flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > Writing a disassembler?

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20062
Location: In your JS exploiting you and your system
revolution 15 Jul 2023, 10:17
Flier-Mate wrote:
... only Professional or Enterprise customer can go back to previous release.
This sort of behaviour and control by external companies should be banned IMO. Sad

But even without MS allowing you to do what you want, don't you have any backups from before you "upgraded" to the broken version? Just restore and enjoy the working copy.
Post 15 Jul 2023, 10:17
View user's profile Send private message Visit poster's website Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 15 Jul 2023, 11:12
revolution wrote:
Flier-Mate wrote:
... only Professional or Enterprise customer can go back to previous release.
This sort of behaviour and control by external companies should be banned IMO. Sad

But even without MS allowing you to do what you want, don't you have any backups from before you "upgraded" to the broken version? Just restore and enjoy the working copy.


Glad to hear your comment.
About the backup, I don't have the habit to make a backup of my software, and VS Installer perform update without doing any backup for me. (See screenshot below).
However, I just found out that VS Installer has rollback feature, but it isn't useful because I couldn't rollback to the version stated by CandyMan. I think the rollback is for user who just updated to latest release.
Again, from the screenshot can see, there is no rollback function offered after an update is out.


Description: VS Installer
Filesize: 33.93 KB
Viewed: 1467 Time(s)

Screenshot 2023-07-15 190635.png


Post 15 Jul 2023, 11:12
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 15 Jul 2023, 12:48
CandyMan wrote:
Flier-Mate could you please recompile Capstone this time using an older compiler?

The 32-bit version does not work due to a bug in the new MSVC (see: https://github.com/capstone-engine/capstone/issues/2064).

Thank you in advance.


Hi CandyMan, good day to you! I have good news for you, the newly compiled capstone.dll (Win32) does work with your CapstoneTest without error (please see screenshot below)!

Although this new capstone.dll is still the same filesize as the old one, but when I compare the two files, there are binary differences.

Hope by this will give good outcome to your project.


Description: Example output
Filesize: 46.09 KB
Viewed: 1459 Time(s)

Screenshot 2023-07-15 204430.png


Description: Updated version compiled with even newer VS 2022
Download
Filename: capstone_Win32_new.zip
Filesize: 1015.21 KB
Downloaded: 115 Time(s)

Post 15 Jul 2023, 12:48
View user's profile Send private message Reply with quote
CandyMan



Joined: 04 Sep 2009
Posts: 408
Location: film "CandyMan" directed through Bernard Rose OR Candy Shop
CandyMan 15 Jul 2023, 16:32
I confirm that this version works without problems. Thank you.

_________________
smaller is better
Post 15 Jul 2023, 16:32
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 15 Jul 2023, 16:50
CandyMan wrote:
I confirm that this version works without problems. Thank you.


Smile
Post 15 Jul 2023, 16:50
View user's profile Send private message Reply with quote
FlierMate7



Joined: 06 Sep 2023
Posts: 12
FlierMate7 15 Oct 2023, 15:36
For more updated version of exed and disasm, please download attachment of this post:

Bug fix: disasm - Runtime address endianness, command-line parsing for PowerShell
exed - Command-line parsing for PowerShell


Description: v0.04
Download
Filename: exed.ASM
Filesize: 11.32 KB
Downloaded: 86 Time(s)

Description: v0.03, requires Zydis.dll
Download
Filename: disasm.ASM
Filesize: 12.78 KB
Downloaded: 83 Time(s)

Post 15 Oct 2023, 15:36
View user's profile Send private message Reply with quote
goren



Joined: 17 Nov 2023
Posts: 7
goren 18 Nov 2023, 02:34
Huh! I’ve considered doing this! Let’s see what’s inside MenuetOS… (that was a joke)

_________________
Rust — A language empowering everyone to build reliable and efficient software.
Post 18 Nov 2023, 02:34
View user's profile Send private message Reply with quote
MatQuasar



Joined: 25 Oct 2023
Posts: 68
MatQuasar 10 Mar 2024, 11:32
Hi, this is the supplementary note for the PE parser (used in exed and disasm above), the diagram I drew is ugly.

This is how I parse EXE/DLL file for code section by matching the VirtualAddress with BaseOfCode.

But from other disassembler source code I found, there is a more reliable way to tell which section is code section.

The section flags in the Characteristics field of the section header indicate characteristics of the section:

Code:
IMAGE_SCN_CNT_CODE
0x00000020
The section contains executable code.    


ADDED on 16 Mar 2024: There is a serious bug in my disassembler, it cannot disassemble PE file with more than one executable code section. Embarassed


Description: Parsing a PE file
Filesize: 43.56 KB
Viewed: 327 Time(s)

pe_parser.png


Post 10 Mar 2024, 11:32
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.