flat assembler
Message board for the users of flat assembler.
Index
> Projects and Ideas > Writing a disassembler? Goto page Previous 1, 2, 3 |
Author |
|
Flier-Mate 15 Jul 2023, 11:12
revolution wrote:
Glad to hear your comment. About the backup, I don't have the habit to make a backup of my software, and VS Installer perform update without doing any backup for me. (See screenshot below). However, I just found out that VS Installer has rollback feature, but it isn't useful because I couldn't rollback to the version stated by CandyMan. I think the rollback is for user who just updated to latest release. Again, from the screenshot can see, there is no rollback function offered after an update is out.
|
||||||||||
15 Jul 2023, 11:12 |
|
Flier-Mate 15 Jul 2023, 12:48
CandyMan wrote: Flier-Mate could you please recompile Capstone this time using an older compiler? Hi CandyMan, good day to you! I have good news for you, the newly compiled capstone.dll (Win32) does work with your CapstoneTest without error (please see screenshot below)! Although this new capstone.dll is still the same filesize as the old one, but when I compare the two files, there are binary differences. Hope by this will give good outcome to your project.
|
||||||||||||||||||||
15 Jul 2023, 12:48 |
|
CandyMan 15 Jul 2023, 16:32
I confirm that this version works without problems. Thank you.
_________________ smaller is better |
|||
15 Jul 2023, 16:32 |
|
Flier-Mate 15 Jul 2023, 16:50
CandyMan wrote: I confirm that this version works without problems. Thank you. |
|||
15 Jul 2023, 16:50 |
|
FlierMate7 15 Oct 2023, 15:36
For more updated version of exed and disasm, please download attachment of this post:
Bug fix: disasm - Runtime address endianness, command-line parsing for PowerShell exed - Command-line parsing for PowerShell
|
|||||||||||||||||||||
15 Oct 2023, 15:36 |
|
goren 18 Nov 2023, 02:34
Huh! I’ve considered doing this! Let’s see what’s inside MenuetOS… (that was a joke)
_________________ Rust — A language empowering everyone to build reliable and efficient software. |
|||
18 Nov 2023, 02:34 |
|
MatQuasar 10 Mar 2024, 11:32
Hi, this is the supplementary note for the PE parser (used in exed and disasm above), the diagram I drew is ugly.
This is how I parse EXE/DLL file for code section by matching the VirtualAddress with BaseOfCode. But from other disassembler source code I found, there is a more reliable way to tell which section is code section. The section flags in the Characteristics field of the section header indicate characteristics of the section: Code: IMAGE_SCN_CNT_CODE
0x00000020
The section contains executable code. ADDED on 16 Mar 2024: There is a serious bug in my disassembler, it cannot disassemble PE file with more than one executable code section.
|
||||||||||
10 Mar 2024, 11:32 |
|
CandyMan 16 Apr 2024, 17:28
Could you post the pre-compiled Win32/64 binaries as dynamic libraries of Zydis disassembler version 4.1?
_________________ smaller is better |
|||
16 Apr 2024, 17:28 |
|
MatQuasar 17 Apr 2024, 01:09
CandyMan wrote: Could you post the pre-compiled Win32/64 binaries as dynamic libraries of Zydis disassembler version 4.1? Deng,deng.... the files are ready. I compiled using "Release /MD DLL" option. Each of the Zydis.dll is bigger in size compared to previous version, but the File Properties still shows v4.0.0. The source repo is the latest at 1161th commit with latest update "Fix issue with llvm-rc when ZYDIS_BUILD_SHARED_LIB is enabled (#500)" on Apr 16, 2024.
Last edited by MatQuasar on 17 Apr 2024, 01:32; edited 1 time in total |
|||||||||||||||||||||
17 Apr 2024, 01:09 |
|
MatQuasar 17 Apr 2024, 01:27
ZydisDisasm.exe (Example program that comes with Zydis) is a dissassembler that take any file as input. It dump from the start to the end, including the file header (if any).
It is useful for COM program, e.g. ZydisDisasm -real comdemo.com But to dump PE file, a PE parser is preferred. |
|||
17 Apr 2024, 01:27 |
|
CandyMan 17 Apr 2024, 15:04
Thank you so much for help!
_________________ smaller is better |
|||
17 Apr 2024, 15:04 |
|
MatQuasar 17 Apr 2024, 15:38
CandyMan wrote: Thank you so much for help! You're most welcomed! |
|||
17 Apr 2024, 15:38 |
|
MatQuasar 24 May 2024, 07:35
This is an update to the "disasm.ASM" above, now v0.04.
I moved the uninitialized data declaration the the end of data section, so EXE size reduced from over 640KB to 3KB. It still requires Zydis.dll x86, can be downloaded also from this thread: https://board.flatassembler.net/topic.php?p=239450#239450 The disadvantages of my disasm.ASM: - No 64-bit virtual memory address even for 64-bit PE (only 32-bit Image Base and virtual address) - Cannot read more than one executable code section - May stop disassembling half way if code section mix with data bytes - Disassemble from start to end of first code section, not from entry point - No support for tiny PE
|
|||||||||||||||||||||||||||||
24 May 2024, 07:35 |
|
Goto page Previous 1, 2, 3 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.