Results 1 to 14 of 14

Thread: CCM decompiling

  1. #1
    Administrator Shelwien's Avatar
    Join Date
    May 2008
    Location
    Kharkov, Ukraine
    Posts
    3,423
    Thanks
    223
    Thanked 1,052 Times in 565 Posts

    CCM decompiling

    http://...

    sub_405AC0() is the main encoding function,
    sub_401C50() is the model init function.
    (dbg.log after encoding contains the actually compressed bytes -
    the filtering result can be observed).
    I only decompiled the source, but didn't really look at the
    algorithm (maybe toffer would).
    But overall it seems far from efficient - especially its rangecoder
    with 31-bit registers and extra shifts (seems like Schindler's original
    or a simple derivative).
    Last edited by Shelwien; 15th August 2009 at 03:34.

  2. #2
    Member
    Join Date
    May 2008
    Location
    Germany
    Posts
    410
    Thanks
    37
    Thanked 60 Times in 37 Posts
    if i understand well
    - you have done a Re-Engineering
    of the ccm130c from christian martelock

    further you have improved the main loop of the program

    is here a downloadable working windows-compile
    for this ccm130c_improved ?

    best regards

  3. #3
    Programmer osmanturan's Avatar
    Join Date
    May 2008
    Location
    Mersin, Turkiye
    Posts
    651
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by joerg View Post
    if i understand well
    - you have done a Re-Engineering
    of the ccm130c from christian martelock

    further you have improved the main loop of the program

    is here a downloadable working windows-compile
    for this ccm130c_improved ?

    best regards
    No, not improved. Still it's as is. BTW, it should be CCM not CCMX. And posted files already include executables. But, they are ~2x slower due to reserve engineering works. We (shelwien, toffer and me) are still trying to figure out it's algorithms.
    BIT Archiver homepage: www.osmanturan.com

  4. #4
    Member Skymmer's Avatar
    Join Date
    Mar 2009
    Location
    Russia
    Posts
    681
    Thanks
    38
    Thanked 168 Times in 84 Posts
    Quote Originally Posted by Shelwien View Post
    http://.../

    sub_405AC0() is the main encoding function,
    sub_401C50() is the model init function.
    (dbg.log after encoding contains the actually compressed bytes -
    the filtering result can be observed).
    I only decompiled the source, but didn't really look at the
    algorithm (maybe toffer would).
    But overall it seems far from efficient - especially its rangecoder
    with 31-bit registers and extra shifts (seems like Schindler's original
    or a simple derivative).
    Though I don't know what does Christian thinks about it and from my point of view its a questionable ethics here, anyway, Shelwien, nicely done!
    I've made a couple of tests on enwik8 at 5 level.
    Code:
             CCM v1.30c = 71.709
               deCCM_v0 = 211.416
    deccm_v0_sub_405AC0 = 211.621
               deCCM_v1 = 202.411
    Obviously, decompiled version almost 3 times slower. More exactly speaking 2.82 times. All output files are identical.
    This fact and some other things bring some questions from me. Sorry if I dumb here
    1.) Why decompiled versions are too much slower than originals? I remember that some time ago one dude called Z0MbiE ripped NRV engine from UPX and it was too slow too.
    2.) I don't completely understand how its implemented. Decompiled ccm.exe is almost identical to original - there are only 3 differences in it. Two of them are in the header and last one is just changed imported DLL name. Original version imports KERNEL32.dll and decompiled one imports 1.dll. So what is that 1.dll file ? Where it comes from and what does it contain ?

  5. #5
    Administrator Shelwien's Avatar
    Join Date
    May 2008
    Location
    Kharkov, Ukraine
    Posts
    3,423
    Thanks
    223
    Thanked 1,052 Times in 565 Posts
    > Though I don't know what does Christian thinks about it
    > and from my point of view its a questionable ethics here,

    I don't intend to use it in commercial programs,
    so my conscience is silent. And people who want to prevent
    reverse-engineering should at least write about that
    in the license (but preferably also add a software protection).

    > All output files are identical.

    Well, thanks for testing then, as I changed the code quite a bit
    and didn't really test it

    > 1.) Why decompiled versions are too much slower than originals?

    Because decompiled C code has to simulate the behaviour of "original"
    asm code (to an extent).
    And access to something defined like
    uint& input_ptr = *(uint*)0x153B2A0;
    is obviously slower than to just
    uint input_ptr
    as compiler can handle the later case much better.

    > 2.) I don't completely understand how its implemented.
    > Decompiled ccm.exe is almost identical to original - there
    > are only 3 differences in it. Two of them are in the
    > header and last one is just changed imported DLL name.
    > Original version imports KERNEL32.dll and decompiled one
    > imports 1.dll. So what is that 1.dll file ? Where it comes
    > from and what does it contain ?

    <Simon|B> and what does the dll do?
    <Shelwien> as actually the stuff i already decompiled contains all the main algorithm
    <Shelwien> except for filtering and rc
    <Shelwien> but rc is dumb so i won't decompile it probably
    <Shelwien> <osman> yep. but i wonder what that hell? using a DLL?
    <Shelwien> <Shelwien> its my new decompiling method
    <Shelwien> <Shelwien> attaching a dll to a program
    <Shelwien> <Shelwien> and incrementally decompiling and moving the functions from program to dll
    <Shelwien> <Shelwien> its really helpful
    <Shelwien> so ccm.exe there does commandline handling, filtering, buffering and rangecoding
    <Shelwien> and model init and encoding loop are in dll
    <Simon|B> is it comparable in tems of speed with original?
    <Shelwien> atm not sure. probably slower because of some thunks

    So, 1.dll forwards some symbols from kernel32.dll and ccm.exe
    uses it instead of kernel32.dll.
    And then, when executable is loaded, its dlls are also loaded,
    and their entrypoints are called before passing control to
    the actual program.
    Thus, 1.dll is able to patch some code and substitute
    the functions contained in it instead of some of original ones.

  6. #6
    Member
    Join Date
    Oct 2007
    Location
    Germany, Hamburg
    Posts
    408
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Also note that it's without any optimization. I compiled it myself and got 49 secfor original and and 64 sec for this version. Not so much difference. But as Shelwien said it's not really important at this point.

  7. #7
    Programmer
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    420
    Thanks
    28
    Thanked 153 Times in 18 Posts
    Hey guys.

    Quote Originally Posted by Skymmer
    Though I don't know what does Christian thinks about it and from my point of view its a questionable ethics here, anyway, Shelwien, nicely done!
    It's still a mystery to me why everyone is still so obsessed with CCM.

    But I think it should be pretty obvious that I don't want people to reverse-engineer my old compressors and release patched (or any) versions of it. Therefore, please stop doing it. Thanks!

    PS: For additional information please refer to "The Twelve Compression Commandments".

  8. #8
    Tester
    Nania Francesco's Avatar
    Join Date
    May 2008
    Location
    Italy
    Posts
    1,565
    Thanks
    220
    Thanked 146 Times in 83 Posts

    Not use disassembler's for all compressor please!

    They agree with Christian is not correct to reconstruct the code of others if owner of the code doesn't want that am open!

  9. #9
    Member
    Join Date
    May 2008
    Location
    Germany
    Posts
    410
    Thanks
    37
    Thanked 60 Times in 37 Posts
    @christian martelock

    welcome back into the forum

    you were abstinent for a long time

    1. if you do not want a re-engineering of your compressors
    i think we should not do this further

    but ccm is a very impressing program

    please look at

    https://sourceforge.net/forum/messag...msg_id=4173069

    2007-02-22:
    "It would be a crime if this amazing compressor wasn't developed to its full potential"

    2. may be you can give us some hints about the algorithm

    or

    3. may be you can decide to release the source of one
    of your older program versions

    or maybe of slug 1.2x

    you wrote on your webpage:

    "Maybe next year, there will be Slug 1.3x coming
    with a new approach... "

    or any other

    to allow us a further development

    best regards

    Joerg

    and thank you again for your wonderful ccm

  10. #10
    Member
    Join Date
    Jun 2008
    Location
    USA
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by joerg View Post
    @christian martelock

    welcome back into the forum

    you were abstinent for a long time


    I don't think that means what you think it means (no offense intended, just funny!).

    Main Entry: ab?sti?nence
    Pronunciation: \ˈab-stə-nən(t)s\
    Function: noun
    Etymology: Middle English, from Anglo-French, from Latin abstinentia, from abstinent-, abstinens, present participle of abstinēre
    Date: 14th century
    1 : voluntary forbearance especially from indulgence of an appetite or craving or from eating some foods
    2 a : habitual abstaining from intoxicating beverages b : abstention from sexual intercourse
    ? ab?sti?nent \-nənt\ adjective
    ? ab?sti?nent?ly adverb

  11. #11
    Member
    Join Date
    Sep 2007
    Location
    Denmark
    Posts
    878
    Thanks
    50
    Thanked 106 Times in 84 Posts
    Off topic:

    Hi Christian.
    would still love to experiment with your alternativ RZM version

  12. #12
    Member
    Join Date
    Jun 2009
    Location
    Kraków, Poland
    Posts
    1,475
    Thanks
    26
    Thanked 121 Times in 95 Posts
    Rugxulo:
    Probably he meant 'absent'

  13. #13
    Member
    Join Date
    May 2008
    Location
    Germany
    Posts
    410
    Thanks
    37
    Thanked 60 Times in 37 Posts
    please excuse me for my bad english
    it should be "absent" - thank you piotr

    but sadly - christian seems not to have time for us yet!

    best regards

  14. #14
    Member
    Join Date
    Jun 2008
    Location
    USA
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by joerg View Post
    please excuse me for my bad english
    it should be "absent" - thank you piotr
    Sorry, didn't mean to pick on you, please don't take offense, I just thought it was a little funny.

Similar Threads

  1. CCM 1.3x
    By Christian in forum Forum Archive
    Replies: 67
    Last Post: 25th April 2008, 21:22
  2. CCM 1.25 is here!
    By Christian in forum Forum Archive
    Replies: 84
    Last Post: 16th November 2007, 11:00
  3. CCM(x) multithreaded ?
    By SvenBent in forum Forum Archive
    Replies: 2
    Last Post: 15th September 2007, 16:29
  4. CCM 1.2x branch
    By Christian in forum Forum Archive
    Replies: 107
    Last Post: 8th June 2007, 18:56
  5. CCM - 1.1.x branch
    By Christian in forum Forum Archive
    Replies: 105
    Last Post: 20th March 2007, 00:50

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •