decompiling QuickBasic 2.0 compiled execuables

If you have questions about any aspect of QBasic programming, or would like to help fellow programmers solve their problems, check out this board!

Moderators: Pete, Mods

Post Reply
Posts: 3
Joined: Fri Jul 16, 2010 8:52 am

decompiling QuickBasic 2.0 compiled execuables

Post by michael.evenson » Fri Jul 16, 2010 9:06 am

I have been working on a program to decompile .exe files that were compiled with QB20 (exe's that require BRUN20.EXE to run). I have come to the conclusion that the compiled program has a stub attached as the third segment of the exe that loads BRUN20.EXE and QUICKPAK.EXE (if used) and then starts to run the IL code stored in one of the other segments (usually segment 0). The code in the stub segment is ALWAYS identical. and is always the starting point of the executable. The last segment is always the constants segment and the first segment contains what I like to refer to as the IL code. This is the code that is interpreted by either the stub or BRUN20 (I haven't figured out which yet). If I can figure out the format of the IL segment it should be quite simple to regenerate the basic source (minus the real names for the variables - they would have to be machine generated).

I was just wondering if anyone else has tried to do this and if they have gotten any further than I have.

Posts: 3
Joined: Fri Jul 16, 2010 8:52 am

More interesting finds (at least I think so)

Post by michael.evenson » Tue Jul 20, 2010 6:15 am

I've further discovered that my original assumptions about what executes the Basic binary Code were wrong. After disassembling BRUN20.EXE a little further it seems that BRUN20.EXE pataches the INterrupt 3D, 3E and 3F vectors to intercept them. The Basic Binary code contained in segment 0 of the compiled exe uses these interrupts to execute the code. Here is an example:

seg000:0040 line10: ; for i = 11 to 20
seg000:0040 CD 3F int 3Fh
seg000:0042 ; ---------------------------------------------------------------------------
seg000:0042 59 pop cx
seg000:0043 90 nop
seg000:0044 90 nop
seg000:0045 BE 56 18 mov si, 1856h
seg000:0048 CD 3F int 3Fh
seg000:0048 ; ---------------------------------------------------------------------------
seg000:004A 6F db 6Fh ; o
seg000:004B 90 db 90h ; ?
seg000:004C 90 db 90h ; ?
seg000:004D E9 db 0E9h ; T
seg000:004E 27 db 27h ; '
seg000:004F 00 db 0
seg000:0050 ; ---------------------------------------------------------------------------
seg000:0050 line20: ; CODE XREF: seg000:0089j
seg000:0050 CD 3F int 3Fh ; print i
seg000:0052 ; ---------------------------------------------------------------------------
seg000:0052 59 pop cx
seg000:0053 90 nop
seg000:0054 90 nop
seg000:0055 CD 3F int 3Fh
seg000:0055 ; ---------------------------------------------------------------------------
seg000:0057 BC db 0BCh
seg000:0058 90 db 90h
seg000:0059 90 db 90h
seg000:005A ; ---------------------------------------------------------------------------
seg000:005A BB 5A 18 mov bx, 185Ah
seg000:005D CD 3F int 3Fh
seg000:005D ; ---------------------------------------------------------------------------
seg000:005F 6B db 6Bh ; k
seg000:0060 90 db 90h ; ?
seg000:0061 90 db 90h ; ?
seg000:0062 ; ---------------------------------------------------------------------------
seg000:0062 CD 3E int 3Eh
seg000:0062 ; ---------------------------------------------------------------------------
seg000:0064 79 db 79h ; y
seg000:0065 90 db 90h ; ?
seg000:0066 90 db 90h ; ?
seg000:0067 ; ---------------------------------------------------------------------------
seg000:0067 line30: ; next i
seg000:0067 CD 3F int 3Fh
seg000:0069 ; ---------------------------------------------------------------------------
seg000:0069 59 pop cx
seg000:006A 90 nop
seg000:006B 90 nop
seg000:006C BF 5E 18 mov di, 185Eh
seg000:006F BE 5A 18 mov si, 185Ah
seg000:0072 CD 3F int 3Fh
seg000:0072 ; ---------------------------------------------------------------------------
seg000:0074 7F db 7Fh
seg000:0075 90 db 90h
seg000:0076 90 db 90h
seg000:0077 ; ---------------------------------------------------------------------------
seg000:0077 BF 5A 18 mov di, 185Ah
seg000:007A CD 3F int 3Fh
seg000:007A ; ---------------------------------------------------------------------------
seg000:007C 7D db 7Dh
seg000:007D 90 db 90h
seg000:007E 90 db 90h
seg000:007F ; ---------------------------------------------------------------------------
seg000:007F 8B F7 mov si, di
seg000:0081 BF 62 18 mov di, 1862h
seg000:0084 CD 3F int 3Fh
seg000:0084 ; ---------------------------------------------------------------------------
seg000:0086 9F db 9Fh
seg000:0087 90 db 90h
seg000:0088 90 db 90h
seg000:0089 ; ---------------------------------------------------------------------------
seg000:0089 76 C5 jbe short line20
seg000:008B line40: ; for j = 21 to 30
seg000:008B CD 3F int 3Fh
seg000:008D ; ---------------------------------------------------------------------------
seg000:008D 59 pop cx
seg000:008E 90 nop
seg000:008F 90 nop
seg000:0090 BE 66 18 mov si, 1866h
seg000:0093 CD 3F int 3Fh
seg000:0093 ; ---------------------------------------------------------------------------
seg000:0095 6F db 6Fh
seg000:0096 90 db 90h
seg000:0097 90 db 90h
seg000:0098 ; ---------------------------------------------------------------------------
seg000:0098 E9 27 00 jmp loc_100C2
seg000:009B ; ---------------------------------------------------------------------------
seg000:009B line50: ; CODE XREF: seg000:00D4j
seg000:009B CD 3F int 3Fh ; print j
seg000:009D ; ---------------------------------------------------------------------------
seg000:009D 59 pop cx
seg000:009E 90 nop
seg000:009F 90 nop
seg000:00A0 CD 3F int 3Fh
seg000:00A0 ; ---------------------------------------------------------------------------
seg000:00A2 BC db 0BCh
seg000:00A3 90 db 90h
seg000:00A4 90 db 90h
seg000:00A5 ; ---------------------------------------------------------------------------
seg000:00A5 BB 6A 18 mov bx, 186Ah
seg000:00A8 CD 3F int 3Fh
seg000:00A8 ; ---------------------------------------------------------------------------
seg000:00AA 6B db 6Bh
seg000:00AB 90 db 90h
seg000:00AC 90 db 90h
seg000:00AD ; ---------------------------------------------------------------------------
seg000:00AD CD 3E int 3Eh
seg000:00AD ; ---------------------------------------------------------------------------
seg000:00AF 79 db 79h
seg000:00B0 90 db 90h
seg000:00B1 90 db 90h
seg000:00B2 ; ---------------------------------------------------------------------------
seg000:00B2 line60: ; next j
seg000:00B2 CD 3F int 3Fh
seg000:00B4 ; ---------------------------------------------------------------------------
seg000:00B4 59 pop cx
seg000:00B5 90 nop
seg000:00B6 90 nop
seg000:00B7 BF 5E 18 mov di, 185Eh
seg000:00BA BE 6A 18 mov si, 186Ah
seg000:00BD CD 3F int 3Fh
seg000:00BD ; ---------------------------------------------------------------------------
seg000:00BF 7F db 7Fh
seg000:00C0 90 db 90h
seg000:00C1 90 db 90h
seg000:00C2 ; ---------------------------------------------------------------------------
seg000:00C2 loc_100C2: ; CODE XREF: seg000:0098j
seg000:00C2 BF 6A 18 mov di, 186Ah
seg000:00C5 CD 3F int 3Fh
seg000:00C5 ; ---------------------------------------------------------------------------
seg000:00C7 7D db 7Dh
seg000:00C8 90 db 90h
seg000:00C9 90 db 90h
seg000:00CA ; ---------------------------------------------------------------------------
seg000:00CA 8B F7 mov si, di
seg000:00CC BF 6E 18 mov di, 186Eh
seg000:00CF CD 3F int 3Fh
seg000:00CF ; ---------------------------------------------------------------------------
seg000:00D1 9F db 9Fh
seg000:00D2 90 db 90h
seg000:00D3 90 db 90h
seg000:00D4 ; ---------------------------------------------------------------------------
seg000:00D4 76 C5 jbe short line50
seg000:00D6 CD 3E int 3Eh
seg000:00D6 ; ---------------------------------------------------------------------------
seg000:00D8 02 db 2
seg000:00D9 90 db 90h
seg000:00DA 90 db 90h
seg000:00DB 00 db 0
seg000:00DC 00 db 0
seg000:00DD 00 db 0
seg000:00DE 00 db 0
seg000:00DF 00 db 0
seg000:00DF seg000 ends

Posts: 3
Joined: Fri Jul 16, 2010 8:52 am

Above post is of a program compiled with debug on

Post by michael.evenson » Tue Jul 20, 2010 11:00 am

When I compiled the program above, I had the DEBUG flag checked in the compiler. That is why all the lines start with CD 3F 59. If compiled without the DEBUG flag on, the code starting at CD 3F 59 to the next CD is not there.

User avatar
Posts: 90
Joined: Wed Oct 22, 2008 3:27 pm
Location: canada

Post by qbasicfreak » Wed Sep 01, 2010 5:07 am

I don't think you're the first to try, I had heard about someone working on a reverse compiler before but never heard of one that worked 100%.

Post Reply