Index
> Projects and Ideas > Writing a disassembler?Goto page Previous 1, 2 |
| Author |
|
|
revolution 12 Mar 2023, 11:19
Addition is commutative.
Same for multiplication. Code: mov eax,[ebx*4] == mov eax,[4*ebx] Code: mov eax,[ebx] != mov [ebx],eax |
|||
12 Mar 2023, 11:19 |
|
|
FlierMate11 12 Mar 2023, 11:28
revolution wrote: Addition is commutative. Noted with thanks! 
@revolution, can you help to answer the last question on first page in this thread? Actually I posted it also just now. |
|||
|
12 Mar 2023, 11:28 |
|
|
revolution 12 Mar 2023, 12:23
FlierMate11 wrote: So when to decide 01 or 03 opcode? You can use these types of alternate encoding choices to place a signature in the binary output. Some assembler authors have deliberately used this to place watermarks into the outputs. |
|||
|
12 Mar 2023, 12:23 |
|
|
FlierMate11 12 Mar 2023, 12:35
revolution wrote:
It is nice to know this, thanks. |
|||
|
12 Mar 2023, 12:35 |
|
|
FlierMate11 12 Mar 2023, 20:48
(I typed a long text but suddenly all gone after a keypress)
Long story short, I have prepared the template for my future disassembler. This exedump will hexdump code section in PE file. Please help test. I test examples compiled by FASMW okay, but when try to read Windows Notepad.exe, my program says "Code section not found", weird. Maybe offset to section table is wrong for 64-bit PE, should have check the magic 0x20b, hmm.. Never mind, I fixed it in v0.02 new version.
|
|||||||||||
|
12 Mar 2023, 20:48 |
|
|
FlierMate2 23 Mar 2023, 19:39
.......
Last edited by FlierMate2 on 15 May 2023, 21:24; edited 1 time in total |
|||
|
23 Mar 2023, 19:39 |
|
|
FlierMate2 01 Apr 2023, 14:47
Recently not much progress in disassembler project, below is one of my study note:
Code: 0: 6a 05 push 0x5 2: 68 05 00 00 00 push 0x5 Can use long immediate value as argument for short immediate value, I think this also can be signature for assembler?
|
||||||||||
|
01 Apr 2023, 14:47 |
|
|||||||||
|
revolution 01 Apr 2023, 14:56
FlierMate2 wrote: Can use long immediate value as argument for short immediate value, I think this also can be signature for assembler? But it can also be the programmer forcing the size with an override. |
|||
|
01 Apr 2023, 14:56 |
|
|
FlierMate2 01 Apr 2023, 15:05
revolution wrote: It is usually a sign of a bad assembler not optimising things and wasting precious cache. Good info, learned valuable info from you again. |
|||
|
01 Apr 2023, 15:05 |
|
|
FlierMate2 01 May 2023, 08:08
I give up studying decoding of CPU opcode, instead, I rely on Zydis engine (x86 Zydis.dll) to do simple disassembly.
The EXE parser is based on my exedump.asm. No surprise here. No code flow analysis, anything in code section will be disassembled regardless of data or code. 
|
|||||||||||
|
01 May 2023, 08:08 |
|
|
FlierMate2 23 May 2023, 17:06
For anyone who has downloaded my disasm.asm above, there is a bug in runtime address for jump instruction, where the endianness is wrong.
Actually the runtime address is QWORD, but my disasm.asm only read DWORD image base in 64-bit PE. Thank you for helping to fix it yourself.
|
||||||||||
|
23 May 2023, 17:06 |
|
|||||||||
| Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|