Thread: binary data

  1. #1
    Registered User
    Join Date
    Jan 2004
    Posts
    18

    binary data

    i was looking at code for a program and was wondering if there is anyway for me to understand the binary data that i was seeing, u know, the stuff with all the funky characters and such...

  2. #2
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,708
    Sure, get a hex-editor.
    Code:
    #include <cmath>
    #include <complex>
    bool euler_flip(bool value)
    {
        return std::pow
        (
            std::complex<float>(std::exp(1.0)), 
            std::complex<float>(0, 1) 
            * std::complex<float>(std::atan(1.0)
            *(1 << (value + 2)))
        ).real() < 0;
    }

  3. #3
    Registered User major_small's Avatar
    Join Date
    May 2003
    Posts
    2,787
    what do you mean the 'code'? do you mean you opened the compiled binary in a text editor? in that case, you're just seeing garbage... try a hex editor, which won't help much anyway, with the exception of finding the odd literal char array in the program...
    Join is in our Unofficial Cprog IRC channel
    Server: irc.phoenixradio.org
    Channel: #Tech


    Team Cprog Folding@Home: Team #43476
    Download it Here
    Detailed Stats Here
    More Detailed Stats
    52 Members so far, are YOU a member?
    Current team score: 1223226 (ranked 374 of 45152)

    The CBoard team is doing better than 99.16% of the other teams
    Top 5 Members: Xterria(518175), pianorain(118517), Bennet(64957), JaWiB(55610), alphaoide(44374)

    Last Updated on: Wed, 30 Aug, 2006 @ 2:30 PM EDT

  4. #4
    Registered User
    Join Date
    Jan 2004
    Posts
    18
    i mean some fool sent me a keylogger... i turned the file from a .exe to a .txt so i could view it in notepad. im talkin bout all the junk like ^$%$^%%#%% as code, and such. I want to find that fool's email address in it so i can kno where its sending stuff. where can i find this "hex-editor"?

  5. #5
    Registered User manofsteel972's Avatar
    Join Date
    Mar 2004
    Posts
    317

    Binary data

    Unless you know the format the person used to create the binary data it is very difficult to discern its meaning. It is like the different picture formats they all display an image but the binary data is arranged differently.

    If you are talking programs and not data files then it is a little different.

    If you know that it is executable code then you can use a disassembler to view the assembly language instructions. Usually it will display the computer op codes and their numonics. The op codes are dipslayed as hex. Those are the numbers you see in the hex editor. Since these values may or may not be part of the ascii code you can get some funcky symbols displayed or nothing at all displayed.

    memory address numonic op code
    0000:0000 ADD AX,BX 01D8

    If you really want to know what goes on with each assembly instruction I would suggest going to

    http://developer.intel.com/design/pe...als/253665.htm
    "Knowledge is proud that she knows so much; Wisdom is humble that she knows no more."
    -- Cowper

    Operating Systems=Slackware Linux 9.1,Windows 98/Xp
    Compilers=gcc 3.2.3, Visual C++ 6.0, DevC++(Mingw)

    You may teach a person from now until doom's day, but that person will only know what he learns himself.

    Now I know what doesn't work.

    A problem is understood by solving it, not by pondering it.

    For a bit of humor check out xkcd web comic http://xkcd.com/235/

  6. #6
    C++ Developer XSquared's Avatar
    Join Date
    Jun 2002
    Location
    Ontario, Canada
    Posts
    2,718
    If you use a hex editor, you should be able to find the string table, which would most likely have their e-mail address, unless (s)he encrypted it.
    Naturally I didn't feel inspired enough to read all the links for you, since I already slaved away for long hours under a blistering sun pressing the search button after typing four whole words! - Quzah

    You. Fetch me my copy of the Wall Street Journal. You two, fight to the death - Stewie

  7. #7
    Registered User major_small's Avatar
    Join Date
    May 2003
    Posts
    2,787
    Originally posted by sycorax
    i mean some fool sent me a keylogger... i turned the file from a .exe to a .txt so i could view it in notepad. im talkin bout all the junk like ^$%$^%%#%% as code, and such. I want to find that fool's email address in it so i can kno where its sending stuff. where can i find this "hex-editor"?
    can you be sure it's sending emails?
    Join is in our Unofficial Cprog IRC channel
    Server: irc.phoenixradio.org
    Channel: #Tech


    Team Cprog Folding@Home: Team #43476
    Download it Here
    Detailed Stats Here
    More Detailed Stats
    52 Members so far, are YOU a member?
    Current team score: 1223226 (ranked 374 of 45152)

    The CBoard team is doing better than 99.16% of the other teams
    Top 5 Members: Xterria(518175), pianorain(118517), Bennet(64957), JaWiB(55610), alphaoide(44374)

    Last Updated on: Wed, 30 Aug, 2006 @ 2:30 PM EDT

  8. #8
    Registered User
    Join Date
    Jan 2004
    Posts
    18
    yea, my firewall blocks it... apparently it was aimed at a MMORPG that i play called runescape because various items in the game are missing, and i was left with a message saying "MUAHA YOU HAVE AN INSTANT PASSWORD STEALER" instant my booty, i know its a keylogger because zonealarm catches it tryint to send emails, i just want to know where to

  9. #9
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,708
    If you'd like to upload the program as an attachment, I'll be glad to take a look at it.
    Code:
    #include <cmath>
    #include <complex>
    bool euler_flip(bool value)
    {
        return std::pow
        (
            std::complex<float>(std::exp(1.0)), 
            std::complex<float>(0, 1) 
            * std::complex<float>(std::atan(1.0)
            *(1 << (value + 2)))
        ).real() < 0;
    }

  10. #10
    Registered User
    Join Date
    Jan 2004
    Posts
    18
    ive been told not to by some mod. i posted the code on here in a different forum, which he deleted, he said it might be something called malware, i dont know what that means, and i dont want to post it again if i will get banned for it, this community owns so i dont wanna loose it

  11. #11
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,708
    OK, then email it to me:

    [email protected]
    Code:
    #include <cmath>
    #include <complex>
    bool euler_flip(bool value)
    {
        return std::pow
        (
            std::complex<float>(std::exp(1.0)), 
            std::complex<float>(0, 1) 
            * std::complex<float>(std::atan(1.0)
            *(1 << (value + 2)))
        ).real() < 0;
    }

  12. #12
    Registered User
    Join Date
    Jan 2004
    Posts
    18
    ok, thanks for looking at it... i put the code into 2 parts just cuz i was paraniod and didnt want the keylogger doing anything again

  13. #13
    Hardware Engineer
    Join Date
    Sep 2001
    Posts
    1,398

    Some background for 'ya...

    Like everything in the computer, an exe file is stored as binary "numbers" or "bit-patterns".

    These bit-patterns represent machine code instuctions (and data) that the microprocessor understands. Different microprocessors have different instruction sets. You can't run an exe from your PC, on your Mac.

    Since the computer can only handle binary numbers, text is stored in ASCII code. An upper case "A" is stored as the number 65 (Decimal), or 41 Hex. The program has to keep track of this "number" to know if it's a number, an A, or a machine-code instruction. Notepad doesn't know what the numbers represent, and tries to convert everything to text.

    When you compile a program, you convert the C++ source code into machine language. This process is essentially irreversable. You can't de-compile and get your original C++ code. Some data is simply lost when you compile. For example, comments don't exist in machine code, and machine code doesn't use variable names. You can get a decompiler, but it won't recreate the original code.

    Assembly language is a direct line-to-line human readable representation of machine code. You can disassemble (like decompiling) a machine code program into assembly language. and you can see exactly what the program is doing. (Of course you don't get comments, etc.) I assume Sebastiani is going to look at your assembly code. For most of us mortals, understanding an uncommented assembly program more than a couple-hundred lines long is impossible. Understanding a complex program (like a game or word processing program) is just about impossible for anyone!

    A hex editor allows you to look at binary data. It's easy (for humans) to convert between hex and binary, and hex is much easier to read than binary. Most hex editors will also display the corresponding ASCII character for each byte.

    Malware = malicious software (virus, etc.)
    Last edited by DougDbug; 03-18-2004 at 04:42 PM.

  14. #14
    Registered User
    Join Date
    Jan 2004
    Posts
    18
    ah, thanks... that clears alot up... just waiting for a reply on what if he can find the email address

  15. #15
    Registered User
    Join Date
    Jan 2004
    Posts
    18
    can anyone give me a link to find a decompiler ? i 've googled it in a bunch of differenet ways and still cant find one

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. store binary data in program...
    By Abda92 in forum C Programming
    Replies: 9
    Last Post: 03-23-2008, 10:33 AM
  2. Bitmasking Problem
    By mike_g in forum C++ Programming
    Replies: 13
    Last Post: 11-08-2007, 12:24 AM
  3. How to write image data to binary PGM file format(P5)?
    By tommy_chai in forum C Programming
    Replies: 6
    Last Post: 11-03-2007, 10:52 PM
  4. Binary comparison
    By tao in forum Windows Programming
    Replies: 0
    Last Post: 06-28-2006, 12:10 PM
  5. Replies: 4
    Last Post: 06-14-2005, 05:45 AM