I’ve put this in the advanced section, because I do not believe a newbe can do it, it may also prove to be too much for an advance reverser.
After 2 years of trying I have decided to ask for help in this matter.
First I want you to know I searched until I’ve wore out my keyboard.
Doing your own search will bring up Scriplance and several people searching for
Someone to build a decompiler. Yes I have tried Scriplance, and had no bids.

Out of my 2 years of trying I discovered several RCE boards in several languages,
All have helped me to understand reverseing. I do not use Metatrader much anymore, instead I have moved on to ninja trader, I only have to reverse DLL files with ninja and find it much easier.

But the mystery remains with me as to how an ex4 file from Metatrader is decompiled.
Every programmer I have talked to will say C+ cannot be returned to source code.
The problem is metatrader is not true C+ and uses it own generic compiler. There are no headers in the compiled code and very few debuggers/ or decompilers will open the code.
IDE Pro is one decompiler that will open the binary file but it will not return it to source or anything near it.

Now you will say, OK you got your answer, it is impossible, I say Bull S*** because I know of at least 4 people on this planet that decompile the ex4 files. One of them is a guy in Australia whom I emailed for at least a year, I did find out he used software from the company he worked for and it had a license that had to be renewed every 2 weeks for security reasons. I never did find out the name of the software.

Another guy that gave me a clue was from Russia, my post to him can be found on a Russian trading forum if you feel like searching, he would only say it was from a decompiler he made for java, of course I could be mistaken because a lot is lost in translations using the software I have. But the bottom lone is these are the only 2 guys that would give a hint as to what they used. The guy in Australia did say he tried IDA Pro but could not make it work.

I also know I have had files, decompiled by 3 of these guys and all of the decompilers seem to produce slightly different code. For instance the guy from Aus. Has code that keeps spitting out lines like
Var 221
Var 222

And the Russians code will spit out variables like
Com 221
Com 222

Don’t get me wrong if the same file is decompiled by each person, the files will work as if it was the original code. Could either of these guys cheated and find the code in a public forum, I do not think so some of the files I sent to them were ones I wrote and never released. But if they were lucky enough to find to correct code on a public forum they may have to search for a year themselves in order to find the correct code, you see there are thousands of indicators available

My challenge to you as reversers is to treat this as crackme and see if you can produce source code. I would love to be able to stop pulling out my hair and find out how it is done. I have uploaded an ex4 file and the original source code in text form to mediafire.
The source is there so you can see what it should look like.
The file is small it should take all of 15 seconds to download and the file is available free to anyone from the Metatrader site as open source code

let the challenge begin

http://www.mediafire.com/?bjn1g4zbtwn

Boboso

Nice attempt at disguising a request for us to decompile something. 7/10.

"Doing your own work" does not mean only searching the Internet, but actually, you know, trying to figure out the code yourself! It is very obvious that you have not the slightest notion of how a decompiler is supposed to work. Go do more research.

I'm clearly not qualified, I don't even know what C+ is

The download link doesn't work for me, btw.

Same, not working here also.

You know, this forum has an attach feature... and you needn't save us 3Kb

Even if it didn't, my personal solution for quick file hosting is to embed the file into a small image and host the image with the file "hidden" inside.

The reason for not attaching this to the forum is I did not want anyone to think it was illigal material. As for trying to decompile myself, as I said I have tried for 2 years now, with IDA Pro one of the few decompilers to open the file as below.

I've tried Softice only to find other programs I have, to refuse to run with it on the system. Also it was not worth the time to try to figure out.

Programs such as boomerang just freeze up, others will not load the file.

I have go so far as inserting headers using a hexeditor, changing the extension as well as anything else I could think of.
I've installed Rational Rose, Spices, and all the public domain software that can be found. Nothing that I have tried will work.Yes I know it is not a net file, but I was willing to try anything

so before giving up I thought perhaps there were experts on a RCE forum that could figure it out, after all as I said I do know of 4 people that can do it so there must be a way.

Boboso


Segment type: Pure code
seg000:0000000000000000 seg000 segment byte public 'CODE' use64
seg000:0000000000000000 assume cs:seg000
seg000:0000000000000000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
seg000:0000000000000000 db 45h ; E
seg000:0000000000000001 db 58h ; X
seg000:0000000000000002 db 34h ; 4
seg000:0000000000000003 db 0
seg000:0000000000000004 db 0ACh ; ¼
seg000:0000000000000005 db 1
seg000:0000000000000006 db 0
seg000:0000000000000007 db 0
seg000:0000000000000008 db 7Ch ; |
seg000:0000000000000009 db 1
seg000:000000000000000A db 0
seg000:000000000000000B db 0
seg000:000000000000000C db 43h ; C
seg000:000000000000000D db 6Fh ; o
seg000:000000000000000E db 70h ; p
seg000:000000000000000F db 79h ; y
seg000:0000000000000010 db 72h ; r
seg000:0000000000000011 db 69h ; i
seg000:0000000000000012 db 67h ; g
seg000:0000000000000013 db 68h ; h
seg000:0000000000000014 db 74h ; t
seg000:0000000000000015 db 20h
seg000:0000000000000016 db 0A9h ; ¬
seg000:0000000000000017 db 20h
seg000:0000000000000018 db 32h ; 2
seg000:0000000000000019 db 30h ; 0
seg000:000000000000001A db 30h ; 0
seg000:000000000000001B db 35h ; 5
seg000:000000000000001C db 2Ch ; ,
seg000:000000000000001D db 20h

well your paste sure aint executable..

No, but my RCE instincts tell me it was copyrighted in 2005...

dunno but i vaguely remembered someone looking for information on this meta whatever and submitted a sample.zip
but didnt follow up with answers to questions

here is the google cache of the post the attachmenbts still seemed to be working if some one is interested

http://72.14.235.104/search?q=cache:TBwHHdrEOwEJ:www.openrce.org/forums/posts/533+sitepenrce.org+metaquotes

We're able to kill your links too if we don't like them. You should've lurked enough in this forum before posting to know that.
Where the bloody hell did you get the notion that IDA Pro is a decompiler?!?!
"not worth the time"? Do you want to accomplish something or not? If the former, then you'd better be prepared to put some effort into it. Reverse does require patience and a lot of work, even more so than normal engineering.
...for God's sake go read more about reversing, by Googling and lurking through these Forums.
NO! RCE is not about trying random shit, it's about thinking and understanding a system through careful analysis. All of which you have not shown to have done.
Yes, I've figured out the first little bit of the file format already, and no, I'm not going to finish it for you. It is probably a virtual machine, so you'll have to start compiling small segments of code and changing little things in it to figure out where everything is and the opcode format. It's not that hard; just requires patience.

I know this is coming from someone who has reversed a CPU before, but all you need to do is think.

edit: A quick Google shows that some bastard is desperate enough to pay for a decompiler for this... I'm quite sure an exact decompiler is impossible due to the removable of variable names etc (and the executable bytecodes seem to be encrypted from an entropy scan) but should RCE Forums consider undertaking this and publishing the results for free?

as for another post that states copyright, this is the first line of comment that is put into each file that is made by the editor. Most people who make their own files will change the name from metaquotes, to Sam Simth/ or Jack Black or whatever their name is to show they built it.This one as not to be copyright material is public domain and comes preinstalled on the program.

Thank you babberer.
As you can see many people asre seeking a way to decomple thes files, below is some code from a file that was decompiled, as you can see it was taken back to a usable source code.

property indicator_chart_window
#property indicator_buffers 8
#property indicator_color1 White
#property indicator_color2 Black
#property indicator_color3 Black
#property indicator_color4 Black
#property indicator_color5 Black
#property indicator_color6 Black
#property indicator_color7 Blue
#property indicator_color8 Blue

bool var_76 = false;
extern bool AlertOnCompleteTriangle2 = true;
extern bool ShowAllCurrentTriangle1 = false;
extern int TriangleMaxWidthBars = 200;//400
extern bool ShowAllHistoricalPatterns = false;
extern bool Bullish = true;
extern bool Bearish = true;
extern bool XA_ADgartley = true;
extern bool XA_ADextention12 = true;
extern bool XA_ADextention16 = true;
extern bool XA_AB618 = true;
extern bool XA_AB382 = true;
extern bool XA_AB500 = true;
extern bool XA_AB786 = true;
extern double AB_BCminimumFib = 0.5;
extern double PatternFuzzyPercent = 30;//15
extern color TriangleColor1 = Pink;
extern color TriangleColor2 = Cyan;
extern color TriangleColor3 = Pink;
extern color TriangleColor4 = Yellow;
extern bool OnlyABequalsCD_Patterns = true;//false
int var_168 = 15;
int var_172 = 5;
int var_176 = 3;
double arr_global_180[];
double arr_global_184[];
double arr_global_188[];
double arr_global_192[];
int arr_global_196[30];
int var_200 = 99999999;
string var_204 = "";
string var_212 = "";
string var_220 = "1970.1.1 00:00";
string var_228 = "1970.1.1 00:00";
int var_236;
bool var_240 = false;
string var_244 = "";

And what exactly did you quote my post in one monolithic block for, after I already demonstrated correct "multi-quote" style? Now I have to work harder just to extract what you wrote. I suggest adding "how to use a forum" to your list of things to do, and PAY ATTENTION to how I'm writing my posts in multi-quote style, like this one.
In other words, you won't admit that (a) you didn't spend any time at all figuring out how to hide SoftICE, or (b) are going to apply the "it's too hard and I don't have the time" excuse. And why did you not mention OLLYDBG a single time in your first post? That is the most popular debugger for non-system-level debugging and reversing right now, once again if you had lurked enough you'd know. Even the underage retarded script kiddies who "want to crack some appz" know what OllyDbg is.

You don't need to know programming to reverse, but from what I see, your knowledge is SEVERELY out of date, and you will need to increase it. That's what the Internet is for.
This is an RCE forum so you're supposed to crack it, duh...

sigh.
Lets put it clear.

He just want to steal compiled trading systems used by companies to know either WHEN they are supposed to do which operation, to take advantage by doing opposite/identical operations or just reuse it.

There's actually no other real usage, other than that...

i know nothing about Metatrader or ex4 files (and i'm too lazy to search on it), but it sounds from your initial description like these ex4 files might contain data as opposed to code (and the "hacker" contacts you have might have been pulling your leg).

I see both code and data. Sort of like Java bytecodes but looks a lot more dense.

I just don't understand why you'd want to do this... You want to reverse some software for forex/cfd/futures/etc trading so you can place opposite trades/bets? Wierd. Why not just do your research manually, come up with your own trades and execute them yourself? IMO these trading systems aren't worth the money, nothing replaces proper research and market understanding...

At least that way when you lose lots of cash you can't sit there and blame us lot on the RCE forum for not "craxx0ring" your software properly.

Late post, but what the heck... a decompiler:

link deleted

THATS A SHAREWARE,ITS NOT YOUR CODE OR PROGRAM/UTILITY WHATSO EVER