From Black Field to Blueprint

Key Challenges

1. Lacking Supply Code: legacy understanding is already advanced while you
   have supply code and an SME (in some type) to place all the things collectively. When the
   supply code is lacking and there are not any consultants it’s an excellent higher problem.
   What’s left are some compiled binaries. These will not be the latest binaries that
   are simple to decompile attributable to wealthy metadata (like .NET assemblies or JARs), these
   are even older binaries: the sort that you just may see in previous home windows XP below
   C:Home windowssystem32. Even when the database is accessible, it doesn’t inform
   the entire story. Saved procedures and triggers encode many years of amassed
   enterprise guidelines. Schema displays compromises made based mostly on context unknown.
2. Outdated Infrastructure: OS and DB reached finish of life, long gone its
   LTS. Software has been in a frozen state within the type of VM resulting in
   vital threat to not solely enterprise continuity, additionally considerably growing
   safety vulnerability, non compliance and threat legal responsibility.
3. Institutional Information Misplaced: whereas hundreds of finish customers are
   constantly utilizing the system, there may be hardly any enterprise information obtainable
   past the occasional help actions. The reside system is the most effective supply of
   information. The one dependable view of performance is what customers see on display.
   However the UI captures solely the “final mile” of execution. Behind every display lies a
   tangled internet of logic deeply built-in to a number of different core methods. It is a
   widespread problem, and this technique was no exception, having a historical past of a number of
   failed makes an attempt to modernize.

Our Objective

The target is to create a wealthy, complete purposeful specification
of the legacy system with no need its unique code, however with excessive
confidence. This specification then serves because the blueprint for constructing a
trendy substitute utility from a clear slate.

• Perceive general image of the system boundary and the combination
  patterns
• Construct detailed understanding of every purposeful space
• Determine the widespread and distinctive eventualities

To make sense of a black-box system, we would have liked a structured solution to pull
collectively fragments from totally different sources. Our precept was easy: don’t
attempt to get better the code — reconstruct the purposeful intent.

Our Multi Lens Method

It was a 3 tier structure – Internet Tier (ASP), App Tier (DLL) and
Persistence (SQL). This structure sample gave us a bounce begin even with out
supply repo. We extracted ASP recordsdata and DB schema, saved procedures from the
manufacturing system. For App Tier we solely have the native binaries. With all
this data obtainable, we deliberate to create a semi-structured
description of utility habits in pure language for the enterprise
customers to validate their understanding and expectations and use the validated
purposeful spec to do accelerated ahead engineering. For the semi-structured
description, our strategy had broadly two elements

1. Utilizing AI to attach dots throughout totally different information sources
2. AI assisted binary Archaeology to uncover the hidden performance from
   the native DLL recordsdata

UI Layer Reconstruction

Shopping the prevailing reside utility and screenshots, we recognized the
UI parts. Utilizing the ASP and JS content material the dynamic behaviour related
with the UI aspect could possibly be added. This gave us a UI spec like under:

What we seemed for: validation guidelines, navigation paths, hidden fields. One
of the important thing challenges we confronted from the early stage was hallucination, each
step we added an in depth lineage to make sure that we cross examine and make sure. In
the above instance we had the lineage of the place it comes from. Following this
sample, for each key data we added the lineage together with the
context. Right here the LLM actually sped up the summarizing of enormous numbers of
display definitions and consolidating logic from ASP and JS sources with the
already recognized UI layouts and area descriptions that might in any other case take
weeks to create and consolidate.

Discovery with Change Information Seize (CDC)

We deliberate to make use of Change Information Seize (CDC) to hint how UI actions mapped
to database exercise, retrieving change logs from MCP servers to trace the
workflows. Atmosphere constraints meant CDC might solely be enabled partially,
limiting the breadth of captured information.

Different potential sources—akin to front-end/back-end community visitors,
filesystem adjustments, extra persistence layers, and even debugging
breakpoints—stay viable choices for finer-grained discovery. Even with
partial CDC, the insights proved worthwhile in linking UI habits to underlying
information adjustments and enriching the system blueprint.

Server Logic Inferance

We then added extra context by supplying
typelibs that have been extracted from the native binaries, and saved procedures,
and schema extracted from the database. At this level with details about
structure, presentation logic, and DB adjustments, the server logic will be inferred,
which saved procedures are probably referred to as, and which tables are concerned for
most strategies and interfaces outlined within the native binaries. This course of leads
to an Inferred Server Logic Spec. LLM helped in proposing probably relationships
between App tier code and procedures / tables, which we then validated by way of
noticed information flows.

Prior Makes an attempt

Earlier than we arrived at this strategy, we tried

• brute-force technique: Added all meeting capabilities right into a workspace, and used
  the LLM agent to make it humanly readable pseudocode. Confronted a number of challenges
  with this. Ran out of the 1 million context window as LLM tried to ultimately
  load all capabilities attributable to dependencies (references it encountered e.g. perform
  calls, and different capabilities referencing present one)
• Break up the set of capabilities into a number of batches, a file every with 100s of
  capabilities, after which use LLM to research every batch in isolation. We confronted quite a bit
  of hallucination points, and file measurement points whereas streaming to mannequin. Just a few
  capabilities have been transformed meaningfully however loads of different capabilities did not make
  any-sense in any respect, all appeared like comparable capabilities, on cross checking we
  realised the hallucination impact.
• The subsequent try was to transform the capabilities one by one, to
  guarantee LLM is supplied with a contemporary slim window of context to restrict
  hallucination. We confronted a number of challenges (API utilization restrict, price
  limits) – We could not confirm what LLM translation of enterprise logic
  was proper or unsuitable. Then we could not join the dots between these
  capabilities. Attention-grabbing word, we even discovered some C++ STDLIB capabilities
  like
  std::vector::insert
  on this strategy. We discovered quite a bit have been truly unwind capabilities purely
  used to name destructors when exception occurs (stack
  unwinding)
  destructors, catch block capabilities. Clearly we would have liked to give attention to
  enterprise logic and ignore the compiled library capabilities, additionally combined
  into the binary

After these makes an attempt we determined to vary our strategy to slice the DLL based mostly
on purposeful space/workflow reasonably than take into account the whole meeting code.

Discovering the related perform

The primary problem within the purposeful space / workflow strategy is to discover a
hyperlink or entry level among the many 1000s of capabilities.

One of many obtainable choices was to fastidiously have a look at the constants and
strings within the DLL. We used the historic context: late Nineteen Nineties or early 2000
widespread architectural sample adopted in that interval was to insert information into
the DB: was to both “choose for insert” or “insert/replace dealt with by saved
process” or by way of ADO (which is an ORM). Curiously we discovered all of the
patterns in numerous elements of the system.

Our performance was about inserting or updating the DB on the finish of the
course of however we could not discover any insert or replace queries within the strings, no
saved process to carry out the operation both. For the performance we
have been searching for, it occurred to really use a SELECT by way of SQL after which
up to date by way of ADO (activex information object microsoft library).

We acquired our break based mostly on the desk title talked about within the
strings/constants, and this led to discovering the perform which is utilizing that
SQL assertion. Preliminary have a look at that perform did not reveal a lot, it could possibly be
in the identical purposeful space however a part of a special workflow.

Constructing the related subtree

ASM code, and our disassembly instrument, gave us the perform name reference
information, utilizing it we walked up the tree, assuming the assertion execution is one
of the leaf capabilities, we navigated to the guardian which referred to as this to
perceive its context. At every step we transformed ASM into pseudo code to
construct context.

Earlier once we transformed ASM to pseudocode utilizing brute-force we could not
cross confirm whether it is true. This time we’re higher ready as a result of we all know
to anticipate what could possibly be the potential issues that might occur earlier than a
sql execution. And use the context that we gathered from earlier steps.

We mapped out related capabilities utilizing this name tree navigation, typically
we have now to keep away from unsuitable paths. We realized about context poisoning in a tough
method, in-advertely we handed what we have been searching for into LLM. From that
second LLM began colouring its output focused in direction of what we have been trying
for, main into unsuitable paths and eroding belief. We needed to recreate a clear
room for AI to work in throughout this stage.

We acquired a excessive degree define of what the totally different capabilities have been, and what
they could possibly be doing. For a given work stream, we narrowed down from 4000+
capabilities to 40+ capabilities to take care of.

Multi-Move Enrichment

AI accelerated the meeting archaeology layer by layer, cross by cross: We
utilized multi cross enrichment. In every cross, we both navigated from leaf
node to high of the tree or reverse, in every step we enriched the context of
the perform both utilizing its mother and father context or its baby context. This
helped us to vary the technical conversion of pseudocode right into a purposeful
specification. We adopted easy methods like asking LLM to provide
significant technique names based mostly on identified context. After a number of passes we construct
out your complete purposeful context.

Validating the entry level

The final and demanding problem was to substantiate the entry perform. Typical
to C++, digital capabilities made it tougher to hyperlink entry capabilities in school
definition. Whereas performance seemed full beginning with the foundation node,
we weren’t certain if there may be some other extra operation occurring in a
guardian perform or a wrapper. Life would have been simpler if we had debugger
enabled, a easy break level and evaluate of the decision stack would have
confirmed it.

Nevertheless with triangulation methods, like:

1. Name stack evaluation
2. Validating argument signatures and the the return signature within the
   stack
3. Cross-checking with UI layer calls (e.g., associating technique signature
   with the “submit” name from Internet tier, checking parameter sorts and utilization, and
   validating in opposition to that context)