Index
> Projects and Ideas > Writing a disassembler?Goto page Previous 1, 2, 3 Next |
| Author |
|
|
revolution 12 Mar 2023, 11:19
Addition is commutative.
Same for multiplication. Code: mov eax,[ebx*4] == mov eax,[4*ebx] Code: mov eax,[ebx] != mov [ebx],eax |
|||
12 Mar 2023, 11:19 |
|
|
FlierMate11 12 Mar 2023, 11:28
revolution wrote: Addition is commutative. Noted with thanks! 
@revolution, can you help to answer the last question on first page in this thread? Actually I posted it also just now. |
|||
|
12 Mar 2023, 11:28 |
|
|
revolution 12 Mar 2023, 12:23
FlierMate11 wrote: So when to decide 01 or 03 opcode? You can use these types of alternate encoding choices to place a signature in the binary output. Some assembler authors have deliberately used this to place watermarks into the outputs. |
|||
|
12 Mar 2023, 12:23 |
|
|
FlierMate11 12 Mar 2023, 12:35
revolution wrote:
It is nice to know this, thanks. |
|||
|
12 Mar 2023, 12:35 |
|
|
FlierMate11 12 Mar 2023, 20:48
(I typed a long text but suddenly all gone after a keypress)
Long story short, I have prepared the template for my future disassembler. This exedump will hexdump code section in PE file. Please help test. I test examples compiled by FASMW okay, but when try to read Windows Notepad.exe, my program says "Code section not found", weird. Maybe offset to section table is wrong for 64-bit PE, should have check the magic 0x20b, hmm.. Never mind, I fixed it in v0.02 new version.
|
|||||||||||
|
12 Mar 2023, 20:48 |
|
|
FlierMate2 23 Mar 2023, 19:39
.......
Last edited by FlierMate2 on 15 May 2023, 21:24; edited 1 time in total |
|||
|
23 Mar 2023, 19:39 |
|
|
FlierMate2 01 Apr 2023, 14:47
Recently not much progress in disassembler project, below is one of my study note:
Code: 0: 6a 05 push 0x5 2: 68 05 00 00 00 push 0x5 Can use long immediate value as argument for short immediate value, I think this also can be signature for assembler?
|
||||||||||
|
01 Apr 2023, 14:47 |
|
|||||||||
|
revolution 01 Apr 2023, 14:56
FlierMate2 wrote: Can use long immediate value as argument for short immediate value, I think this also can be signature for assembler? But it can also be the programmer forcing the size with an override. |
|||
|
01 Apr 2023, 14:56 |
|
|
FlierMate2 01 Apr 2023, 15:05
revolution wrote: It is usually a sign of a bad assembler not optimising things and wasting precious cache. Good info, learned valuable info from you again. |
|||
|
01 Apr 2023, 15:05 |
|
|
FlierMate2 01 May 2023, 08:08
I give up studying decoding of CPU opcode, instead, I rely on Zydis engine (x86 Zydis.dll) to do simple disassembly.
The EXE parser is based on my exedump.asm. No surprise here. No code flow analysis, anything in code section will be disassembled regardless of data or code. 
|
|||||||||||
|
01 May 2023, 08:08 |
|
|
FlierMate2 23 May 2023, 17:06
For anyone who has downloaded my disasm.asm above, there is a bug in runtime address for jump instruction, where the endianness is wrong.
Actually the runtime address is QWORD, but my disasm.asm only read DWORD image base in 64-bit PE. Thank you for helping to fix it yourself.
|
||||||||||
|
23 May 2023, 17:06 |
|
|||||||||
|
Flier-Mate 23 Jun 2023, 19:06
FlierMate2 wrote: I give up studying decoding of CPU opcode, instead, I rely on Zydis engine (x86 Zydis.dll) to do simple disassembly. I am posting the updated Zydis.dll (x86 and x64) for anyone who is interested, especially for CandyMan. 
|
|||||||||||
|
23 Jun 2023, 19:06 |
|
|
CandyMan 10 Jul 2023, 16:05
Could you post the pre-compiled Win32/64 binaries as dynamic libraries of Capstone disassembler version 5.0?
_________________ smaller is better |
|||
|
10 Jul 2023, 16:05 |
|
|
Flier-Mate 10 Jul 2023, 18:52
CandyMan wrote: Could you post the pre-compiled Win32/64 binaries as dynamic libraries of Capstone disassembler version 5.0? It is my pleasure to compile it. The capstone msvc project file is dated back to VS 2010, but it is been upgraded to VS 2022. I attach them separately because single file would be too large to upload here. I check the function names, is it correct? Unlike Zydis, capstone functions are so simple. (The export.cmd is macomics's https://board.flatassembler.net/topic.php?t=21964 ) Code: ; fasm1 autogenerated include ; builder script: "export.cmd" ; library capstone.dll, "C:\FASMW\capstone.dll" import capstone.dll,\ cs_close, "cs_close",\ cs_disasm, "cs_disasm",\ cs_disasm_iter, "cs_disasm_iter",\ cs_errno, "cs_errno",\ cs_free, "cs_free",\ cs_group_name, "cs_group_name",\ cs_insn_group, "cs_insn_group",\ cs_insn_name, "cs_insn_name",\ cs_malloc, "cs_malloc",\ cs_op_count, "cs_op_count",\ cs_op_index, "cs_op_index",\ cs_open, "cs_open",\ cs_option, "cs_option",\ cs_reg_name, "cs_reg_name",\ cs_reg_read, "cs_reg_read",\ cs_reg_write, "cs_reg_write",\ cs_regs_access, "cs_regs_access",\ cs_strerror, "cs_strerror",\ cs_support, "cs_support",\ cs_version, "cs_version" Please let me know if you need further help. ---- Thank you FASM message board for making it possible to host these files, zydis.dll and capstone.dll.
|
|||||||||||||||||||||
|
10 Jul 2023, 18:52 |
|
|
CandyMan 11 Jul 2023, 22:04
Thanks.
_________________ smaller is better |
|||
|
11 Jul 2023, 22:04 |
|
|
Flier-Mate 12 Jul 2023, 10:05
CandyMan wrote: Thanks. Don't mention it. |
|||
|
12 Jul 2023, 10:05 |
|
|
CandyMan 12 Jul 2023, 17:26
Has anyone used the 32 bit version 5.0 of Capstone disassembler? My program crashes on the second call to cs_disasm_iter() for the x86_64 architecture. Version 5.0 64-bit as well as the previous version 4.0.2 32-bit works fine.
_________________ smaller is better |
|||
|
12 Jul 2023, 17:26 |
|
|
CandyMan 15 Jul 2023, 07:56
Flier-Mate could you please recompile Capstone this time using an older compiler?
The 32-bit version does not work due to a bug in the new MSVC (see: https://github.com/capstone-engine/capstone/issues/2064). Thank you in advance. _________________ smaller is better |
|||
|
15 Jul 2023, 07:56 |
|
|
Flier-Mate 15 Jul 2023, 09:06
CandyMan wrote: Flier-Mate could you please recompile Capstone this time using an older compiler? I will compile using a newer version of Visual Studio, and see if it fixes the bug, since only Professional or Enterprise customer can go back to previous release. (I am using Community edition of VS 2022) |
|||
|
15 Jul 2023, 09:06 |
|
| Goto page Previous 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|