flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > [IDEA] fdasm - FASM decompiler

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
zhak



Joined: 12 Apr 2005
Posts: 501
Location: Belarus
zhak 10 May 2006, 06:28
I've been thinking of creating a decompiler for a long time already. Finally the idea is somehow formulated in my head. But it's a kinda hard task, you know...
The main idea of the tool is that you give it any executable/object file and it generates its complete source code and writes it to files. Then generated source can be compiled again with fasm. Or the source can be modified first and then compiled. Now it just restores pe/mz headers... and I'm thinking about how to create the disassembler core that would be small and quick...
Post 10 May 2006, 06:28
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 10 May 2006, 11:04
zhak: it's never 100% possible to retain original "modifiability", for example in code like "mov eax, label2 - label1", you see "mov eax, 123", but if you insert something between label2 and label1, then their distance will grow, but you will still have "mov eax,123".

Best solution i know about is IDA's - it combines automatical dissassembly with human logic.
Post 10 May 2006, 11:04
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Crukko



Joined: 26 Nov 2005
Posts: 118
Crukko 03 Jun 2006, 08:21
Hi zhak!
I did it.....i wrote the code to disasm and then you can use the source in fasm to obtain .exe.....
It's only at the begin, and I found a workaround on what 'vid' wrote....
i'm still on FasmNG...only if I finish work on this I'll put this feature in the editor....
bye...
Post 03 Jun 2006, 08:21
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 03 Jun 2006, 21:50
what workaround?
using source to obtain .exe is compiling, not decompiling
Post 03 Jun 2006, 21:50
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Crukko



Joined: 26 Nov 2005
Posts: 118
Crukko 04 Jun 2006, 14:08
if you decompile and obtain
'mov eax, 123'
and '123' is label2-label1? how do you do?
If the decompiler right recognize the label, then you can put whatever you whant between label 1 and 2....
that's all
Post 04 Jun 2006, 14:08
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 04 Jun 2006, 14:37
If the executable has no debug info, how can the decompiler know that 123 is the difference between two labels?
Post 04 Jun 2006, 14:37
View user's profile Send private message Reply with quote
Crukko



Joined: 26 Nov 2005
Posts: 118
Crukko 14 Jul 2006, 10:09
loco: sometimes is possible....sometimes no Wink
Post 14 Jul 2006, 10:09
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 14 Jul 2006, 13:03
Quote:
Then generated source can be compiled again with fasm. Or the source can be modified first and then compiled.

Quote:
sometimes is possible....sometimes no

when no, then first one cannot be satisfied... that's what we wanted to say
Post 14 Jul 2006, 13:03
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 10 Oct 2006, 10:34
i want to code a decompiler too but if you make this, you must make a decompilation who can be compiled by fasm without modification

i your program don't make this, it's unuseable

good luck
Post 10 Oct 2006, 10:34
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 10 Oct 2006, 10:39
edfed wrote:
i want to code a decompiler too but if you make this, you must make a decompilation who can be compiled by fasm without modification

i your program don't make this, it's unuseable

good luck


It's impossible, with mathematical proof, to write something that works 100% all the time... hence why top-grade disassemblers are interactive.

_________________
Image - carpe noctem
Post 10 Oct 2006, 10:39
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 10 Oct 2006, 11:47
f0dder: hehe, i can make proof that it is possible to work 100% times Razz

and there goes the math...
Post 10 Oct 2006, 11:47
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 10 Oct 2006, 12:47
vid wrote:
f0dder: hehe, i can make proof that it is possible to work 100% times Razz

and there goes the math...


I'd love to see you disprove the halting problem Smile

_________________
Image - carpe noctem
Post 10 Oct 2006, 12:47
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 10 Oct 2006, 13:37
solution is based on defintion of problem given
Quote:
you must make a decompilation, which can be compiled by fasm without modification

so you just decompile to flat binary containing just "db"s Razz Razz Razz

you was answering to something else than question was

Wink
Post 10 Oct 2006, 13:37
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 10 Oct 2006, 14:45
vid wrote:
solution is based on defintion of problem given
Quote:
you must make a decompilation, which can be compiled by fasm without modification

so you just decompile to flat binary containing just "db"s Razz Razz Razz

you was answering to something else than question was

Wink


I was answering based on what the poster likely meant... and you know that Wink

_________________
Image - carpe noctem
Post 10 Oct 2006, 14:45
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 23 Oct 2006, 10:51
f0dder wrote:
vid wrote:
solution is based on defintion of problem given
Quote:
you must make a decompilation, which can be compiled by fasm without modification

so you just decompile to flat binary containing just "db"s Razz Razz Razz

you was answering to something else than question was

Wink


I was answering based on what the poster likely meant... and you know that Wink



nothing is impossible with informatics

decompile in 'db' is a shit idea
how can you make the difference beetwen a text and a quote?
how do you analyse a code?
the program must analyse the flat binary file by comparing the current byte,word,dword or else with a table

the current byte is an index and it's like a command interpret who can say if it's coherent or not

if the current byte corespond with a valid opcode, then it's probably an instruction but if the following byte don't give a valid result then the current byte is a 'db'

but it's probably more complex

i want a decompiler fully compatible with fasm

labels are names like 'a111:','a112:' etc

the function search in fasm is good for this
Post 23 Oct 2006, 10:51
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 24 Oct 2006, 10:42
forget the idea of small and quick
because it's a translator near to IA that you must code
Post 24 Oct 2006, 10:42
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 07 Nov 2006, 11:49
you should download 'BXD2.com'
you'll see that it's possible
Post 07 Nov 2006, 11:49
View user's profile Send private message Visit poster's website Reply with quote
ATV



Joined: 31 Aug 2004
Posts: 109
Location: Finland
ATV 10 Nov 2006, 08:16
I have been throwing coin should I post this Turbo Pascal source of my disassembler.
Last year I was trying to add fasm syntax, but its not good. It's designed for DOS com files.
At least it shows how not to do it.


Description: DASM v1.02 Dissassembler to produce MASM/NASM/FASM source
Download
Filename: Dasm102.zip
Filesize: 70.67 KB
Downloaded: 1952 Time(s)

Post 10 Nov 2006, 08:16
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4353
Location: Now
edfed 30 Nov 2006, 12:02
it's a good begin
now the decompiler must execute the program in emulation mode and find the data and code areas
the principle should be simple
make a copy of the source and use this as flags
i explain:
if the current data is an instruction executed, the flag should be set as 'c'
if the current instruction is a j** then you should test the two ways and if the instruction is a call [ptr] or call reg you should find the totality of possible ways
after this, the entire copy of the code will be set with valid flags
if the flag is not set, it is a data area so you will put some db,dw,dd... before the data in hexadecimal
the manner to determine the data format is simple, if a load or store is done with some register or immediate value, you can say it's a byte, a word, a string...
see you in ten years
Post 30 Nov 2006, 12:02
View user's profile Send private message Visit poster's website Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 01 Dec 2006, 10:31
I have to agree with vid and f0dder, I do a lot of RCE. Without guesses/prediction knowing whats what with labels and procedures (not including, import/exports and functions that have been referenced with calls) is not an easy task, especially not without debugging symbols. If you want to recreate IDA/OllyDbg go ahead but it won't be an easy task.

But if you are going to, please make it faster than IDA is currently Razz

_________________
redghost.ca
Post 01 Dec 2006, 10:31
View user's profile Send private message AIM Address MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.