Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"Disassembler"

600 views
Skip to first unread message
Message has been deleted

Michael Brown

unread,
Feb 16, 2002, 3:55:54 AM2/16/02
to

"Hank B." <han...@rocketmail.com> wrote in message
news:2d5defb3.02021...@posting.google.com...
> Here's a concept to ponder:
Homework?:)

>
> Suppose you are to write a "disassembler" -that is, a system program
> that takes an ordinary program as input and produces a listing of the
> source version of the program.

> What tables and data structures would
> be required and how would they be used?
Well, you would need a map of what's data and whats code, and I suppose also
some information on the circumstances under which the data is accessed would be
useful for assigning logical names.

> How many passes would be needed?
Well, you could do it theoretically in one pass. Just start at the entry point
and take both directions at each conditional branch, going one way then when
that way is exhausted go back and take the other route. Keeping a list of
visited addresses will work here. Of course, it would be trivial to write code
to wreck such a disassembly routine, such as:
jnz APos
jz APos
jmp APos+1
APos:
<some more code, starting with a 2-byte instruction>

Which would make the disassembler really upset as it would start disassembling
at APos, then later it would start disassembling at APos, but after effectively
having ditched the first byte of a multi-byte instruction (so disassembling
psuedo-random instructions).

I'm not sure how a multi-pass attempt would go.

> What problems would arise in recreating the source program?
The hardest part is determining context. When is data a string and when is it
binary data? It doesn't matter to reassemble it, but for readability we like
db 'ABC'
instead of
db 65,66,67

> BTW Does anyone know of a good SIC/XE website?
Never even heard of it, so I guess not :)

--
Michael

Grzegorz Mazur

unread,
Feb 16, 2002, 4:55:57 AM2/16/02
to
"Hank B." <han...@rocketmail.com> wrote in message
news:2d5defb3.02021...@posting.google.com...
> Suppose you are to write a "disassembler" -that is, a system program
> that takes an ordinary program as input and produces a listing of the
> source version of the program. What tables and data structures would
> be required and how would they be used? How many passes would be
> needed? What problems would arise in recreating the source program?

Why don't you give your professor's email address for sending the answers
directly?

> Partial answers would work fine.

This brings some idea...

One of the tables will contain structures, and one of the fields in the
structure should be of unsigned integer type.

One pass is always enough for PARTIAL disassembly.

Some of the problems with recreating the source wil be of legal nature.


Raymond Filiatreault

unread,
Feb 16, 2002, 11:55:52 AM2/16/02
to
"Grzegorz Mazur" <g...@ii.pw.edu.pl> wrote in message news:<a4l84j$c21$1...@pingwin.acn.pl>...

> "Hank B." <han...@rocketmail.com> wrote in message
> news:2d5defb3.02021...@posting.google.com...
> > Suppose you are to write a "disassembler" -that is, a system program
> > that takes an ordinary program as input and produces a listing of the
> > source version of the program. What tables and data structures would
> > be required and how would they be used? How many passes would be
> > needed? What problems would arise in recreating the source program?
>

Why would you want to write your own disassembler when there are so
many available? Most of them are also FREE. The only reason why I ever
wanted to write my own was when I started to learn assembler on the
TRS80 and I wanted to see how the DOS was functioning. Back then,
disassemblers were not that readily available.

There is no way that any disassembler will recreate the data
structures and list of 'public' variables in a way that is readily
understandable. Furthermore, if you disassemble a program which makes
calls to Windows functions (or other OS functions), it would be
extremely difficult to determine what the program is attempting to do.
On top of it all, if the program was written in a language such as C
or even worse in C++ and then assembled and linked with some unknown
assembler, the program may be super bloated with the complete library
of functions which may never even be used by the program itself,
leading to a lot of confusion.

Have fun!!!

Raymond

Michaël Grünewald

unread,
Feb 17, 2002, 2:13:14 PM2/17/02
to
ray...@hotmail.com (Raymond Filiatreault) writes:

> Why would you want to write your own disassembler when there are so
> many available? Most of them are also FREE.

Could you also point out a disassembler that is able to produce output in AT&T
or Nasm (or any other free available, multi platform available assembler) that
understands a lot of executable, object and library format ?

I was in a seek for such a tool, at many times.

--
Michaël Grünewald

Philippe Vigier

unread,
Feb 28, 2002, 1:50:34 PM2/28/02
to
I seek also a good disassembler for x86 code on the Win32 platform.
(Freeware)

Thanx!


"Hank B." <han...@rocketmail.com> a écrit dans le message de news:


2d5defb3.02021...@posting.google.com...
> Here's a concept to ponder:
>

> Suppose you are to write a "disassembler" -that is, a system program
> that takes an ordinary program as input and produces a listing of the
> source version of the program. What tables and data structures would
> be required and how would they be used? How many passes would be
> needed? What problems would arise in recreating the source program?
>

> Partial answers would work fine.
>

AgentX

unread,
Mar 8, 2002, 7:55:57 AM3/8/02
to
"Philippe Vigier" <ph...@sextant.org> wrote in message news:<a5lb95$mkc$1...@wanadoo.fr>...

> I seek also a good disassembler for x86 code on the Win32 platform.
> (Freeware)
>
> Thanx!

There are many disassemblers (yes, even FREE) available for x86 platforms.
Some as plain vanilla command line tools, command line driven. Nothing spacial
here, you'll only get an assembly listing to modify and/or assemble.

Some are pretty advanced and provide interactive environment. The king among
them is "Interactive Disassembler" or "IDA Pro" - www.datarescue.com

Though expensive, this tool is a must have for every enthusiast. They even
offer a time and function limited demonstration of their latest product.

Not only this, they even offer a FREE version of this excellent tool.
- http://www.datarescue.be/downloadfreeware.htm

I'm sure, you won't need any other disassembler even if you decide to continue
using their free version. :)

There are others, though not very powerful ..they'll do that job anyhow.
Micro$oft Visual C++ 6.0 comes with DUMPBIN.EXE, which can disassemble and
output on screen or to file.

Sourcer (now comes with Windows Disassembler bundled) is a powerful utility.
It lets you choose the output assembler format (including various versions of
MASM and TASM, OPTASM(obsoleted now ?) and others). You can specify the number
of passes, whether to generate code for x87, and CPUs ranging from 8086/87 to
Pentiums.

Even, windows port of nasm comes with its own disassembler.
There are more ...however, i've only tried to name those are actually usable,
easier to work with ..and a little more interactive.

Should you require further assistance, contact the companies directly.

Hope this helps.

- AgentX

0 new messages