flat assembler
Message board for the users of flat assembler.
Index
> Windows > PEdump - interpretive program ! |
Author |
|
Xanfa 07 Aug 2006, 03:21
Hi, mate ! Look at this and give me your idea !
just compile it with Fasmw (Don't RUN)
|
|||||||||||
07 Aug 2006, 03:21 |
|
vid 07 Aug 2006, 10:04
nice, should go to FASM gems
|
|||
07 Aug 2006, 10:04 |
|
okasvi 07 Aug 2006, 11:34
heh, really nice
You should make it output to file. |
|||
07 Aug 2006, 11:34 |
|
vid 07 Aug 2006, 11:42
i wanted to say: add "display fix db" at the beggining of source
... but it doesn't work. any idea why? |
|||
07 Aug 2006, 11:42 |
|
Tomasz Grysztar 07 Aug 2006, 12:01
Perhaps because of "virtual" blocks.
|
|||
07 Aug 2006, 12:01 |
|
vid 07 Aug 2006, 12:05
oh... of course. so it will need little more complicated solution, something like (untested):
Code: macro display [arg] {common ARG equ ARG,arg} ... db ARG |
|||
07 Aug 2006, 12:05 |
|
Tomasz Grysztar 07 Aug 2006, 12:16
"display" belongs to interpreted layer, thus this may not work as expected.
|
|||
07 Aug 2006, 12:16 |
|
vid 07 Aug 2006, 12:44
hm... yes... i didn't realize again.
so again, the best solution is straightforward one rewrite it by hand |
|||
07 Aug 2006, 12:44 |
|
Reverend 07 Aug 2006, 22:39
Very nice! It's another proof of fasm's great features
|
|||
07 Aug 2006, 22:39 |
|
Xanfa 08 Aug 2006, 10:35
Madis731 wrote:
Hi Madis731 ! This is why I divided it in some macro Thus if you want to show the exports function name only (or something else), just use the macro appropiate. But it's true a problem with Dump_PE_Header macro as it so many field that some people may not interested in (Oh this I agree with U ). But because this is the first time i read deep inside Fasm's documentation, and really interest with this interpretive engine, so I've decide to make something ! And a full (may not at present ) list of fields dumped from famous format PE may is a great idea ?!!!!! In case U want to using this with filtered fields, please feel free to modified it |
|||
08 Aug 2006, 10:35 |
|
Xanfa 08 Aug 2006, 10:42
okasvi wrote: heh, really nice My way is copy and paste !!! |
|||
08 Aug 2006, 10:42 |
|
Xanfa 08 Aug 2006, 11:10
Hey, I prefer to writing a Disassembler using Fasm like this as it possible, but I don't know about that ( Actual I'm analizing !). So if one of you created it, or have idea for this, please post soon !
Good coding !!!! |
|||
08 Aug 2006, 11:10 |
|
okasvi 08 Aug 2006, 11:52
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...
|
|||
08 Aug 2006, 11:52 |
|
Xanfa 09 Aug 2006, 02:37
Xanfa wrote:
Actual using command line is more beauty ! It's simple with console version of fasm: "C:\fasm\fasm PEdump_interp.asm >outputfile.dmp" this will save output in outputfile.dmp file ! Dos is still great ? |
|||
09 Aug 2006, 02:37 |
|
Xanfa 09 Aug 2006, 02:40
okasvi wrote: most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think... As I talked, i haven't know about this project, and just studying ! So can you explain why ? |
|||
09 Aug 2006, 02:40 |
|
Yardman 09 Aug 2006, 15:14
[ Post removed by author. ]
Last edited by Yardman on 04 Apr 2012, 02:06; edited 1 time in total |
|||
09 Aug 2006, 15:14 |
|
Ancient One 14 Aug 2006, 01:35
I wrote the same thing few months ago. It is intended to be a universal file format dumper (i.e to dump file structure in C-style struct), so the "main "program" is the DOS (XP cmd batch language) batch called "dump", and accept 2 main arguments <type> and <filename>, e.g :
C:\Dumper\dump pe C:\Windows\System32\kernel32.dll will display the pe header info for the kernel32.dll. It's not completed coz i lost interest in it..btw there should be a lot of error in coding and not nicely stuctured (i wrote it in one go...), but basically it works for me (it shows the basic things and import/export/relocs/tls info) . a simple disassembler can be done, i think.. but labelling branch could be hard.
|
|||||||||||
14 Aug 2006, 01:35 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.