flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > Writing a disassembler?

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 15 Jul 2023, 10:17
Flier-Mate wrote:
... only Professional or Enterprise customer can go back to previous release.
This sort of behaviour and control by external companies should be banned IMO. Sad

But even without MS allowing you to do what you want, don't you have any backups from before you "upgraded" to the broken version? Just restore and enjoy the working copy.
Post 15 Jul 2023, 10:17
View user's profile Send private message Visit poster's website Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 15 Jul 2023, 11:12
revolution wrote:
Flier-Mate wrote:
... only Professional or Enterprise customer can go back to previous release.
This sort of behaviour and control by external companies should be banned IMO. Sad

But even without MS allowing you to do what you want, don't you have any backups from before you "upgraded" to the broken version? Just restore and enjoy the working copy.


Glad to hear your comment.
About the backup, I don't have the habit to make a backup of my software, and VS Installer perform update without doing any backup for me. (See screenshot below).
However, I just found out that VS Installer has rollback feature, but it isn't useful because I couldn't rollback to the version stated by CandyMan. I think the rollback is for user who just updated to latest release.
Again, from the screenshot can see, there is no rollback function offered after an update is out.


Description: VS Installer
Filesize: 33.93 KB
Viewed: 3627 Time(s)

Screenshot 2023-07-15 190635.png


Post 15 Jul 2023, 11:12
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 15 Jul 2023, 12:48
CandyMan wrote:
Flier-Mate could you please recompile Capstone this time using an older compiler?

The 32-bit version does not work due to a bug in the new MSVC (see: https://github.com/capstone-engine/capstone/issues/2064).

Thank you in advance.


Hi CandyMan, good day to you! I have good news for you, the newly compiled capstone.dll (Win32) does work with your CapstoneTest without error (please see screenshot below)!

Although this new capstone.dll is still the same filesize as the old one, but when I compare the two files, there are binary differences.

Hope by this will give good outcome to your project.


Description: Example output
Filesize: 46.09 KB
Viewed: 3619 Time(s)

Screenshot 2023-07-15 204430.png


Description: Updated version compiled with even newer VS 2022
Download
Filename: capstone_Win32_new.zip
Filesize: 1015.21 KB
Downloaded: 200 Time(s)

Post 15 Jul 2023, 12:48
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 15 Jul 2023, 16:32
I confirm that this version works without problems. Thank you.

_________________
smaller is better
Post 15 Jul 2023, 16:32
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 15 Jul 2023, 16:50
CandyMan wrote:
I confirm that this version works without problems. Thank you.


Smile
Post 15 Jul 2023, 16:50
View user's profile Send private message Reply with quote
FlierMate7



Joined: 06 Sep 2023
Posts: 12
FlierMate7 15 Oct 2023, 15:36
For more updated version of exed and disasm, please download attachment of this post:

Bug fix: disasm - Runtime address endianness, command-line parsing for PowerShell
exed - Command-line parsing for PowerShell


Description: v0.04
Download
Filename: exed.ASM
Filesize: 11.32 KB
Downloaded: 1482 Time(s)

Description: v0.03, requires Zydis.dll
Download
Filename: disasm.ASM
Filesize: 12.78 KB
Downloaded: 1461 Time(s)

Post 15 Oct 2023, 15:36
View user's profile Send private message Reply with quote
goren



Joined: 17 Nov 2023
Posts: 7
goren 18 Nov 2023, 02:34
Huh! I’ve considered doing this! Let’s see what’s inside MenuetOS… (that was a joke)

_________________
Rust — A language empowering everyone to build reliable and efficient software.
Post 18 Nov 2023, 02:34
View user's profile Send private message Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 10 Mar 2024, 11:32
Hi, this is the supplementary note for the PE parser (used in exed and disasm above), the diagram I drew is ugly.

This is how I parse EXE/DLL file for code section by matching the VirtualAddress with BaseOfCode.

But from other disassembler source code I found, there is a more reliable way to tell which section is code section.

The section flags in the Characteristics field of the section header indicate characteristics of the section:

Code:
IMAGE_SCN_CNT_CODE
0x00000020
The section contains executable code.    


ADDED on 16 Mar 2024: There is a serious bug in my disassembler, it cannot disassemble PE file with more than one executable code section. Embarassed


Description: Parsing a PE file
Filesize: 43.56 KB
Viewed: 2487 Time(s)

pe_parser.png


Post 10 Mar 2024, 11:32
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 16 Apr 2024, 17:28
Could you post the pre-compiled Win32/64 binaries as dynamic libraries of Zydis disassembler version 4.1?

_________________
smaller is better
Post 16 Apr 2024, 17:28
View user's profile Send private message Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 17 Apr 2024, 01:09
CandyMan wrote:
Could you post the pre-compiled Win32/64 binaries as dynamic libraries of Zydis disassembler version 4.1?


Deng,deng.... the files are ready.

I compiled using "Release /MD DLL" option. Each of the Zydis.dll is bigger in size compared to previous version, but the File Properties still shows v4.0.0.

The source repo is the latest at 1161th commit with latest update "Fix issue with llvm-rc when ZYDIS_BUILD_SHARED_LIB is enabled (#500)" on Apr 16, 2024.


Description: x64 Zydis.dll 4.1
Download
Filename: Zydis41_x64.zip
Filesize: 186.8 KB
Downloaded: 98 Time(s)

Description: x86 Zydis.dll 4.1
Download
Filename: Zydis41_x86.zip
Filesize: 183.38 KB
Downloaded: 94 Time(s)



Last edited by MatQuasar on 17 Apr 2024, 01:32; edited 1 time in total
Post 17 Apr 2024, 01:09
View user's profile Send private message Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 17 Apr 2024, 01:27
ZydisDisasm.exe (Example program that comes with Zydis) is a dissassembler that take any file as input. It dump from the start to the end, including the file header (if any).
It is useful for COM program, e.g. ZydisDisasm -real comdemo.com
But to dump PE file, a PE parser is preferred.
Post 17 Apr 2024, 01:27
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 413
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 17 Apr 2024, 15:04
Thank you so much for help!

_________________
smaller is better
Post 17 Apr 2024, 15:04
View user's profile Send private message Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 17 Apr 2024, 15:38
CandyMan wrote:
Thank you so much for help!


You're most welcomed!
Post 17 Apr 2024, 15:38
View user's profile Send private message Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 105
MatQuasar 24 May 2024, 07:35
This is an update to the "disasm.ASM" above, now v0.04.

I moved the uninitialized data declaration the the end of data section, so EXE size reduced from over 640KB to 3KB.

It still requires Zydis.dll x86, can be downloaded also from this thread:
https://board.flatassembler.net/topic.php?p=239450#239450

The disadvantages of my disasm.ASM:
- No 64-bit virtual memory address even for 64-bit PE (only 32-bit Image Base and virtual address)
- Cannot read more than one executable code section
- May stop disassembling half way if code section mix with data bytes
- Disassemble from start to end of first code section, not from entry point
- No support for tiny PE


Description: Screenshot in PS
Filesize: 35.25 KB
Viewed: 1496 Time(s)

Capture.PNG


Description: Screenshot in CMD
Filesize: 33.95 KB
Viewed: 1497 Time(s)

Capture.PNG


Description: v0.04 - Shrunk EXE size from 640KB++ to 3KB.
Download
Filename: disasm.ASM
Filesize: 12.84 KB
Downloaded: 1303 Time(s)

Post 24 May 2024, 07:35
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.