Message board for the users of flat assembler.
> Windows > Newbie questions about rebuilding disassembled functions
aquas 15 Aug 2012, 21:17
Hello. I am working with IDA disassembler and have a couple of functions that I would like to be able to reassemble with FASM. If I work with just one function at a time, it's really no problem, and my .asm files just look something like this:
org 4B0B00h ;or whatever the virtual addr. of the fn is
mov eax, [esp + 4]
And no problem. I get basically the same code as the original (but not exactly, which I will ask about in a minute).
But if I have for example two functions, one of which calls the other, and I want them in separate .asm files, how do I make sure that everything still works? I can use the proc macro I think, or even a label, but what about the org directives?
mov eax, [508B63h]
mov eax, [508B63h + 150h]
Is the above OK? fasm will build Func2 as it were from VA 4BDC00h and Func1 from VA 4B0B00h? I don't think it's important for the mov instructions but for other ones it is of course.
What can I do?
My second question is that for some instructions, in particular 'mov', I might have an original opcode of 8BF9 for "mov edi, ecx" and fasm outputs 89CF. I guess it's not a big deal in this case, but can I know at least that there will not be any unusual side effects or differences in code size, for example? What can I do about this?
I think these must be very basic questions but so far I didn't find an answer by reading. So I hope someone here can help.
|15 Aug 2012, 21:17||
revolution 15 Aug 2012, 21:24
You didn't state your output format? Is it intended to be a binary output? Or are you using this in a PE format? Either way all you need to do is make sure that you place the assembled code into the appropriate place in memory and everything should work as intended.
As for the different opcodes, this is something that you cannot control. Different assemblers generate different code and it is kind of a "signature" that shows which assembler was used. The only time this might affect you is when the code has a checksum, CRC or hash that will change with different encoding, and/or when a shorter or longer instruction encoding is used.
|15 Aug 2012, 21:24||
aquas 15 Aug 2012, 21:41
Everything is raw binary output at this point. So I would just directly patch in any output from FASM.
I just wanted to make sure that having multiple org directives all over the place wouldn't break anything. Cool.
Thank you for clarifying the opcodes issue also.
|15 Aug 2012, 21:41||
< Last Thread | Next Thread >
Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.