Analysis and Reverse Engineering Executable File

Aaron Lin

Aaron Lin

December 12, 2021

2 min read

Prerequisites

#
  • WinHex
  • 7zip

Tutorial

#

Today we'll look into how to reverse engineer an executable file with unknown programming language origin

1 Download WinHex as a prerequisite for the following steps.

You can find one with a license on a torrent site.

2 Open WinHex and drag in your .exe file

3 Start scrolling the hex of the .exe until you find something recognizable. In this case, I found code that could be an indication that it is Java code bundled into an .exe

Note: We can also know this is a launch4j jar bundled inside an exe if we open the .exe with 7zip. It should be the following content structure

4

Doing some research, we can see that if we can extract the hex starting from PK to the end of the hex, we can turn it back into a .jar file

For reference:
http://reverseengineeringtips.blogspot.com/2014/12/unpacking-launch4j-35-extracting-jar.html
https://reverseengineering.stackexchange.com/questions/3532/get-jar-back-from-wrappedinto-exe-jar

5

Search for "META-INF" for the starting block. Right click the hex block starting with PK and select Beginning of block

6

Scroll down to the bottom and right click and set the last hex block as End of block'

7

Right click the highlighted block and click Edit

8

Then click Copy Block followed by Into New file and name the file appended with .jar

9

Right click the .jar file and click 7-Zip followed by Open archive

10

If done correctly, the jar should open as java class files

{
Developed by Aaron Lin
}

Built with Next.js and Chakra UI