Does anyone here have some hints on how to reverse engineer c++ DLL's source and header files?

I know this info is compiler specific, im more or less just trying to use a DLL in a program. i can generate the lib's from the dll but i need the header file to use the lib's. Any replies will be helpful thx

If I understand correctly what you are asking, you want to: Manually generate the Header files for some DLL's you have available, so you can use their functions in you own programs?

1. It is POSSIBLE. If you disassemble the DLL in IDA and look at the export list, you may see an uncommented list of all the parameters that each exported function takes. You would then have to figure out what each of those parameters is: An Index, A string, a Structure, the pointer to some Structure? an array of Pointers? and understand what the function does with the parameters. . . At the end of the day, you would have to consider what is more time and brain consuming, fully reverse engineer the DLL, or at least the functions you are intersted in? or write you own functions from scratch.

2. If these DLLs are commercially available, perhaps you may find copies or demos of the headers floating around in Cyberspace. I assume you have searched and searched the web site of the company that made the dll and companies that use the dlls. Also search for the names of the exported functions, sometimes they are described in very user friendly manuals, PROTOTYPES included.

3. If you are coding a program for sale, be aware that the dll code will be under CopyRight, so you may as well buy now the DLLs, headers included, than have to pay a law suit later on.

I have the exported functions and their demangled names with the params, but how would i obtain what is inside a struct or a defined array? Thank you for your input

Well, That is exactly what I was talking about. Unless the dll function(s) take trivial parameter types, like and int, string or something simple like that, the brunt of your work is to Reverse Engineer the structures and arrays the function takes. Without fully understanding (Bonafide reverse engineering) what the function does with all those, possibly very convoluted data types, you have little use for the function's code.

If you have an exe file that calls the dll functions, with a little patience you stand a chance of figuring out what is the contents and the meaining of all the parameters passed by reference and value, how they are needed and they are used by the function; but chances are it will not be an easy or quick job.

Other more senior reverse engineers in the board may give you more info.

Is it possible to create an accurate source just from the disassembly of the DLL coded in c++, i dont wanna buy a program to do this i wanna learn how its done

Hi

It's back to the same answer I think, reverse engineering both the calling exe and the dll exactly as Naides described. Are you saying you don't have the exe? In that case I can't see there's much hope if you can't trace the exported functions during real use to *try* to figure out what the parameters are, a dead listing alone is of little use.

If you do have the exe there's lots you could do. Live trace the exe/dll for one of course. You could also use an API spy on the exported functions, a log of their use will clarify things immensely. APISpy32 for example lets you create your own Library files (libedit.exe) for exports monitoring. Here is the listing of the supported argument types, which also gives a small idea of what you have to figure out from hands on RE.


void - No arguments
DWORD - Integer type 4 bytes length
WORD - Integer type 2 bytes length
BYTE - Integer type 1 bytes length
LPSTR - pointer to zero terminated string
LPWSTR - pointer to unicode string
LPDATA - pointer to any data
HANDLE - any handle 4 bytes length
HWND - window handle 4 bytes length
BOOL - boolean type 4 bytes length
LPCODE - pointer to any code
LPBYTE - pointer to BYTE type variable
LPWORD - pointer to WORD type variable
LPDWORD - pointer to DWORD type variable
FLOAT - FLOAT type variable
LPFLOAT - pointer to FLOAT type variable

Kayaker

A program to rebuild C++ sources? I don't think such a beast is available, even if you are willing to pay. Compilation is not a reversible process, even if you target it at some specific compiler, especially for the presence of the optimization step.
Further steps, like packers/encrypters which are able to scramble sensitive parts of the code, make the reverse process even more unfeasible.
So the only answer is the one naides/Kayaker gave you...
My approach is:
(a) use your brain as most as you can
(b) use a good debugger to singlestep or break at some points and verify what have you found with your brain
(c) obviously the experience (previous targets you reversed) and learning from others (well-done tutorials) will help a lot
Sorry if these hints are extremely vague... I cannot be more specific without knowing your target.

Best regards, bilbo

Thanks a lot for your replies, ill take what you said and do what i can =)