Re: Serialize/marshal/reverse engineer unknown structure

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Arne Vajhøj wrote:
Peter Duniho wrote:
On Sat, 15 Aug 2009 09:40:48 -0700, Arne Vajhøj <arne@xxxxxxxxxx>
wrote:
PJC wrote:
Is there a way to deserialize or marshal or somehow parse a byte
array back into a structure when you don't know what that
structure was in the first place? The structure probably came
from
C++. [...]
So, I can actually connect to the program and have gotten a
message with 13 bytes. Great. Now what.
In general, how would one reverse-engineer something like this?

If it does not contain meta data (which it sounds as if it does
not), then NO.

Well, that's not strictly true. People reverse-engineer
undocumented, unadorned data and code all the time.

But it definitely is a LOT more work (it's basically a lot of trial
and error),

True.

So let me correct the "NO" to "There is nothing in C#/.NET (or any
other language/platform for that matter) to help you".

If experimentation can reveal the structure used, then it can
obviously be implemented in C#/.NET (or any other language/platform
for that matter).


Let me ask this tangentially question (which I should probably know
the answer to, but don't.)

In C or C++, I can fill a structure with a single I/O call, e.g

struct point
{
int x;
int y;
} p;

read(fd, &p, sizeof(p));

I can almost do it portably, though in more complex examples padding
becomes an issue. So once the problem of "What are the fields in
this message?" is solved, all that's required is to define a struct
that reflects it.

In Java nothing this simple is possible. The layout of fields in an
object can't be discussed; even their order is undefined. The
corresponding code looks like:

void read(DataInputStream strm) throws IOException
{
x = strm.readInt();
y = strm.readInt();
}

After determining what the fields are, I need both to add them to the
class and to write the read method. (If there's padding I need to
code that in explicitly too.)

I know that I can write Java-like code in C# using BinaryReader. Can
I also write something C-like?


.

Relevant Pages

  • Re: Adding large numbers in C
    ... one of the numbers - or perhaps the result - is too big to store in an int. ... But carry /does/ matter. ... The second step is to calculate the carry, storing the result in C: ... Incidentally, the subtraction routine does similar juggling, so if M and N ...
    (comp.lang.c)
  • Re: Basic questions
    ... The compiler is allowed to insert padding bits wherever it likes ... > As 16 is an int, what you wrote is equivalent to ... if the OP uses 'unsigned short' only to store 16-bit numbers (writing ... values, so they're not a panacea for portability, and they might trick ...
    (alt.comp.lang.learn.c-cpp)
  • Re: Encryption ??
    ... At least when I experimented with the test string, it worked for 0-7 extra characters and didn't overflow. ... The padding and space allocation is done automatically in the c-main. ... make the allocation of enc[] less clear to satisfy borland. ... int n = 32; ...
    (comp.lang.clipper)
  • Re: Order of operations for promotion rules
    ... If int is a 32-bit 2's complement type with no padding bits, ... rank of any standard integer type shall be greater than the rank of ... permitted to be a trap representation; see the last paragraph of 6.2.6.2p2. ...
    (comp.lang.c.moderated)
  • Re: Bit Padding and other questions
    ... So if an int has padding bits, ... Not quite -- that's two different object representations for the same ... family functions read is returned casted to (unsigned char)? ...
    (comp.lang.c)