How to convert from exe to asm?
Deepak Sarda
I don't think that this is possible, but I was wondering if anybody
knows of a program that will convert an exe file to asm code.
Sorry if this questions has been asked before.
Thanks.
--
Regards.
Deepak Sarda
--------------------------------------------------------------------------
Deepak Sarda email: sa...@ee.ualberta.ca
University of Alberta/TRLabs web: http://www.ee.ualberta.ca/~sarda
Electrical/Computer Engineering Phone: (403)441-3898
Fax: (403)441-3600
Clay Hellman
sa...@ee.ualberta.ca (Deepak Sarda) wrote:
>I don't think that this is possible, but I was wondering if anybody
>knows of a program that will convert an exe file to asm code.
>Sorry if this questions has been asked before.
You are looking for a 'DISASSEMBLER'. A disassembler takes ML
(Machine language --- assembled or compiled code) and shows it to you
in the form of processor instructions. Dealing with disassembled code
is very tricky. You do not have labels or comments to look at -- just
addresses and instructions.
Hope this helps. I know there are several PC disassemblers floating
around, so you should have no problem finding one. Look in SimTel and
x2ftp.oulu.fi
L8r
-----------------------------------------------------------------------------
Clay Hellman (hell...@spots.ab.ca)
Check out Cybersphere, new from Psycon Soft.
http://www.spots.ab.ca/~hellmanc
-----------------------------------------------------------------------------
Vadim Zeitlin
In article <4s0hnn$h...@cornerstone.intergate.net>,
dmo...@morrow.com (David A. Morrow) wrote:>>By *far* the best around is "Sourcer" from V communications (I think).
Try IDA (shareware disassembler available from Simtel or Garbo) before
saying it. IDA (which BTW means InteractiveDisAssembler) allows you to
do many more things than Sourcer, especially if you know what you are
doing.
VZ
George C. Lindauer
sa...@ee.ualberta.ca (Deepak Sarda) writes:
>I don't think that this is possible, but I was wondering if anybody
>knows of a program that will convert an exe file to asm code.
Yeah there are several. The best one I've seen is called ida... it is
interactive and really souped up. But you have to send the author $$$
to get him to
send you a software key before you can actually dump the assembly
language code to a file. Get on any simtel sight and look in the DISASM
directory... most of what is there will only work on short (<64K) programs
but it is a real hassle to rework anything larger than that anyway. Except
I want to port PKZIP and PKUNZIP to a custom m68k platform... so I'm
going to have to send some money to the IDA guy. (after you decompress the
executables those get larger than 64K). From what I saw it will
be worth every penny I send.
David
>Sorry if this questions has been asked before.
>Thanks.
Charles Dye
In article <4s1ktk$4...@hermes.louisville.edu>, gcli...@starbase.spd.louisville.edu (George C. Lindauer) wrote:
>
>Yeah there are several. The best one I've seen is called ida... it is
>interactive and really souped up. But you have to send the author $$$
>to get him to
>send you a software key before you can actually dump the assembly
>language code to a file. Get on any simtel sight and look in the DISASM
>directory... most of what is there will only work on short (<64K) programs
>but it is a real hassle to rework anything larger than that anyway. Except
>I want to port PKZIP and PKUNZIP to a custom m68k platform... so I'm
>going to have to send some money to the IDA guy. (after you decompress the
>executables those get larger than 64K). From what I saw it will
>be worth every penny I send.
Why not study Info-ZIP and UNZIP instead? They _give_ you the source code!
ccr...@pacific.net
In <4ru5cu$h...@pulp.ucs.ualberta.ca>, sa...@ee.ualberta.ca (Deepak Sarda) writes:
>I don't think that this is possible, but I was wondering if anybody
>knows of a program that will convert an exe file to asm code.
Yes, there are such programs. They are called disassemblers. One of the best is
Sourcer, by V Communications, Inc. However, all disassemblers have the same
basic limition that labels and comments disappear in the assembly process, so
the disassembler can only create meaningless lables and generic comments.
In addition, even the best disassemblers do not always correctly determine if a
specific block of hex is meant to be code or data. Therefore, disassembly is
usually an iterative process, in which human intelligence has to play a major
part.
-- Chuck
Clay Hellman
ccr...@pacific.net wrote:
>In addition, even the best disassemblers do not always correctly determine if a
>specific block of hex is meant to be code or data. Therefore, disassembly is
>usually an iterative process, in which human intelligence has to play a major
>part.
Absolutely. And this brings up a great way to make your code
virtually impossible to disassemble or reverse engineer. Just stuff
it full of meaningless DBs between routines - in your Code Segment.
Szu-Wen Huang
Clay Hellman (hell...@spots.ab.ca) wrote:
: ccr...@pacific.net wrote:
: >In addition, even the best disassemblers do not always correctly
: >determine if a specific block of hex is meant to be code or data.
: >Therefore, disassembly is usually an iterative process, in which
: >human intelligence has to play a major part.
: Absolutely. And this brings up a great way to make your code
: virtually impossible to disassemble or reverse engineer. Just stuff
: it full of meaningless DBs between routines - in your Code Segment.
Uhm, let's see:
1. Find the starting point of the code - a trivial exercise because
the OS certainly had to know where to start running.
2. Find out where that code jumps to - that would be the entry point
of subroutines.
3. recursively perform #2 until done.
This simpleminded trace will not even touch your meaningless DBs. A
better way to avoid disassembly would be to hide branches by building
(say) self-modifying branch instructions and the like. There's no
way to make a program "virtually impossible" to disassemble or reverse-
engineer to a determined and knowledgeable person, though.
Tyler Barnes
HE>Absolutely. And this brings up a great way to make your code
HE>virtually impossible to disassemble or reverse engineer. Just stuff
HE>it full of meaningless DBs between routines - in your Code Segment.
You can still trace through it with a debugger to do reverse
engineering... Which reminds me... what is the best anti-debugging
trick? .. The method I've found that seems to work really well is
pointing the interrupt 3 vector to the interrupt 21 handler, and then
putting in INT 3 every time I want to use interrupt 21 instead of INT
21. Come to think of it, in a large enough program that method might
even save space seeing as an INT 21h instruction is CD 21 and an INT 3
instruction is simply CC....
Jon Beltran de Heredia
Tyler....@access.cn.camriv.bc.ca (Tyler Barnes) wrote:
That won't work with a debugger that does not use or touch real-mode
int 3 at all, like SoftIce.
Regards,
Jon
Szu-Wen Huang
Tyler Barnes (Tyler....@access.cn.camriv.bc.ca) wrote:
: You can still trace through it with a debugger to do reverse
: engineering... Which reminds me... what is the best anti-debugging
: trick? .. The method I've found that seems to work really well is
: pointing the interrupt 3 vector to the interrupt 21 handler, and then
: putting in INT 3 every time I want to use interrupt 21 instead of INT
: 21. Come to think of it, in a large enough program that method might
: even save space seeing as an INT 21h instruction is CD 21 and an INT 3
: instruction is simply CC....
Bottom line is, good debugger, determined hacker, good-bye code. :)
I suggest just concentrate on making your code worth buying.