Page 3 of 3 FirstFirst 123
Results 31 to 35 of 35

Thread: Dissassembly

  1. #31
    Glad you like grdb.exe. It been around for a while and I think the author even lets you download the source code.

  2. #32
    The original .exe has some text embedded in it.
    I was wondering how they did that.
    .code

    <put code here>
    jmp over_text_bit

    db 'hello i am the text',00h

    over_text_bit:

    kinda simple

  3. #33

    Bells and whistles

    I have a long ways to go on learning about my dissassemblers. So many bells and whistles.

    It had output a text of a program as a series of hex values, so it wasn't obvious that it was text.

    The only hex I have memorized are for the carriage return and a few others. :-)

  4. #34
    hi blabber,

    Its not really need to use ida,I have tested a win32 disassembler(korean programmer sangcho) http://www.geocities.com/~sangcho/disasm.html
    it works great as well;Its a console disassembler
    About the debugger you had posted its a nice find thanks again
    esther


    Reverse the code,Reverse Your Minds First

  5. #35
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere over the Rainbow
    Posts
    289
    Blog Entries
    1
    Well,
    the original test.exe posted here had some code missing, and bad logic,
    that could be easily found when debuging the code after a saved decompiled .asm,

    I used PVDasm to create the source, and handly changes few stuff, and inserted the missing code / fixed bad logic.

    working source code:
    Code:
    ; ###############################################################################
    ; # This file has generated by Proview Disassembler (PVDasm) MASM wizard.       #
    ; # Copyright (c) 2003-2006 by Bengaly, <http://pvdasm.reverse-engineering.net> #
    ; ###############################################################################
    .386   ; create 32 bit code
    .model flat, stdcall ; 32 bit memory model
    option casemap:none  ; case sensitive
    
    include C:\masm32\include\windows.inc
    include C:\masm32\include\kernel32.inc
    include C:\masm32\include\user32.inc
    include C:\masm32\include\gdi32.inc
    include C:\masm32\include\comctl32.inc
    include C:\masm32\include\shell32.inc
    include C:\masm32\include\comdlg32.inc
    
    includelib C:\masm32\lib\user32.lib
    includelib C:\masm32\lib\kernel32.lib
    includelib C:\masm32\lib\gdi32.lib
    includelib C:\masm32\lib\comctl32.lib
    includelib C:\masm32\lib\shell32.lib
    includelib C:\masm32\lib\comdlg32.lib
    ; ###############################################################################
    
    
    .data
    notepad db "notepad.exe",0
    handle_snap dd ?
    lppe PROCESSENTRY32 <>
    
    .data?
    
    .code
    start:
    PUSH 00H ; th32ProcessID
    PUSH 02H ; dwFlags
    CALL CreateToolhelp32Snapshot 
    MOV handle_snap, EAX ; ORIGINAL: MOV DWORD PTR DS:[00804234H], EAX
    INC EAX 
    JZ ref_0040108A
    MOV lppe.dwSize,00000128H ; ORIGINAL: MOV DWORD PTR DS:[00804238H],00000128H 
    PUSH offset lppe ; lppe
    PUSH handle_snap ; hSnapshot
    CALL Process32First 
    OR EAX, EAX 
    JZ ref_00401085
    ref_0040102F:
    MOV ESI, offset lppe.szExeFile
    MOV EDI, OFFSET notepad
    ref_00401039:
    CMPSB
    JZ ref_00401041
    DEC ESI 
    CMPSB
    JNZ ref_00401071
    DEC EDI 
    ref_00401041:
    INC EDI 
    INC ESI ; This was missing in the original test.exe
    TEST BYTE PTR DS:[EDI-01H],0FFH 
    JNZ ref_00401039
    PUSH lppe.th32ProcessID
    PUSH 00H ; bInheritHandle
    PUSH 01H ; dwDesiredAccess
    CALL OpenProcess 
    OR EAX, EAX 
    JZ ref_00401085 ; previously was JNZ, bad logic
    PUSH EAX 
    PUSH 00H 
    PUSH EAX 
    PUSH 00H ; uExitCode
    PUSH EAX ; hProcess
    CALL TerminateProcess 
    PUSH EAX ; hObject
    CALL CloseHandle 
    ref_00401071:
    PUSH offset lppe ; lppe
    PUSH handle_snap ; hSnapshot
    CALL Process32Next 
    OR EAX, EAX 
    JNZ ref_0040102F
    ref_00401085:
    CALL CloseHandle 
    ref_0040108A:
    PUSH 00H ; uExitCode
    CALL ExitProcess 
    
    end start
    Last edited by Bengaly; June 21st, 2007 at 19:48.
    "knowledge is now free at last, everything should be free from now on, enjoy knowledge and life and never work for everybody else"

Similar Threads

  1. SoftICE BackTrace Dissassembly Tool
    By foxthree in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: April 22nd, 2002, 08:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •