Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-26-2015, 18:03
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 387
Rept. Given: 2
Rept. Rcvd 21 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 65 Times in 34 Posts
jonwil Reputation: 21
Best tools for reverse engineering dos programs?

Can anyone tell me what tools are the best for reverse engineering old 16-bit DOS programs?

If Hex-Rays worked on 16-bit x86, I would use that but it doesn't so can anyone suggest something suitable (either a usable decent decompiler if one exists or if not, the best way to disassemble it and in particular match up the data segment so that when you look at the disassembly all the data references line up.
Reply With Quote
  #2  
Old 09-26-2015, 18:33
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
I believe that you can use to debug the PEbrowse, to disassembling the HDasm and to recompile the executable if necessary the ETU-Dasm.
Regards
Reply With Quote
  #3  
Old 09-26-2015, 19:46
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
IDA Pro + Borland TurboDebugger
Reply With Quote
The Following User Says Thank You to Syoma For This Useful Post:
b30wulf (09-26-2015)
  #4  
Old 09-26-2015, 22:32
Naides Naides is offline
Friend
 
Join Date: Mar 2005
Location: Planet Earth
Posts: 40
Rept. Given: 7
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 21
Thanks Rcvd at 10 Times in 7 Posts
Naides Reputation: 2
Old but powerful

SoftIce as a 16 bit debugger.
The learning curve is a little steep, but it is still the classical RCE Tool.
Reply With Quote
The Following User Says Thank You to Naides For This Useful Post:
giv (10-01-2015)
  #5  
Old 09-27-2015, 01:51
N0P's Avatar
N0P N0P is offline
Friend
 
Join Date: Aug 2003
Location: Brno[CzechRepublic]
Posts: 90
Rept. Given: 19
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 12
Thanks Rcvd at 26 Times in 17 Posts
N0P Reputation: 11
IDA + IDA dosbox plugin (https://github.com/wjp/idados)
Reply With Quote
The Following 2 Users Say Thank You to N0P For This Useful Post:
giv (10-01-2015), Naides (09-27-2015)
  #6  
Old 09-30-2015, 23:14
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 80
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 48 Times in 21 Posts
BlackWhite Reputation: 14
TR (Super Program TRace V2.52) may be your choice.
Reply With Quote
The Following 2 Users Say Thank You to BlackWhite For This Useful Post:
an0rma1 (11-09-2015), skypeaful (12-05-2019)
  #7  
Old 10-01-2015, 01:02
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
I think SoftIce is suitable for that.
Reply With Quote
  #8  
Old 10-01-2015, 09:15
RedBlkJck RedBlkJck is offline
Family
 
Join Date: Oct 2011
Posts: 99
Rept. Given: 64
Rept. Rcvd 80 Times in 43 Posts
Thanks Given: 25
Thanks Rcvd at 11 Times in 9 Posts
RedBlkJck Reputation: 80
Insight worked well for me.
http://www.bttr-software.de/products/insight/

Description

Insight is a very small debugger for analyzing real-mode DOS programs. It features an i80486 disassembler, an i8086 assembler, 'Trace into' and 'Step over' functions, simple breakpoint handling, extended code or data navigation, simple color-highlighting, and a nice menu-driven interface comparable to Borland's Turbo Debugger.
Reply With Quote
The Following 2 Users Say Thank You to RedBlkJck For This Useful Post:
giv (10-03-2015), skypeaful (12-05-2019)
  #9  
Old 10-01-2015, 13:13
nuemga2000 nuemga2000 is offline
Friend
 
Join Date: Jan 2002
Posts: 59
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 5 Posts
nuemga2000 Reputation: 2
Normally i use IDA, and if this not sufficient, i have an old box with Periscope installed ...
Reply With Quote
  #10  
Old 10-02-2015, 14:51
maktm maktm is offline
Friend
 
Join Date: Apr 2015
Posts: 23
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 8
Thanks Rcvd at 16 Times in 8 Posts
maktm Reputation: 4
What i have running on a daily instance:

- IDA
- OllyDbg
- x64Dbg (Don't ask why I have both. I know I need 'em both)
- RadASM
- Notepad(++)
- Cmd (Quick navigation)
- Chrome
Reply With Quote
  #11  
Old 10-02-2015, 15:33
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
I think your debuggers can't debug a 16 bit app.
I don't know that Olly or X64DBG can handle a 16 bit program.
Reply With Quote
  #12  
Old 10-02-2015, 19:11
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 190
Rept. Given: 190
Rept. Rcvd 95 Times in 36 Posts
Thanks Given: 1,901
Thanks Rcvd at 299 Times in 122 Posts
tonyweb Reputation: 95
Try using this plugin (FullDisasm) with the old and good OllyDbg ...
Code:
https://tuts4you.com/download.php?view.1757
IIRC it should be able to debug 16 bit code.

Regards,
Tony
__________________
Want to learn unpacking ... but I'm too stupid
Reply With Quote
The Following User Says Thank You to tonyweb For This Useful Post:
giv (10-03-2015)
  #13  
Old 10-02-2015, 19:30
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 535
Rept. Given: 2,218
Rept. Rcvd 691 Times in 219 Posts
Thanks Given: 700
Thanks Rcvd at 939 Times in 186 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
TRW2000 is a good 16-bit debugger from the saintly days of yore. It is a lot like ollydbg. I used it quite a few times with older applications. I do not quite remember if it works on XP. I think I may have used it on XP, but I don't fully recall how or if it worked.
Download:
Code:
https://exelab.ru/download.php?action=get&n=MzQw
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
niculaita (11-06-2015), skypeaful (12-05-2019)
  #14  
Old 11-05-2015, 11:21
athapa athapa is offline
Friend
 
Join Date: Jul 2013
Posts: 24
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 4 Times in 3 Posts
athapa Reputation: 1
Agree with Naides & Giv. SoftIce is great for 16bit debugging.
Reply With Quote
  #15  
Old 11-09-2015, 20:07
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 202
Rept. Given: 101
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 350
Thanks Rcvd at 99 Times in 40 Posts
an0rma1 Reputation: 29
Hi, usually i try different approaches for debugging/reversing old DOS programs

1. Using a dos debugger under a old machine emulator

best dos debuggers are (in my opinion, there are many):
TR 2.52 by Liu Taotao (emulate instructions, very very good),
SoftIce (2.80 or 2.62, i remember 2.62 was better, but don't remember why) (also i don't think sice works under dosbox, maybe under Pcem)
Turbo Debugger o TD386 by Borland (3.1 or 5.0 versions are ok) (best gui ever)
Cup386 unpacker by Sage, contains a useful debugger, 3 versions, clasical, virtualized and emulated (a true work of art)
G3x by Wong Wing Kin, it s game oriented debugger, but useful, i've cracked many things with it

For running these programs in modern machines, i usually use dosbox (get last svn compiles in emucr.com),
but also i've set up a 486 emulated machine under PCem emulator (recently a 0.10 has been released)

Finally, dosbox has a emulated CPU debugger inside, but i've had problems using it, and sometimes don't work, but it's a very powerful option

2. Run these tools under a true dos box machine, an old 486 it's ok, but some very old softwares, need a 286, some antidebugger tricks don't work in "modern" machines (>386)

3. IDA disassembler for dos 16bit is very good, i always use it in another monitor while debugging with dosbox and TR, to make annotations, name functions, etc...

If you need some of these tools just ask me, i've already compiled a huge repository of old msdos tools time ago, and posted here, look for DOSEXE tools.

Also if you need it, i also compiled a huge pack of DOS compilers and linkers, look for DOSEXE compilers pack, already posted in this forum

if Links are not working or whatever just ask me

DOS cracking and reversing is very fun for me, i prefer it to modern windows protections

edit:
I've tried many times to use ida plugin for dos debugging with dosbox, but not been able to make it working.
Also take in account that many tips in this thread are plain wrong, for debugging old 16bit dos programs you need specific programs, not common modern tools.
Reply With Quote
The Following User Says Thank You to an0rma1 For This Useful Post:
niculaita (11-09-2015)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Have tools to debug programs in Linux? Warren General Discussion 6 08-11-2005 15:06
Reverse Engineering Tools? yyyo General Discussion 1 04-27-2004 00:40


All times are GMT +8. The time now is 17:01.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )