flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
CandyMan
Hello all.
16/32/64 bit mode disassembler with several options (for Dos,Windows and Linux). Also 64-bit version exists (rewrited). It supports all 8086-80486/Pentium instructions with FPU, MMX, 3DNow!, SSE, SSE2, SSE3, SSE4, AVX, FMA, XOP, BMI, TBM, HLE, RTM, AVX2, AVX-512, MPX and others.
_________________ smaller is better Last edited by CandyMan on 18 Jun 2018, 15:48; edited 20 times in total |
|||||||||||
![]() |
|
Madis731
nice and clean - simply works. Thanks!
|
|||
![]() |
|
f0dder
EXE-compressed and no source included - eww.
|
|||
![]() |
|
CandyMan
Thanks DOS386 for your suggestions.
There is already a qd version 1.01 (also universal). Some redundant suffixes were removed. - + numbers on some instructions mean signed byte/dword. If you prefer constants in the C style you can run with the option "-x". |
|||
![]() |
|
CandyMan
New version of quick decoder for download.
_________________ smaller is better |
|||
![]() |
|
kalambong
CandyMan wrote: New version of quick decoder for download. |
|||
![]() |
|
Foxxy
This doesn't work on Windows 10 x64, seems to be a compatibility issue with x64.
|
|||
![]() |
|
CandyMan
Foxxy wrote: This doesn't work on Windows 10 x64, seems to be a compatibility issue with x64. qdw.exe is packed by UPX, you tried to unpack it and run then again? _________________ smaller is better |
|||
![]() |
|
Foxxy
It would seem that did the trick, but on a modern system I doubt anyone is strapped for space. Why is it packed? Also, very impressive build. However, on a simple program like:
Code: format PE console 4.0 entry start include 'win32ax.inc' section '.data' data readable writeable sStr db "Num: %010u | %08X",10,0 divisor dd 2 arr db 50 dup 0 section '.code' code readable executable start: xor ecx,ecx ;ecx = 0 mov esi,arr ;esi now points to start of array divloop: xor edx,edx ;edx = 0 mov eax,ecx ;eax = count div [divisor] ;div/2 mov byte [esi+ecx],dl ;move lower half of edx into esi+ecx (because modulus 2, it will be 1 or 0 so we can cheat) ;if you're wondering why esi+ecx, it's so we don't ahve ti inc esi every time, we just add the current count to it it seems to treat the div instruction (I think) as imul. Also, when I specify "fasm syntax" and there are null values (00) they are still shown as ADD EAX,AL until the last one where it is treated as db 00. |
|||
![]() |
|
CandyMan
Foxxy wrote: Also, very impressive build. However, on a simple program like: it isn't a decompiler but only a disassembler "fasm syntax" means distinguishing "cs:[...]" and "[cs:...]" last byte is db 00 because bytes are missing to the closing instruction _________________ smaller is better |
|||
![]() |
|
catafest
Can you tell me why antivirus see QDW like:
"containing the pattern of 'HEUR/APC (Cloud)' was blocked."? In some cases antivirus programs are marking some software as false virus or malware because they are modified and not officially signed. Can be signed to work with antivirus? |
|||
![]() |
|
revolution
This problem is easily solved by deleting you AV. Why put so much trust into something that doesn't work for many real viruses and blocks many legitimate programs?
|
|||
![]() |
|
catafest
revolution wrote: This problem is easily solved by deleting you AV. Why put so much trust into something that doesn't work for many real viruses and blocks many legitimate programs? The problem is that is a malware ,if is not then my concern come with this: 1. I just about assembly and antivirus working well. I know antivirus software are sometimes too picky and will inappropriately flag some executables generated by our toolchain. Also If I make one report to antivirus so they can tune their heuristics - I don't think so will working. Basically the owner will come with source code of maybe can fix. 2. The secondary problem come from development so I need for future to know how to avoid toolchain. 3. I don't want to enable/disable my antivirus some part of this working well. Thank you. Regards. |
|||
![]() |
|
revolution
It is the AV that is wrong. Why would one want to keep using a broken AV? We shouldn't have to keep changing our code to suit the demands of AV makers. Well, that is, unless they want to pay us to make the necessary changes.
|
|||
![]() |
|
TheRaven
Don't quote me on this, but I think AV developers are whose behind the viruses --job security and all other manner of things --who needs ransom-ware, we're already hostages!
![]() They come to kill me now... Remember the biography about McAfee --running from someone trying to slay him, his subscribers no doubt. I don't buy into his paranoia bs. -_- I'm done now. |
|||
![]() |
|
CandyMan
I uploaded new version.
|
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.
Website powered by rwasa.