.
If you have hard-coded the user name and password in your code, or even if you store the credentials in an encrypted file, but the encryption key is hard-coded in your code, it is easily hackable because .NET assemblies are not compiled to machine code. When you build a .NET assembly, it converts your VB.NET code into MSIL code, which is just a lower level programing language which is still easily readable. Microsoft provides a free tool (as part of the .NET Framework SDK) called MSIL Disassembler which allows you to easily view all the MSIL code for any compiled assembly. There are many tools available which allow you to easily take the MSIL code and "decompile" it to VB or C# code. You'd be amazed at how easy it is to reproduce your original code with a .NET decompiler. If the PDB's are available, the output is shockingly similar to the original code. So, unless you are using some third-party code obfuscation or assembly encryption tool, your "compiled" assemblies are very easily reverse engineered. Usually this isn't a big deal, but if avoiding hacking is a high concern, you certainly shouldn't be putting any secrets in your code.
Are you confident that all of the code in the project is safe from things like SQL Injection vulnerabilities and Local File Inclusion vulnerabilities (and will remain so, as it evolves)?
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 12 years ago.
This may be too opinionated, but what I'm trying to understand why some companies mandate the use of an IDE. In college all I used was vim, although on occasion I used netbeans for use with Java. Netbeans was nice because it did code completion and had some nice templates for configuration of some the stranger services I tried.
Now that my friends are working at big companies, they are telling me that they are required to use eclipse or visual studio, but no one can seem to give a good reason why.
Can someone explain to me why companies force their developers into restricted development environments?
IDE vs Notepad
I've written code in lots of different IDEs and occasionally in notepad. You may totally love notepad, but at some point using notepad is industrial sabatoge, kind of like hiring a gardener who shows up with a spoon instead of a shovel and a thimble instead of a bucket. (But who knows, maybe the most beautiful garden can be made with a spoon and a thimble, but it sure isn't going to be fast)
IDE A vs IDE B
Some IDE's have team and management features. For example, in Visual Studio, there is a screen that finds all the TODO: lines in source code. This allows for a different workflow that may or may not exist in other IDEs. Ditto for source control integration, static code analysis, etc.
IDE old vs IDE new
Big organizations are slow to change. Not really a programming related problem.
Because companies standardize on tools, as well as platforms--if your choice of tools is in conflict with their standards then you can either object, silently use your tool, or use the required tool.
All three are valid; provided your alternative doesn't cause other team-members issues, and provided that you have a valid argument to make (not just whining).
For example: I develop in Visual Studio 2008 as required by work, but use VS2010 whenever possible. Solutions/Projects saved in 2010 can't be opened in 2008 without some manual finagling--so I can't use the tool of my choice because it would cause friction for other developers. We also are required to produce code according to documented standards which are enforced by Resharper and StyleCop--if I switched to a different IDE I would have more difficulty in ensuring the code I produced was up to our standards.
If you're good at using vim and know everything there is to know about it, then there is no reason to switch to an IDE. That said, many IDEs will have lots of useful features that come standard. Maintaining an install of Eclipse is a lot easier than maintaining an install of Vim with plugins X, Y, and Z in order to simulate the same capabilities.
IntelliSense is incredibly useful. I realize that vim has all sorts of auto-completion, but it doesn't give me a list of overloaded methods and argument hints.
Multiple panes to provide class hierarchies/outlines, API reference, console output, etc.. can provide you more information than is available in just multiple text buffers. Yes, I know that you have the quickfix window, but sometimes it's just not enough.
Compile as you type. This doesn't quite work for C++, but is really nice in Java and C#. As soon as I type a line, I'll get feedback on correctness. I'm not arrogant enough as a programmer to assume that I never make syntax errors, or type errors, or forget to have a try/catch, or... (the list goes on)
And the most important of all...
Integrated Debuggers. Double click to set a break point, right click on a variable to set a watch, have a separate pane for changing values on the fly, detailed exception handling all within the same program.
I love vim, and will use it for simple things, or when I want to run a macro, or am stuck with C code. But for more complicated tasks, I'll fire up Eclipse/Visual Studio/Wing.
Sufficiently bad developers are greatly assisted by the adoption of an appropriately-configured IDE. It takes a lot of extra time to help each snowflake through his own custom development environment; if somebody doesn't have the chops to maintain their own dev environment independently, it gets very expensive to support them.
Corporate IT shops are very bad at telling the difference between "sufficiently bad" and "sufficiently good" developers. So they just make everybody do the same thing.
Disclaimer: I use Eclipse and love it.
Theoretically, it would decrease the amount of training needed to get an unexperienced developer to deal with the problems of a particular IDE if all the team uses that one tool.
Anyway, most of the top companies don't force developers to use some specific IDE for now...
I agree with this last way of thinking: You don't need your team to master one particular tool, having team knowledge in many will improve your likelyhood to know better ways to solve a particular roblems.
For me, I use Visual Studio with ReSharper. I cannot be nearly as productive (in .Net) without it. At least, nobody has ever shown me a way to be more productive... Vim, that is great. You can run Vim inside of Visual Studio + R# and get all the niceties that the IDE provides, like code navigation, code completion and refactoring.
Same reason we use a hammer to nail things instead of rocks. It's a better tool.
Now if you are asking why you are forced to use a specific IDE over another, well that's a different topic.
A place that uses .NET will use Visual Studio 99% of the time, at least that's what I've seen. And I haven't found anything out there that is better than Visual Studio for writing .NET applications.
There is much more than code completion into an IDE:
debugging facilities
XML validation
management of servers
automatic imports
syntax checking
graphical modeling
support of popular technologies like Hibernate, TestNG or Spring
integration of source code management
indexing of file names for quick opening
follow "links" in code: implementation, declaration
integration of source code control
searching for classes or methods
code formatting
process monitoring
one click/button debugging/building
method/variable/field/... renaming
etc
Nothing to do with incompetence from the programmers. Anybody would be A LOT less productive using vim for developing a big Java EE application.
How big were you projects at college? A couple of classes in a couple of files? Or rather a couple of hundreds of classes in a couple of hundreds of files?
Today I had the "honor" of looking at a file in a rather large project where the programmer opted to use vi (yes vi, not vim) and a handcrafted commandline compiler call (no make). The file contained on function spanning about 900 lines with a series of if-else-if-else-constructs (because that way you have all your code in one place!!!!!!). Macho-Programmer at his finest.
OK there are very good reasons for enforcing a particular toolset within a production environment:
Companies want to standardize everything so that if an employee leaves they can replace that person with minimal effort.
Commercial IDEs provide a complex enough environment to support a single interface for a variety of development needs and supporting varying levels of code access. For instance the same file-set could be used by the developer, by non-programmers (graphics designers etc.) and document writers.
Combine this with integrated version control and code management without the need of someone learning a particular version control system, all of a sudden IDEs start to look nicer and nicer.
It also streamlines maintenance of build systems in a multi-homed environment.
IDEs are easier to give tutorials to via phone or video, and probably come with those.
etc. etc. and so forth.
The business decision making behind enforcing a standardized environment goes beyond the preference of a single programmer or for that matter perhaps the understanding of the programming team.
Using an IDE helps an employee to work with huge projects with minimal training. Learn a few key combos - and you will comfortably work with multi-thousand-file project in Eclipse, IDE handles most of the work for you under the hood. Just imagine how many years of learning it takes to feel comfortable developing such projects in Vim.
Besides, with an IDE it is easy to support common coding standards across the entire team: just set a couple of options and an IDE will force you to write code in a standardized way.
Plus, IDE gives a few added bonuses like refactoring tools (especially good in Eclipse), integrated debugging (especially good in Visual Studio), intellisense, integrated unit tests, integrated version control system etc.
The advantages and disadvantages of using an IDE also greatly depends on the development platform. Some platforms are geared towards the use of IDEs, others are not. As a rule of thumb, you should use IDE for Java and .Net development (unless you're extremely advanced); you should not use IDE for ruby, python, perl, LISP etc development (unless you're extremely new to these languages and associated frameworks).
Features like these aren't available in vim:
Refactoring
Integrated debuggers
Knowing your code base as an integrated whole (e.g., change a Java class name; have the change reflected in a Spring XML configuration)
Being able to run an app server right inside the IDE so you can deploy and debug your code.
Those are the reasons I choose IntelliJ. I could go back to sticks and bones, but I'd be a lot less productive.
As said before, the question about using an IDE is basicaly productivity. However there is some questions that should be considered by the company when choosing a specific IDE. that includes:
Company culture
Standardize use of tool, making it accessible for all developers. That easies training, reduces costs and improve the speed of learn curve.
Requirements from specific contract. As an example, there are some development packages that are fully supported (i.e. plugins) by some IDE and not by anothers. So, if you are working with the support contract you will want to work with the supported IDE. A concrete example is when you are working with not common OS like VxWorks, where you can work with the Workbench (that truely is an eclipse with lot of specific plugins for eclipse).
Company policy (and also I include the restriction on company budget)
Documentation relating to the IDE
Comunity (A strong one can contribute and develop still further the IDE and help you with your doubts)
Installed Base (no one wants to be the only human to use that IDE on the world)
Support from manufacturers (an IDE about to be discontinued probably will not be a good option)
Requirements from the IDE. (i.e. cross platform or hardware requirements that are incompatible with some machines of the company)
Of course, there is a lot more. However, I think that this short list help you to see that there is some decisions that are not so easy to take, when we are talking about money and some greater companies.
And if you start using your own IDE think what mess will be when another developer start doing maintenance into your code. How do you think will the application be signed at the version manager ? Now think about a company with 30+ developers each using its own IDE (each with its own configuration files, version and all that stuff)...
http://xkcd.com/378/
Real programmers use the best tools available to get the job done. Some companies have licenses for tools but there's nothing saying you can't license/use another IDE and then just have the other IDE open to copy/paste what you've done in your local IDE.
The question is a bit open-ended, perhaps you can make it community wiki...
As you point out, the IDE can be useful, or even a must have, for some operations, like refactoring, or even project exploring: I use Eclipse at my work, on Java projects, and I find very useful to get a list of all occurrences of the usage of a public method or a class in a project. Likely, I appreciate to be able to rename it from where it is defined, and having all these occurrences automatically updated.
The fact I have the JavaDoc displayed when hovering over a name is very nice too. Like autocompletion, jump to a class name, etc.
And, of course, debugging facilities...
Now, usage of Eclipse isn't mandatory in our shop! Some years ago, some people used the Delphi IDE (forgot its name), I tried NetBeans, etc. But I think we de facto standardized on Eclipse, but it was a natural evolution rather than a company policy. And we often just open files in a text editor when we need a quick update...
I have written a program in vb.net 2008 (using .net 3.5). It's a decent size program. One part of this program is to access an online database and encrypt/decrypt files. To access db I use a hardcoded password. To encrypt/decrypt files I used a hardcoded key. No matter what I do I would need to hardcode one of the two things at least. For example: even if I store database password in an encrypted file I would need to hardcode key to decrypt it. Or vice versa.
So after doing some thinking I figured that I need to obfuscate my code so that at least these hardcoded elements/values wont be visible easily. Infact to test, I used a program to disassemble my program. And to my amazement, it showed me every line of code in my program. I felt as if my entire code is pasted in my exe.
Thus I need to obfuscate my code. See I do not need too advanced settings. My program is not among the top shareware programs or super popular that I need very high security. But I need enough security so that my basic code, variables and sensitive information (password etc) is not visible.
Please help me choose a good obfuscator which will do the job. It should not be too tedious to use and should be sufficient for me. Plus it should be trusted and secure. I mean I don't want my application to crash or be unstable after I obfuscate it.
I have downloaded trial of .net reactor from Ezriz and it seems to be fine. What do you guys suggest? I cannot affort something over $200. So is this product worth going for. You guys know better.
Thank you for your support.
Cheers,
Saurabh
Obfuscation cannot solve this problem. An attacker can change his hosts file to redirect the domain name to a database he controls. When you login he will get the username/password.
Another attack would be to use a debugger like ollydbg to obtain the username/password in memory. The username/password must be in clear text prior to use, and an attacker will be able to find it.
Security Through Obscurity will never work. You will never be able to control the client.
A better approach is to setup a a SOAP (WCF) server to abstract your database operations. The logic for building the queries must be server side. Assume that an attacker has full access to any functions you expose via SOAP.
I use Eziriz .NET Reactor for a while now and it works great for me. I used Eazfuscator before but it wasn't really powerful.
.Net Reactor has awesome features such as Anti ILDASM and Native Exe file generation. Also it'll fit your budget. You can use Trial before purchasing it and test if it works with your scenario.
You should strongly consider Babel .net obfuscator. In my opinion even though it is a console application it is by far the best for price, licensing (not locked to a single computer) and features.
I use Eazfuscator:http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspx
It powerful and it's free. Wonderful tool extremely simple to use.
see also VB.NET Static Code Anaylsis
For better or for worst we now have a VB.NET coding standards document that is based on a C# coding standard as enforced by StyleCop.
For example
the number of spaces you should put in each side of a “+” sign etc
all instance Members (fields and methods!) must be access as “me.fieldName”
all shared members must be accessed as “className.fieldName”
As I tend to think:
If it’s in a requirements document it
should be check for by an automatic
system
I am looking for (ideally free) tools that will check for that short of rules on VB.NET code, as these are style issues that don’t make it into the compiled output, FxCop is not useful.
(I would personally match rather that we just check for important things like duplicated code and single reasonability for each class (so no more multi thousand line classes!), but as I need to keep to the coding standard document I wish to have a tool to help me do so.)
see also Enforcing using the class name whenever a shared member is accessed.
About the bounty.
I am looking for a list of VB.NET code checking tools, with a short summery of what each tool can do and its limitations. If the tools are not free, please include some ideal of cost.
Does anyone have experience using CodeRush/Refactor! or ReSharper with VB.NET to check for this type of coding style issues?
I know of no free source code analysis tools with good VB support. There are, however, at least two commercial tools that may be suitable:
submain CodeIt.Right
SSW Code Auditor
Personally, I prefer the CodeIt.Right rule authoring mechanism, so I would favour it if considerable custom rule development were planned. However, if you just want to use out-of-the box rules, Code Auditor ships with quite a few more code style rules than CodeIt.Right, most of whose built-in rules target the compiled IL (like FxCop).
The only ones I know of are:
Microsoft's FxCop
Of course, this only operates on compiled assemblies, so doesn't give the same functionality as StyleCop, and certainly won't help with things like naming schemes.
However, the closest thing is:
Aivosto's Project Analyzer v9.0 for Visual Basic, VB.NET and VBA
The full version is not free, but this is the closest thing to StyleCop for VB.NET that I can find.
There have been a number of calls for a VB.NET version of Microsoft's StyleCop, such as those in this thread on the code.msdn.microsoft.com site. That same thread also gives some good insight into why a VB.NET version doesn't exist.
I use ReSharper on a daily basis and I find it fine for both code formatting and for solving naming issues. It allows to configure how naming must be enforced, how issues are displayed (hint, suggestion, warning, etc) and provides a precise code formatter (space, paranthesis, line breaks, this qualifier, etc).
Note that I don't know if it can be run in batch mode.
Turning Option Explicit on by default is always a great idea and should be standard practice. I would argue it should be turned on by default in VS out of the box. But it doesn't come close to enforcing the out of the box rules that StyleCop does for C#, nor does it allow for you to create your own rules.
The whole reason for StyleCop's existence is because FxCop only works on compiled assemblies, leaving web projects out in the cold for a similar tool. With StyleCop, web developers get the same great rule enforcement and tight VS integration. It is a great tool for any C# developer.
It is unfortunate that it is only C# capable, a VB version would satisfy a large community that is left wanting something similar.
There already is a very good style tool built into the VB compiler. It is called Option Explicit On, put it at the top of the source code file or use Tools + Options + Project and Solutions + VB Defaults, Option Explicit = On. If that wasn't turned on previously there could be a mountain of errors when you compile your code after changing that.
If it is clean or already turned on, consider that you are 95% close to writing clean C# code and that the language doesn't really matter anymore.