flat assembler
Message board for the users of flat assembler.

 Index > Windows > PEdump - interpretive program !
Author
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
Hi, mate ! Look at this and give me your idea !
just compile it with Fasmw (Don't RUN)

07 Aug 2006, 03:21

Joined: 25 Sep 2003
Posts: 2139
Location: Estonia
Yeah - the 0-byte binary will not even run - because its 0 bytes.

The idea is interesting but what can it be used for. Now the problem is too much information and I think there should be a filter to sort out the most interesting parts.
07 Aug 2006, 07:10
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
nice, should go to FASM gems
07 Aug 2006, 10:04
okasvi

Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
heh, really nice
You should make it output to file.
07 Aug 2006, 11:34
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
i wanted to say: add "display fix db" at the beggining of source

... but it doesn't work. any idea why?
07 Aug 2006, 11:42
Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8026
Location: Kraków, Poland
Tomasz Grysztar
Perhaps because of "virtual" blocks.
07 Aug 2006, 12:01
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
oh... of course. so it will need little more complicated solution, something like (untested):

Code:
```macro display [arg] {common ARG equ ARG,arg}
...
db ARG    ```
07 Aug 2006, 12:05
Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8026
Location: Kraków, Poland
Tomasz Grysztar
"display" belongs to interpreted layer, thus this may not work as expected.
07 Aug 2006, 12:16
vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
hm... yes... i didn't realize again.

so again, the best solution is straightforward one rewrite it by hand
07 Aug 2006, 12:44
Reverend

Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend
Very nice! It's another proof of fasm's great features
07 Aug 2006, 22:39
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa

The idea is interesting but what can it be used for. Now the problem is too much information and I think there should be a filter to sort out the most interesting parts.

Hi Madis731 ! This is why I divided it in some macro Thus if you want to show the exports function name only (or something else), just use the macro appropiate. But it's true a problem with Dump_PE_Header macro as it so many field that some people may not interested in (Oh this I agree with U ). But because this is the first time i read deep inside Fasm's documentation, and really interest with this interpretive engine, so I've decide to make something ! And a full (may not at present ) list of fields dumped from famous format PE may is a great idea ?!!!!!
In case U want to using this with filtered fields, please feel free to modified it
08 Aug 2006, 10:35
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
okasvi wrote:
heh, really nice
You should make it output to file.

My way is copy and paste !!!
08 Aug 2006, 10:42
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
Hey, I prefer to writing a Disassembler using Fasm like this as it possible, but I don't know about that ( Actual I'm analizing !). So if one of you created it, or have idea for this, please post soon !
Good coding !!!!
08 Aug 2006, 11:10
okasvi

Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...
08 Aug 2006, 11:52
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
Xanfa wrote:

My way is copy and paste !!!

Actual using command line is more beauty ! It's simple with console version of fasm:
"C:\fasm\fasm PEdump_interp.asm >outputfile.dmp"
this will save output in outputfile.dmp file ! Dos is still great ?
09 Aug 2006, 02:37
Xanfa

Joined: 03 Aug 2006
Posts: 29
Xanfa
okasvi wrote:
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...

As I talked, i haven't know about this project, and just studying ! So can you explain why ?
09 Aug 2006, 02:40
Yardman

Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman
[ Post removed by author. ]

Last edited by Yardman on 04 Apr 2012, 02:06; edited 1 time in total
09 Aug 2006, 15:14
Ancient One

Joined: 28 Feb 2005
Posts: 55
Ancient One
I wrote the same thing few months ago. It is intended to be a universal file format dumper (i.e to dump file structure in C-style struct), so the "main "program" is the DOS (XP cmd batch language) batch called "dump", and accept 2 main arguments <type> and <filename>, e.g :

C:\Dumper\dump pe C:\Windows\System32\kernel32.dll

will display the pe header info for the kernel32.dll. It's not completed coz i lost interest in it..btw there should be a lot of error in coding and not nicely stuctured (i wrote it in one go...), but basically it works for me (it shows the basic things and import/export/relocs/tls info) .

a simple disassembler can be done, i think.. but labelling branch could be hard.

14 Aug 2006, 01:35
 Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

 Jump to: Select a forum Official----------------AssemblyPeripheria General----------------MainTutorials and ExamplesDOSWindowsLinuxUnixMenuetOS Specific----------------MacroinstructionsOS ConstructionIDE DevelopmentProjects and IdeasNon-x86 architecturesHigh Level LanguagesProgramming Language DesignCompiler Internals Other----------------FeedbackHeapTest Area

Forum Rules:
 You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum