flat assembler
Message board for the users of flat assembler.

Index > Windows > Newbie questions about rebuilding disassembled functions

Author
Thread Post new topic Reply to topic
aquas



Joined: 15 Aug 2012
Posts: 2
aquas 15 Aug 2012, 21:17
Hello. I am working with IDA disassembler and have a couple of functions that I would like to be able to reassemble with FASM. If I work with just one function at a time, it's really no problem, and my .asm files just look something like this:

use32
org 4B0B00h ;or whatever the virtual addr. of the fn is

mov eax, [esp + 4]
...

And no problem. I get basically the same code as the original (but not exactly, which I will ask about in a minute).

But if I have for example two functions, one of which calls the other, and I want them in separate .asm files, how do I make sure that everything still works? I can use the proc macro I think, or even a label, but what about the org directives?

For example...

fn #1
------
use32
org 4B0B00h

proc Func1
mov eax, [508B63h]
call Func2
retn 0
endp

fn#2
------
use32
org 4BDC00h

proc Func2
mov eax, [508B63h + 150h]
retn 0
endp

Is the above OK? fasm will build Func2 as it were from VA 4BDC00h and Func1 from VA 4B0B00h? I don't think it's important for the mov instructions but for other ones it is of course.

What can I do?

My second question is that for some instructions, in particular 'mov', I might have an original opcode of 8BF9 for "mov edi, ecx" and fasm outputs 89CF. I guess it's not a big deal in this case, but can I know at least that there will not be any unusual side effects or differences in code size, for example? What can I do about this?

I think these must be very basic questions but so far I didn't find an answer by reading. So I hope someone here can help.
Post 15 Aug 2012, 21:17
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20468
Location: In your JS exploiting you and your system
revolution 15 Aug 2012, 21:24
You didn't state your output format? Is it intended to be a binary output? Or are you using this in a PE format? Either way all you need to do is make sure that you place the assembled code into the appropriate place in memory and everything should work as intended.

As for the different opcodes, this is something that you cannot control. Different assemblers generate different code and it is kind of a "signature" that shows which assembler was used. The only time this might affect you is when the code has a checksum, CRC or hash that will change with different encoding, and/or when a shorter or longer instruction encoding is used.
Post 15 Aug 2012, 21:24
View user's profile Send private message Visit poster's website Reply with quote
aquas



Joined: 15 Aug 2012
Posts: 2
aquas 15 Aug 2012, 21:41
Everything is raw binary output at this point. So I would just directly patch in any output from FASM.

I just wanted to make sure that having multiple org directives all over the place wouldn't break anything. Cool.

Thank you for clarifying the opcodes issue also.
Post 15 Aug 2012, 21:41
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.