flat assembler
Message board for the users of flat assembler.

Index > Windows > PEdump - interpretive program !

Author
Thread Post new topic Reply to topic
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 07 Aug 2006, 03:21
Hi, mate ! Look at this and give me your idea !
just compile it with Fasmw (Don't RUN) Very Happy


Description:
Download
Filename: PEdump_interp.ASM
Filesize: 15.47 KB
Downloaded: 677 Time(s)

Post 07 Aug 2006, 03:21
View user's profile Send private message Yahoo Messenger Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2139
Location: Estonia
Madis731 07 Aug 2006, 07:10
Yeah - the 0-byte binary will not even run - because its 0 bytes.

The idea is interesting but what can it be used for. Now the problem is too much information and I think there should be a filter to sort out the most interesting parts.
Post 07 Aug 2006, 07:10
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 07 Aug 2006, 10:04
nice, should go to FASM gems
Post 07 Aug 2006, 10:04
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi 07 Aug 2006, 11:34
heh, really nice Very Happy
You should make it output to file.
Post 07 Aug 2006, 11:34
View user's profile Send private message MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 07 Aug 2006, 11:42
i wanted to say: add "display fix db" at the beggining of source

... but it doesn't work. any idea why?
Post 07 Aug 2006, 11:42
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 07 Aug 2006, 12:01
Perhaps because of "virtual" blocks.
Post 07 Aug 2006, 12:01
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 07 Aug 2006, 12:05
oh... of course. so it will need little more complicated solution, something like (untested):

Code:
macro display [arg] {common ARG equ ARG,arg}
...
db ARG    
Post 07 Aug 2006, 12:05
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 07 Aug 2006, 12:16
"display" belongs to interpreted layer, thus this may not work as expected.
Post 07 Aug 2006, 12:16
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 07 Aug 2006, 12:44
hm... yes... i didn't realize again.

so again, the best solution is straightforward one Razz rewrite it by hand
Post 07 Aug 2006, 12:44
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend 07 Aug 2006, 22:39
Very nice! It's another proof of fasm's great features Smile
Post 07 Aug 2006, 22:39
View user's profile Send private message Visit poster's website Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 08 Aug 2006, 10:35
Madis731 wrote:

The idea is interesting but what can it be used for. Now the problem is too much information and I think there should be a filter to sort out the most interesting parts.


Hi Madis731 ! This is why I divided it in some macro Wink Thus if you want to show the exports function name only (or something else), just use the macro appropiate. But it's true a problem with Dump_PE_Header macro as it so many field that some people may not interested in (Oh this I agree with U Very Happy ). But because this is the first time i read deep inside Fasm's documentation, and really interest with this interpretive engine, so I've decide to make something ! And a full (may not at present ) list of fields dumped from famous format PE may is a great idea ?!!!!!
In case U want to using this with filtered fields, please feel free to modified it Cool
Post 08 Aug 2006, 10:35
View user's profile Send private message Yahoo Messenger Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 08 Aug 2006, 10:42
okasvi wrote:
heh, really nice Very Happy
You should make it output to file.


Cool Cool Cool Cool My way is copy and paste !!! Laughing Laughing Laughing Laughing Laughing
Post 08 Aug 2006, 10:42
View user's profile Send private message Yahoo Messenger Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 08 Aug 2006, 11:10
Hey, I prefer to writing a Disassembler using Fasm like this as it possible, but I don't know about that ( Actual I'm analizing !). So if one of you created it, or have idea for this, please post soon !
Good coding !!!!
Post 08 Aug 2006, 11:10
View user's profile Send private message Yahoo Messenger Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi 08 Aug 2006, 11:52
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...
Post 08 Aug 2006, 11:52
View user's profile Send private message MSN Messenger Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 09 Aug 2006, 02:37
Xanfa wrote:

Cool Cool Cool Cool My way is copy and paste !!! Laughing Laughing Laughing Laughing Laughing


Smile Actual using command line is more beauty ! It's simple with console version of fasm:
"C:\fasm\fasm PEdump_interp.asm >outputfile.dmp"
this will save output in outputfile.dmp file ! Dos is still great ?
Post 09 Aug 2006, 02:37
View user's profile Send private message Yahoo Messenger Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 09 Aug 2006, 02:40
okasvi wrote:
most likely, you will just run out of memory when compiling the macro-scripts you would use to disassemble, I think...


As I talked, i haven't know about this project, and just studying ! So can you explain why ?
Post 09 Aug 2006, 02:40
View user's profile Send private message Yahoo Messenger Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 09 Aug 2006, 15:14
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 02:06; edited 1 time in total
Post 09 Aug 2006, 15:14
View user's profile Send private message Reply with quote
Ancient One



Joined: 28 Feb 2005
Posts: 55
Ancient One 14 Aug 2006, 01:35
I wrote the same thing few months ago. It is intended to be a universal file format dumper (i.e to dump file structure in C-style struct), so the "main "program" is the DOS (XP cmd batch language) batch called "dump", and accept 2 main arguments <type> and <filename>, e.g :

C:\Dumper\dump pe C:\Windows\System32\kernel32.dll

will display the pe header info for the kernel32.dll. It's not completed coz i lost interest in it..btw there should be a lot of error in coding and not nicely stuctured (i wrote it in one go...), but basically it works for me (it shows the basic things and import/export/relocs/tls info) Smile.

a simple disassembler can be done, i think.. but labelling branch could be hard.


Description:
Download
Filename: Dumper.rar
Filesize: 12.95 KB
Downloaded: 513 Time(s)

Post 14 Aug 2006, 01:35
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.