For those who want to test my disassembler.
I have tested on my own c++ and masm compiled programs and on others' programs, for example excel 2003. To disassemble excel took a while, about 3,000,000 lines.
I have as good as possible compared my decoded results with the results from dumpbin.exe. Some strange interpretations occur in both dumpbins and in my results. For example dumpbins "F2 B4 36 repne mov ah,36h" and my two lines "F2 repne" and "B4 36 mov ah,36h".
I have only tested on my Win10 OS.
On Win7-64, I only get an invisible DialogApp window.
With some trickery, I can convince the window to maximise. Then, I see a menu. When opening a file, the app crashes, apparently in module ntdll. "Apparently" because Olly crashes, too, when trying to attach itself.
With this minor change: if 0
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
else
invoke SetWindowPos,hWin,0,0,0,500,500,SWP_NOMOVE or SWP_NOZORDER
endif
... I can at least see the app when launching it, but it still crashes when opening a file. RichMasm says you have heap corruption when trying to invoke GetOpenFileName :(
I can open it only with Shortcut with Maximized in Windows 8.1
Thank you.
I ran it on win7 32bit and it didn't show up
The window did not appear in the center of screen so I wrote
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
invoke GetWindowRect,hWin,addr rect
invoke GetSystemMetrics,SM_CYSCREEN
add eax,rect.top
sub eax,rect.bottom
shr eax,1
push eax
invoke GetSystemMetrics,SM_CXSCREEN
add eax,rect.left
sub eax,rect.right
shr eax,1
pop edx
invoke SetWindowPos,hWin,0,eax,edx,0,0,SWP_NOSIZE or SWP_NOZORDER
Now I have changed it to
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
Now it should show up. No crach for me on win7 32 bit.
It doesn't crash for simple hello world proggies. But I tested it with the attached file, and that one crashes in the @opcode loop.
The attached exe expects a media file in the commandline. Btw using the commandline would make testing your code much easier, too. Using the open file dialog all the time is a PITA.
Sorry. I attached an exe where I try to write to the window during decoding to speed up large files. Here is the old one.
What is PlayVideosWithDShow.exe. Cannot open it.
Quote from: minor28 on June 11, 2017, 12:55:56 AMWhat is PlayVideosWithDShow.exe. Cannot open it.
Just a test; plays media files if you drag them over the exe (.avi, .wmv, .mpg, .wav, .mid, ...). For me, it works on XP, 7-64 and 10-64; but it crashes your disassembler (there is SSE2 code... ::)). What is your problem with the file?
Exe in Reply #5 has the same problems as before btw. Timestamp is today, 11:01:06
Thanks for the file. I had only tested a few SSE instructions. It was the fxsave instruction that caused the crash. There arae some direction errors also tho handle but they don't cause crasches.
The decoded file and updated files are attached.
Not good news:- Your site it's invisible
Quote from: minor28 on June 11, 2017, 04:27:04 AM
The decoded file and updated files are attached.
The exe still doesn't show. My screen resolution is 1366x768.
You should check some instructions:
0040102E: AB stosw ; should be stosd
00401052: 6A F1 push 0F1h ; should be -0Fh
00401067: 6A F0 push 0F0h ; should be -10h
004010F8: 6A FF push 0FFh ; should be -1
0040110E: AD lodsw ; should be lodsdWorks fine in general :t
AB and AD are both code for 16 and 32 bit but I forgot to take into account to the 16 bit prefix.
6A and 68 are codes for pushing 8 bit and 16/32bit immediate
6A ib - PUSH imm8 - I - Valid - Valid - Push imm8.
68 id - PUSH imm32 - I - Valid - Valid - Push imm32.
ml.exe interprets
"push -0Fh" as "6A F1 push 0FFFFFFF1h" and
"push -1" as "6A FF push 0FFFFFFFFh" and
"push 0F1h" as "68 F1 00 00 00 push 0F1h" and
"push -FFh" as "68 FF 00 00 00 push 0FFh"
Is this not confusing?
Edit:
Forgott to write to push an imm8 to the stack the imm8 is sign-extended.
My screen resolution is 3840x2160.
Thank HSE i will fix my site.
Quote from: minor28 on June 12, 2017, 05:53:10 PM
My screen resolution is 3840x2160
Congrats, that is high end equipment :t
However, you should adjust your code accordingly, so that us poor mortals can see the dialog, too:
invoke GetWindowRect,hWin,addr rect
invoke GetSystemMetrics,SM_CYSCREEN
add eax,rect.top
sub eax,rect.bottom
shr eax,1
push eax
invoke GetSystemMetrics,SM_CXSCREEN
add eax,rect.left
sub eax,rect.right
shr eax,1
pop edx
invoke SetWindowPos,hWin,0,eax,edx,0,0,SWP_NOSIZE or SWP_NOZORDERHow exactly can you divide a 32-bit value by 2?
shift 1 bit right is not an exactly division by 2, at least not for odd numbers, but good enough for this operation.
No, it's not. Division by 2 is done with SAR, not SHR, and when using SAR, your window becomes visible even on my tiny 1366px screen. The "A" stands for "arithmetic", and there is a good reason for that. If you want to test it, use 3000 instead of 1000 for invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER, and put an int 3 in front. Then launch Olly, and you will understand why your window did not show on "normal" machines.
OK I see. If the size is bigger than screen resolution there will be negative values. SHL is unsigned division and SAR is signed division.
I have gone backe to the project and I have come a bit further. If anyone is interested, the file is attached. The code can be read on my website
I couldn't reach to your site, i will try later. :idea:
Now i can!
:biggrin:
:eusa_clap:
Great site minor28, thanks for sharing it. I will see your programs when i have time. By now i downloaded patience and i like it. In fact i will replace with this great game the one that came with windows. :lol:
In my first game i lost, but i have to be patience! :bgrin:
I have tried disasm but just a little bit.
Thanks again, great job! :icon14: :eusa_clap:
To those who have sent email from my website and entered their e-mail address, I must unfortunately report that I have missed to retrieve the address from the textbox.
Tested your program's latest version (from this topic, same exe md5 as on your site) using Wine on Linux. Works ok so far. It crashes when you click analyse decoded file if data section is opened first. Works if file is opened to decode in normal way. Saving decoded file works. The backtrace attached below, text file in unix format.
Executable cross-compiled on linux using this command i686-w64-mingw32-gcc -Wall -static-libgcc -static-libstdc++ -O2 -o test.exe a.c
a.c: int main(){return 0;}
Edit: it also crash when trying to open a 64bit executable with compilation line as below, backtrace attached x86_64-w64-mingw32-gcc -Wall -static-libgcc -static-libstdc++ -O2 -o test64.exe a.c
Thanks for the report,
Quote
It crashes when you click analyse decoded file if data section is opened first.
Menu item "Open Data section" has been a working method during the development of the program. Not synchronized with the decoding part.
Quote
it also crash when trying to open a 64bit executable
The program only works with 32 bit executables.
At the moment, the project is dormant. I am working with xamarin android and have published my patience project for android phones on my site.
Hi minor28
I test you disasm on a Delphi executable it ask me is this a Inno setup?!?!
I have click to yes and it crash.
....something about this makes me remember of when i put out the good word about my ASM examples and some packs were dirty. Was a little worser than an unshowing window.
First of all, I would like to remind you that the project has not been completed.
I quote what I wrote on my website
Quote
The project is not finished and will probably not be.
The project is on my website for those who are interested and may want to continue working.
Innno setup is an installation system for windows programs. I have not done any further work on inno setup files. At an earlier stage, these files were also decoded but with strange results. Hence the dialogbox with the information on inno. In the later stage of development these files crashes.
Anyone can take what I published as it is. I suggest that this thread will now be closed.
Using scrollbar with mouse pointer (not the wheel), scrolling somewhere below the code, e.g. the middle of scrollbar, and clicking into free space causes a crash using wine (3.0-rc5) on Linux.