flat assembler
Message board for the users of flat assembler.
Index
> Windows > utility to dump dll to asm code, function name as comment? Goto page 1, 2 Next |
Author |
|
revolution 14 Feb 2014, 09:53
Perhaps my website can help you?
BTW: If you can't follow the debugger then I think you will have the same trouble with a disassembled text file also. |
|||
14 Feb 2014, 09:53 |
|
LocoDelAssembly 14 Feb 2014, 11:42
Have you tried IDApro already? If not it is not precisely a tool to save as text file, but worth trying to analyze the functions of interest nonetheless.
There is also HexRays which decompiles to C in case you find it more easy to grasp, but I'm afraid that there is no even a trial license for it. |
|||
14 Feb 2014, 11:42 |
|
HaHaAnonymous 14 Feb 2014, 13:03
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:13; edited 1 time in total |
|||
14 Feb 2014, 13:03 |
|
baldr 14 Feb 2014, 14:54
LocoDelAssembly wrote: …but I'm afraid that there is no even a trial license for it. While being quite limited (Win32 GUI version, x86 disassembly only), it could be useful because loader set is pretty good (PE/ELF/OMF/COFF and some others); OTOH, signatures and type libraries are dated back in 2010. I don't remember whether it support symbol server. There is IDA Demo (6.5) too, whose limitations are of another kind (it's time-limited and wouldn't save database). P.S. HaHaAnonymous, that's what private messages are for. |
|||
14 Feb 2014, 14:54 |
|
HaHaAnonymous 14 Feb 2014, 14:59
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:13; edited 1 time in total |
|||
14 Feb 2014, 14:59 |
|
typedef 14 Feb 2014, 16:59
OllyDbg can do this. Just open your DLL with it and select DLL Exports, click follow and it'll take you to the first instruction of that function.
|
|||
14 Feb 2014, 16:59 |
|
sleepsleep 14 Feb 2014, 18:00
revolution wrote:
i always revo, yep, my mistake, i need to allocate more time into learning how to debug and disassembly, typedef wrote:
http://www.ollydbg.de/Loaddll.htm Single step event at ntdll.77B001B8 - use Shift+F7/F8/F9 to pass exception to program then i press Shift+F9, restart and try again with Shift+F8, then Shift+F7 Debugged program was unable to process exception. it dosn't seem working. baldr wrote: Fear not, there is IDA Freeware, currently 5.0. i heard about this tool long time ago, but never really use it, will revo to see how to use this tool, thanks. btw, anyone using windbg? from microsoft, http://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx or, one more question, does anyone here, program professionally for years and never use debugger? maybe he got another tricks or magics beside debugger? |
|||
14 Feb 2014, 18:00 |
|
baldr 14 Feb 2014, 19:33
sleepsleep wrote: does anyone here, program professionally for years and never use debugger? Everytime program behaves strange, I'd inserted some output routines in the program flow to display critical values (in the end almost entire display center was filled with ticking numbers; my colleagues decide to prefer debug versions because playing them was looking so nerdish, and their tapes were about 0.5m longer ;-) WinDbg is good at analyze -v for crash dumps. It uses symbol server too. IDA is a quite simple tool (key word: "interactive", but undo is unavailable), and powerful if you master it. There are lots of tutorials on it, grab some and join the wonderful world of reverse engineering. ;-) P.S. revolution, it seems that I was the #10600 idiot served. ;-) |
|||
14 Feb 2014, 19:33 |
|
HaHaAnonymous 14 Feb 2014, 19:38
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:11; edited 1 time in total |
|||
14 Feb 2014, 19:38 |
|
baldr 14 Feb 2014, 20:55
HaHaAnonymous wrote: A debugger is not a mandatory tool in programming… Can you withstand this? |
|||
14 Feb 2014, 20:55 |
|
HaHaAnonymous 14 Feb 2014, 21:03
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 18:11; edited 1 time in total |
|||
14 Feb 2014, 21:03 |
|
LocoDelAssembly 14 Feb 2014, 22:27
baldr wrote:
LocoDelAssembly wrote: There is also HexRays which decompiles to C in case you find it more easy to grasp, but I'm afraid that there is no even a trial license for it. |
|||
14 Feb 2014, 22:27 |
|
typedef 14 Feb 2014, 23:12
sleepsleep wrote: is there any such "open source" utility to dump dll / exe into assembly language code, with exported & calling functions name commented side. typedef wrote: OllyDbg can do this. Just open your DLL with it and select DLL Exports, click follow and it'll take you to the first instruction of that function. sleepsleep wrote: Single step event at ntdll.77B001B8 - use Shift+F7/F8/F9 to pass exception to program See what you're doing wrong? You're debugging the DLL. Your problem was to know how a DLL works by looking at its code. Well, the steps I gave you will do just that. But if you want to debug the DLL you'll have to debug the .EXE that loads it so you can see it in action. In the example you linked, the DLL being debugged was made for that reason that's why it works perfectly withe the DLL loader. Your DLL probably expects something else other than a pointer to "Hello World". That's why it crashed. 1. Open your DLL in OllyDbg, the loader will load your DLL. 2. Select Debug > Call DLL export 3. Select the function you want to view. 4. Right click on the function and select Edit > Select procedure (The whole proc will be selected) 5. Right click anywhere on the selected code and select Edit > Copy as table 6. Paste your assembly in any editor. NOTE: Any debugger will put comments if its analysis finds references. If it can't there won't be any. It's as simple as that. |
|||
14 Feb 2014, 23:12 |
|
sleepsleep 15 Feb 2014, 01:51
typedef wrote: 1. Open your DLL in OllyDbg, the loader will load your DLL. i can't pass through step 2, with the error i mentioned above the dll is publicly available here, http://www.tscprinters.com/cms/upload/download_en/TSCLIB_V0201_x86.zip it doesn't work with your suggested steps, baldr wrote:
wow, i wasn't on earth yet during that time, |
|||
15 Feb 2014, 01:51 |
|
typedef 15 Feb 2014, 04:51
sleepsleep
Either you're doing it wrong or your OllyDbg installation is messed up. http://imgur.com/HGl8TBM,XGSHFNG,RaC9qOj PS: There are 3 pictures there. |
|||
15 Feb 2014, 04:51 |
|
sleepsleep 15 Feb 2014, 06:28
weird, how come it works on your site, but failed on my site???
i am using win7 64bit, is that issue? |
|||
15 Feb 2014, 06:28 |
|
typedef 15 Feb 2014, 14:56
During the 2nd step nothing is executed, so either you are clicking the wrong button or your OllyDbg version is different.
Windows 7 64bit Ultimate OllyDbg v2.01 |
|||
15 Feb 2014, 14:56 |
|
sleepsleep 15 Feb 2014, 20:18
i downloaded v2.01, it works now!!!!
i could see the magic inside, wow, =) wow =) thanks typedef! |
|||
15 Feb 2014, 20:18 |
|
sleepsleep 03 Feb 2015, 15:58
hi all,
any suggestion to debug Visual Basic 6 application, i got one in my hand, it seems that the author of the application program it to generates a real serial number based on system key to match our input serial number, kinda weird, but maybe this is how all those serial verification works. so, his generated genuine serial is actually shown (if one go through ollydbg) if genuine_serial == input_serial then. .... but i feel it is kinda hard to step through a VB application using ollydbg, any suggestion? |
|||
03 Feb 2015, 15:58 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.