flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Projects and Ideas > [IDEA] fdasm - FASM decompiler

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
zhak



Joined: 12 Apr 2005
Posts: 489
Location: Belarus

[IDEA] fdasm - FASM decompiler

I've been thinking of creating a decompiler for a long time already. Finally the idea is somehow formulated in my head. But it's a kinda hard task, you know...
The main idea of the tool is that you give it any executable/object file and it generates its complete source code and writes it to files. Then generated source can be compiled again with fasm. Or the source can be modified first and then compiled. Now it just restores pe/mz headers... and I'm thinking about how to create the disassembler core that would be small and quick...
Post 10 May 2006, 06:28
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia

zhak: it's never 100% possible to retain original "modifiability", for example in code like "mov eax, label2 - label1", you see "mov eax, 123", but if you insert something between label2 and label1, then their distance will grow, but you will still have "mov eax,123".

Best solution i know about is IDA's - it combines automatical dissassembly with human logic.
Post 10 May 2006, 11:04
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Crukko



Joined: 26 Nov 2005
Posts: 118

Hi zhak!
I did it.....i wrote the code to disasm and then you can use the source in fasm to obtain .exe.....
It's only at the begin, and I found a workaround on what 'vid' wrote....
i'm still on FasmNG...only if I finish work on this I'll put this feature in the editor....
bye...
Post 03 Jun 2006, 08:21
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia

what workaround?
using source to obtain .exe is compiling, not decompiling
Post 03 Jun 2006, 21:50
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Crukko



Joined: 26 Nov 2005
Posts: 118

if you decompile and obtain
'mov eax, 123'
and '123' is label2-label1? how do you do?
If the decompiler right recognize the label, then you can put whatever you whant between label 1 and 2....
that's all
Post 04 Jun 2006, 14:08
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4634
Location: Argentina

If the executable has no debug info, how can the decompiler know that 123 is the difference between two labels?
Post 04 Jun 2006, 14:37
View user's profile Send private message Reply with quote
Crukko



Joined: 26 Nov 2005
Posts: 118

loco: sometimes is possible....sometimes no Wink
Post 14 Jul 2006, 10:09
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia


Quote:
Then generated source can be compiled again with fasm. Or the source can be modified first and then compiled.



Quote:
sometimes is possible....sometimes no


when no, then first one cannot be satisfied... that's what we wanted to say
Post 14 Jul 2006, 13:03
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4160
Location: 2018

fdasm is a good idea

i want to code a decompiler too but if you make this, you must make a decompilation who can be compiled by fasm without modification

i your program don't make this, it's unuseable

good luck
Post 10 Oct 2006, 10:34
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3172
Location: Denmark

Re: fdasm is a good idea


edfed wrote:
i want to code a decompiler too but if you make this, you must make a decompilation who can be compiled by fasm without modification

i your program don't make this, it's unuseable

good luck



It's impossible, with mathematical proof, to write something that works 100% all the time... hence why top-grade disassemblers are interactive.

_________________
Image - carpe noctem
Post 10 Oct 2006, 10:39
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia

f0dder: hehe, i can make proof that it is possible to work 100% times Razz

and there goes the math...
Post 10 Oct 2006, 11:47
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3172
Location: Denmark


vid wrote:
f0dder: hehe, i can make proof that it is possible to work 100% times Razz

and there goes the math...



I'd love to see you disprove the halting problem Smile

_________________
Image - carpe noctem
Post 10 Oct 2006, 12:47
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia

solution is based on defintion of problem given

Quote:
you must make a decompilation, which can be compiled by fasm without modification


so you just decompile to flat binary containing just "db"s Razz Razz Razz

you was answering to something else than question was

Wink
Post 10 Oct 2006, 13:37
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3172
Location: Denmark


vid wrote:
solution is based on defintion of problem given

Quote:
you must make a decompilation, which can be compiled by fasm without modification


so you just decompile to flat binary containing just "db"s Razz Razz Razz

you was answering to something else than question was

Wink



I was answering based on what the poster likely meant... and you know that Wink

_________________
Image - carpe noctem
Post 10 Oct 2006, 14:45
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4160
Location: 2018


f0dder wrote:

vid wrote:
solution is based on defintion of problem given

Quote:
you must make a decompilation, which can be compiled by fasm without modification


so you just decompile to flat binary containing just "db"s Razz Razz Razz

you was answering to something else than question was

Wink



I was answering based on what the poster likely meant... and you know that Wink




nothing is impossible with informatics

decompile in 'db' is a shit idea
how can you make the difference beetwen a text and a quote?
how do you analyse a code?
the program must analyse the flat binary file by comparing the current byte,word,dword or else with a table

the current byte is an index and it's like a command interpret who can say if it's coherent or not

if the current byte corespond with a valid opcode, then it's probably an instruction but if the following byte don't give a valid result then the current byte is a 'db'

but it's probably more complex

i want a decompiler fully compatible with fasm

labels are names like 'a111:','a112:' etc

the function search in fasm is good for this
Post 23 Oct 2006, 10:51
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4160
Location: 2018

forget the idea of small and quick
because it's a translator near to IA that you must code
Post 24 Oct 2006, 10:42
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4160
Location: 2018

you should download 'BXD2.com'
you'll see that it's possible
Post 07 Nov 2006, 11:49
View user's profile Send private message Visit poster's website Reply with quote
ATV



Joined: 31 Aug 2004
Posts: 109
Location: Finland

I have been throwing coin should I post this Turbo Pascal source of my disassembler.
Last year I was trying to add fasm syntax, but its not good. It's designed for DOS com files.
At least it shows how not to do it.


Description: DASM v1.02 Dissassembler to produce MASM/NASM/FASM source
Download
Filename: Dasm102.zip
Filesize: 70.67 KB
Downloaded: 1114 Time(s)

Post 10 Nov 2006, 08:16
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4160
Location: 2018

it's a good begin
now the decompiler must execute the program in emulation mode and find the data and code areas
the principle should be simple
make a copy of the source and use this as flags
i explain:
if the current data is an instruction executed, the flag should be set as 'c'
if the current instruction is a j** then you should test the two ways and if the instruction is a call [ptr] or call reg you should find the totality of possible ways
after this, the entire copy of the code will be set with valid flags
if the flag is not set, it is a data area so you will put some db,dw,dd... before the data in hexadecimal
the manner to determine the data format is simple, if a load or store is done with some register or immediate value, you can say it's a byte, a word, a string...
see you in ten years
Post 30 Nov 2006, 12:02
View user's profile Send private message Visit poster's website Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 444
Location: BC, Canada

I have to agree with vid and f0dder, I do a lot of RCE. Without guesses/prediction knowing whats what with labels and procedures (not including, import/exports and functions that have been referenced with calls) is not an easy task, especially not without debugging symbols. If you want to recreate IDA/OllyDbg go ahead but it won't be an easy task.

But if you are going to, please make it faster than IDA is currently Razz

_________________
redghost.ca
Post 01 Dec 2006, 10:31
View user's profile Send private message AIM Address MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2018, Tomasz Grysztar.
Powered by rwasa.