flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Projects and Ideas > quick decoder v1.10 (29-01-2017)

Author
Thread Post new topic Reply to topic
CandyMan



Joined: 04 Sep 2009
Posts: 210
Location: film "CandyMan" directed through Bernard Rose
quick decoder v1.10 (29-01-2017)
Hello all.

16/32/64 bit mode disassembler with several options (for Dos,Windows and Linux). Also 64-bit version exists (rewrited).
It supports all 8086-80486/Pentium instructions with
FPU, MMX, 3DNow!, SSE, SSE2, SSE3, SSE4, AVX, FMA, XOP, BMI, TBM, HLE, RTM, AVX2, AVX-512, MPX and others.


Description:
Download
Filename: QD.7Z
Filesize: 136.68 KB
Downloaded: 60 Time(s)


_________________
smaller is better


Last edited by CandyMan on 03 Feb 2017, 20:25; edited 14 times in total
Post 03 Feb 2010, 16:48
View user's profile Send private message Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2149
Location: Estonia
nice and clean - simply works. Thanks!
Post 03 Feb 2010, 18:04
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
EXE-compressed and no source included - eww.
Post 05 Feb 2010, 01:32
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1907
Re: quick decoder v1.0 by CandyMan

CandyMan wrote:
Hello all. 16/32/64 bit mode disassembler with several options (for Dos & Windows). It supports all 8086-80486/Pentium instructions with MMX



COOL Smile

Formal:

+ DOS version exists
+ DOS/32A used

- Hacked DOS/32A used + LV (Latvia Executable) - stops working if replaced by standard DOS/32A
- PE version has both invalid MZ stub as well as invalid PE format (imports in the MZ + PE header)
- see f0dder's post above
- nobody knows whether it's done with FASM at all

Functional:

+ Seems to work
+ 16-bit and 32-bit disassembly
+ HEX numbers prefixed with a DOLLAR $$$ Smile

- Redundant suffixes PUSHW DS | POPD ES
- Strange - + numbers on some instructions
- Unnecessary 32-bit numbers for use16 code jz $000000F2
Post 06 Feb 2010, 07:08
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 210
Location: film "CandyMan" directed through Bernard Rose
Thanks DOS386 for your suggestions.

There is already a qd version 1.01 (also universal).

Some redundant suffixes were removed.
- + numbers on some instructions mean signed byte/dword.
If you prefer constants in the C style you can run with the option "-x".
Post 07 Feb 2010, 19:45
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 210
Location: film "CandyMan" directed through Bernard Rose
New version of quick decoder for download.

_________________
smaller is better
Post 01 Nov 2015, 15:29
View user's profile Send private message Reply with quote
kalambong



Joined: 08 Nov 2008
Posts: 165

CandyMan wrote:
New version of quick decoder for download.

Thanks !
Post 03 Nov 2015, 10:46
View user's profile Send private message Reply with quote
Foxxy



Joined: 14 Jul 2014
Posts: 42
Location: Somewhere over the rainbow...
This doesn't work on Windows 10 x64, seems to be a compatibility issue with x64.
Post 07 Nov 2015, 05:28
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 210
Location: film "CandyMan" directed through Bernard Rose

Foxxy wrote:
This doesn't work on Windows 10 x64, seems to be a compatibility issue with x64.


qdw.exe is packed by UPX, you tried to unpack it and run then again?

_________________
smaller is better
Post 07 Nov 2015, 13:06
View user's profile Send private message Reply with quote
Foxxy



Joined: 14 Jul 2014
Posts: 42
Location: Somewhere over the rainbow...
It would seem that did the trick, but on a modern system I doubt anyone is strapped for space. Why is it packed? Also, very impressive build. However, on a simple program like:


Code:

format PE console 4.0
entry start

include 'win32ax.inc'

section '.data' data readable writeable

sStr db "Num: %010u | %08X",10,0
divisor dd 2
arr db 50 dup 0

section '.code' code readable executable
start:

xor ecx,ecx ;ecx = 0
mov esi,arr ;esi now points to start of array

divloop:
xor edx,edx ;edx = 0

mov eax,ecx ;eax = count

div [divisor;div/2

mov byte [esi+ecx],dl ;move lower half of edx into esi+ecx (because modulus 2, it will be 1 or 0 so we can cheat)
                      ;if you're wondering why esi+ecx, it's so we don't ahve ti inc esi every time, we just add the current count to it Smile

xor ebx,ebx ;ebx = 0
mov bl,byte [esi+ecx;save temporarily

;===Just me printing to the console, don't worry
push ecx
invoke printf,sStr,ebx,ecx ;print out result, you probably don't have to do this
add esp,12
pop ecx
;===Just me printing to the console, don't worry ^

inc ecx ;ecx+1
cmp ecx,50
jne divloop ; if ecx != 50 go to divloop

;console stuff again, not important v
invoke getchar

;=========Imports=================
section '.idata' import data readable writeable
library kernel,'KERNEL32.DLL',\
        msvcrt,'MSVCRT.DLL'
import kernel,\
       ExitProcess,'ExitProcess',\
       GetSystemTime,'GetSystemTime',\
       Sleep,'Sleep'
import msvcrt,\
       printf,'printf',\
       getchar,'getchar'





it seems to treat the div instruction (I think) as imul. Also, when I specify "fasm syntax" and there are null values (00) they are still shown as ADD EAX,AL until the last one where it is treated as db 00.
Post 10 Nov 2015, 05:49
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 210
Location: film "CandyMan" directed through Bernard Rose

Foxxy wrote:
Also, very impressive build. However, on a simple program like:
...
it seems to treat the div instruction (I think) as imul. Also, when I specify "fasm syntax" and there are null values (00) they are still shown as ADD EAX,AL until the last one where it is treated as db 00.


it isn't a decompiler but only a disassembler
"fasm syntax" means distinguishing "cs:[...]" and "[cs:...]"
last byte is db 00 because bytes are missing to the closing instruction

_________________
smaller is better
Post 10 Nov 2015, 12:59
View user's profile Send private message Reply with quote
catafest



Joined: 05 Aug 2010
Posts: 78
Can you tell me why antivirus see QDW like:
"containing the pattern of 'HEUR/APC (Cloud)' was blocked."?
In some cases antivirus programs are marking some software as false virus or malware because they are modified and not officially signed.
Can be signed to work with antivirus?
Post 14 Apr 2016, 19:50
View user's profile Send private message Yahoo Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14802
Location: Lost in translation
This problem is easily solved by deleting you AV. Why put so much trust into something that doesn't work for many real viruses and blocks many legitimate programs?
Post 15 Apr 2016, 00:44
View user's profile Send private message Visit poster's website Reply with quote
catafest



Joined: 05 Aug 2010
Posts: 78

revolution wrote:
This problem is easily solved by deleting you AV. Why put so much trust into something that doesn't work for many real viruses and blocks many legitimate programs?


The problem is that is a malware ,if is not then my concern come with this:
1. I just about assembly and antivirus working well.
I know antivirus software are sometimes too picky and will inappropriately flag some executables generated by our toolchain. Also If I make one report to antivirus so they can tune their heuristics - I don't think so will working.
Basically the owner will come with source code of maybe can fix.
2. The secondary problem come from development so I need for future to know how to avoid toolchain.
3. I don't want to enable/disable my antivirus some part of this working well.
Thank you. Regards.
Post 15 Apr 2016, 09:06
View user's profile Send private message Yahoo Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14802
Location: Lost in translation
It is the AV that is wrong. Why would one want to keep using a broken AV? We shouldn't have to keep changing our code to suit the demands of AV makers. Well, that is, unless they want to pay us to make the necessary changes.
Post 15 Apr 2016, 09:10
View user's profile Send private message Visit poster's website Reply with quote
TheRaven



Joined: 22 Apr 2008
Posts: 72
Location: U.S.A.
Don't quote me on this, but I think AV developers are whose behind the viruses --job security and all other manner of things --who needs ransom-ware, we're already hostages!

Wink

They come to kill me now...

Remember the biography about McAfee --running from someone trying to slay him, his subscribers no doubt. I don't buy into his paranoia bs. -_-

I'm done now.
Post 10 Sep 2016, 17:56
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 210
Location: film "CandyMan" directed through Bernard Rose
Today 64-bit versions with optional AT&T syntax (Dos, Windows and Linux) are added.
Post 29 Jan 2017, 17:41
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.