Helping people with computers... one answer at a time.

Reverse engineering software is so time consuming as to be impractical. The source code may have to be written again from scratch.

Hey, there. I'm doing an internship in a marketing company. My boss just gave me an .exe file of a setup file which he had a few developers develop. The person that developed the software for him did not give him the source code. My boss is taking legal action against him. What he wants me to do is to recover the source code and make that program work. The program has bugs. Now, the problem is that I don't know which language that program was developed in and neither do I know anything about the bugs. How would you approach the problem? What do you recommend I should do? P.S. I have some programming experience in C++, C Sharp, and this is my first professional job - an internship.

In this excerpt from Answercast #30, I look at the problems involved in getting source code from an executable piece of software and ways to cover yourself with a contract when hiring a programmer.

Reconstructing source code

To be brutally honest, if you can't get the source code from the original developer, I would throw the program away and start over from scratch.

Here's the problem: it is nearly impossible to reconstruct the source code from an executable. The process of transforming the source code into the executable, into the .exe, is so complex:

  • It makes so many changes to what you started with,

  • It changes it from the programming language that you used (whatever that was) into machine code,

  • Which then also uses libraries based on whatever language it was using.

That process is so complex, that while reverse engineering it theoretically might be possible, it would be so costly and so time-consuming as to be impractical.

Write it from scratch

That's why I say, depending on the complexity of the program, you are much better off saying, "Fine, we'll just write it again from scratch."

Write it in the programming language that you're most familiar with, and don't write in those bugs that you're trying to avoid. Obviously, you'll end up replacing them with a few bugs of your own, but then you'll have the source code and be able to go in and fix them.

  • Typically, like I said, reverse engineering a program from its .exe file is just a non-starter.

So from your perspective, I would consider rewriting the program from scratch.

Legal action

From your boss's perspective, depending on how complex a program this is, I would suggest continuing that legal action to see if he can actually get the source code from the original developer. That could, in the long run, be the most cost-effective approach – even when you factor in legal fees.

Programming contracts

Finally, I do want to throw out a strong recommendation for anybody who has ever hired a programmer to write software for you:

  • Make sure that you have a contract;

  • And that contract clearly specifies the disposition and the ownership of the source code;

  • And the results of creating the program from that source code.

The scenario that you're encountering here is actually not that uncommon. It's unfortunate, but it happens.

Your lawyer, or your boss's lawyer, is going to be able to address your specific situation. I have no idea if there even was a contract, or what kind of responsibilities or legal issues there may be around the ownership of that source code. That may even depend on what country you're in – because I can see from where you posted your question that you're not in the United States.

Contractual details

So it's hard for me to say what the legal outcome might be in your case. Which is one of the reasons that I fall back to rewriting the program from scratch.

It's also one of the reasons that I strongly recommend to anyone hiring contract work like this that you have a clear contract.

Something that is really clear that says, "OK, when this is all done, not only do I own the source code, I, the person who asked for the program to be written, I own the program, I own the source code – and by the way, you are not allowed to sell the source code to somebody else because you wrote it for me. It's mine."

Those kinds of issues are the kinds of issues that need to be dealt with in the contract before the project even starts.

So, like I said, good luck with that. Unfortunately, what you want to do (reverse engineer the application) just isn't something that I can, in all honesty, even come close to recommending as a practical solution to the problem that you've found yourself in.

End of Answercast #30 Back to – Audio Segment

Article C5529 - June 28, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
Dan Ullman
June 29, 2012 9:44 AM

Leo-

I agree that reverse engineering is a fool's errand it might not be in this case The OP wrote that this is a “setup file”. Assuming that the programmer in question didn't build the setup from scratch it could be trivial to reproduce the work (or at least not all that time consuming).

Most installation software uses a script in one way or another. If you are real lucky that exe might be an interrupter that just holds the script and unpacks it to the %temp% directory to be ran. If this is the case it getting it would be trivial.

Even if this isn't the case all is not lost. If the program was made by company X it might be just a matter of asking on their web site. Read the rules first to make sure such questions are allowed.

Even if you cannot decompile the exe it might be trivial to reproduce it by buying and learning the program used. I had to do this once and here are the steps I used.

1)Right click on setup and click on properties → Version → Copyright. This will give you the name of the company who made the installation software.
2)On a clean machine, run the installation and note the changes made to machine (including the registry).

At this point it is merely a matter of buying the program (or getting the demo) and getting enough knowledge to reproduce the steps.

Ken B
June 29, 2012 12:58 PM

Or, as we like to say, "you can't turn a hamburger back into a cow".

johnny mneumonic
June 30, 2012 3:32 AM

You could start by downloading a resource monitor like pe explorer or resedit or restorator or restuner and feed the exe to one of these programs to find out what the program looks like when decompiled. Security Researchers do it all the time. These programs aren't cheap, but you can get a 30 day trial to see which one does the best job.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.