Author
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
Hi, mate ! Look at this and give me your idea !
just compile it with Fasmw (Don't RUN)

07 Aug 2006, 03:21

Joined: 25 Sep 2003
Posts: 2139
Location: Estonia
Yeah - the 0-byte binary will not even run - because its 0 bytes.

The idea is interesting but what can it be used for. Now the problem is too much information and I think there should be a filter to sort out the most interesting parts.
07 Aug 2006, 07:10
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
nice, should go to FASM gems
07 Aug 2006, 10:04
okasvi

Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
heh, really nice
You should make it output to file.
07 Aug 2006, 11:34
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
i wanted to say: add "display fix db" at the beggining of source

... but it doesn't work. any idea why?
07 Aug 2006, 11:42
Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8026
Location: Kraków, Poland
Tomasz Grysztar
Perhaps because of "virtual" blocks.
07 Aug 2006, 12:01
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
oh... of course. so it will need little more complicated solution, something like (untested):

Code:
```macro display [arg] {common ARG equ ARG,arg}
...
db ARG    ```
07 Aug 2006, 12:05
Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8026
Location: Kraków, Poland
Tomasz Grysztar
"display" belongs to interpreted layer, thus this may not work as expected.
07 Aug 2006, 12:16
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
hm... yes... i didn't realize again.

so again, the best solution is straightforward one rewrite it by hand
07 Aug 2006, 12:44
Reverend

Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend
Very nice! It's another proof of fasm's great features
07 Aug 2006, 22:39
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa

The idea is interesting but what can it be used for. Now the problem is too much information and I think there should be a filter to sort out the most interesting parts.

Hi Madis731 ! This is why I divided it in some macro Thus if you want to show the exports function name only (or something else), just use the macro appropiate. But it's true a problem with Dump_PE_Header macro as it so many field that some people may not interested in (Oh this I agree with U ). But because this is the first time i read deep inside Fasm's documentation, and really interest with this interpretive engine, so I've decide to make something ! And a full (may not at present ) list of fields dumped from famous format PE may is a great idea ?!!!!!
In case U want to using this with filtered fields, please feel free to modified it
08 Aug 2006, 10:35
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
okasvi wrote:
heh, really nice
You should make it output to file.

My way is copy and paste !!!
08 Aug 2006, 10:42
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
Hey, I prefer to writing a Disassembler using Fasm like this as it possible, but I don't know about that ( Actual I'm analizing !). So if one of you created it, or have idea for this, please post soon !
Good coding !!!!
08 Aug 2006, 11:10
okasvi

Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...
08 Aug 2006, 11:52
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
Xanfa wrote:

My way is copy and paste !!!

Actual using command line is more beauty ! It's simple with console version of fasm:
"C:\fasm\fasm PEdump_interp.asm >outputfile.dmp"
this will save output in outputfile.dmp file ! Dos is still great ?
09 Aug 2006, 02:37
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
okasvi wrote:
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...

As I talked, i haven't know about this project, and just studying ! So can you explain why ?
09 Aug 2006, 02:40
Yardman

Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman
[ Post removed by author. ]

Last edited by Yardman on 04 Apr 2012, 02:06; edited 1 time in total
09 Aug 2006, 15:14
Ancient One

Joined: 28 Feb 2005
Posts: 55
Ancient One
I wrote the same thing few months ago. It is intended to be a universal file format dumper (i.e to dump file structure in C-style struct), so the "main "program" is the DOS (XP cmd batch language) batch called "dump", and accept 2 main arguments <type> and <filename>, e.g :

C:\Dumper\dump pe C:\Windows\System32\kernel32.dll

will display the pe header info for the kernel32.dll. It's not completed coz i lost interest in it..btw there should be a lot of error in coding and not nicely stuctured (i wrote it in one go...), but basically it works for me (it shows the basic things and import/export/relocs/tls info) .

a simple disassembler can be done, i think.. but labelling branch could be hard.

14 Aug 2006, 01:35
