Author Topic: disassembler  (Read 1374 times)

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
disassembler
« on: June 10, 2017, 07:43:31 PM »
For those who want to test my disassembler.

I have tested on my own c++ and masm compiled programs and on others' programs, for example excel 2003. To disassemble excel took a while, about 3,000,000 lines.

I have as good as possible compared my decoded results with the results from dumpbin.exe. Some strange interpretations occur in both dumpbins and in my results. For example dumpbins "F2 B4 36 repne mov ah,36h" and my two lines "F2 repne" and "B4 36 mov ah,36h".

I have only tested on my Win10 OS.
This and that on my site

jj2007

  • Member
  • *****
  • Posts: 7882
  • Assembler is fun ;-)
    • MasmBasic
Re: disassembler
« Reply #1 on: June 10, 2017, 08:24:14 PM »
On Win7-64, I only get an invisible DialogApp window.

With some trickery, I can convince the window to maximise. Then, I see a menu. When opening a file, the app crashes, apparently in module ntdll. "Apparently" because Olly crashes, too, when trying to attach itself.

With this minor change:
Code: [Select]
if 0
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
else
invoke SetWindowPos,hWin,0,0,0,500,500,SWP_NOMOVE or SWP_NOZORDER
endif
... I can at least see the app when launching it, but it still crashes when opening a file. RichMasm says you have heap corruption when trying to invoke GetOpenFileName :(

TWell

  • Member
  • ****
  • Posts: 748
Re: disassembler
« Reply #2 on: June 10, 2017, 09:12:40 PM »
I can open it only with Shortcut with Maximized in Windows 8.1

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
Re: disassembler
« Reply #3 on: June 11, 2017, 12:39:43 AM »
Thank you.
I ran it on win7 32bit and it didn't show up

The window did not appear in the center of screen so I wrote
Code: [Select]
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
invoke GetWindowRect,hWin,addr rect
invoke GetSystemMetrics,SM_CYSCREEN
add eax,rect.top
sub eax,rect.bottom
shr eax,1
push eax
invoke GetSystemMetrics,SM_CXSCREEN
add eax,rect.left
sub eax,rect.right
shr eax,1
pop edx
invoke SetWindowPos,hWin,0,eax,edx,0,0,SWP_NOSIZE or SWP_NOZORDER

Now I have changed it to
Code: [Select]
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER

Now it should show up. No crach for me on win7 32 bit.
This and that on my site

jj2007

  • Member
  • *****
  • Posts: 7882
  • Assembler is fun ;-)
    • MasmBasic
Re: disassembler
« Reply #4 on: June 11, 2017, 12:42:41 AM »
It doesn't crash for simple hello world proggies. But I tested it with the attached file, and that one crashes in the @opcode loop.

The attached exe expects a media file in the commandline. Btw using the commandline would make testing your code much easier, too. Using the open file dialog all the time is a PITA.

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
Re: disassembler
« Reply #5 on: June 11, 2017, 12:55:56 AM »
Sorry. I attached an exe where I try to write to the window during decoding to speed up large files. Here is the old one.

What is PlayVideosWithDShow.exe. Cannot open it.
This and that on my site

jj2007

  • Member
  • *****
  • Posts: 7882
  • Assembler is fun ;-)
    • MasmBasic
Re: disassembler
« Reply #6 on: June 11, 2017, 01:17:31 AM »
What is PlayVideosWithDShow.exe. Cannot open it.

Just a test; plays media files if you drag them over the exe (.avi, .wmv, .mpg, .wav, .mid, ...). For me, it works on XP, 7-64 and 10-64; but it crashes your disassembler (there is SSE2 code... ::)). What is your problem with the file?

Exe in Reply #5 has the same problems as before btw. Timestamp is today, 11:01:06

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
Re: disassembler
« Reply #7 on: June 11, 2017, 04:27:04 AM »
Thanks for the file. I had only tested a few SSE instructions. It was the fxsave instruction that caused the crash. There arae some direction errors also tho handle but they don't cause crasches.

The decoded file and updated files are attached.

This and that on my site

HSE

  • Member
  • ****
  • Posts: 588
  • <AMD>< 7-32>
Re: disassembler
« Reply #8 on: June 11, 2017, 04:57:46 AM »
Not good news:- Your site it's invisible

jj2007

  • Member
  • *****
  • Posts: 7882
  • Assembler is fun ;-)
    • MasmBasic
Re: disassembler
« Reply #9 on: June 11, 2017, 09:34:13 AM »
The decoded file and updated files are attached.

The exe still doesn't show. My screen resolution is 1366x768.

You should check some instructions:
Code: [Select]
0040102E: AB stosw  ; should be stosd
00401052: 6A F1 push 0F1h  ; should be -0Fh
00401067: 6A F0 push 0F0h  ; should be -10h
004010F8: 6A FF push 0FFh  ; should be -1
0040110E: AD lodsw  ; should be lodsd

Works fine in general :t

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
Re: disassembler
« Reply #10 on: June 11, 2017, 05:07:57 PM »
AB and AD are both code for 16 and 32 bit but I forgot to take into account to the 16 bit prefix.

6A and 68 are codes for pushing 8 bit and 16/32bit immediate
Code: [Select]
6A ib - PUSH imm8 - I - Valid - Valid - Push imm8.
68 id - PUSH imm32 - I - Valid - Valid - Push imm32.

ml.exe interprets
"push -0Fh" as "6A F1 push 0FFFFFFF1h" and
"push -1" as "6A FF push 0FFFFFFFFh" and
"push 0F1h" as "68 F1 00 00 00 push 0F1h" and
"push -FFh" as "68 FF 00 00 00 push 0FFh"

Is this not confusing?

Edit:
Forgott to write to push an imm8 to the stack the imm8 is sign-extended.
This and that on my site

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
Re: disassembler
« Reply #11 on: June 12, 2017, 05:53:10 PM »
My screen resolution is 3840x2160.

Thank HSE i will fix my site.
This and that on my site

jj2007

  • Member
  • *****
  • Posts: 7882
  • Assembler is fun ;-)
    • MasmBasic
Re: disassembler
« Reply #12 on: June 12, 2017, 06:38:58 PM »
My screen resolution is 3840x2160

Congrats, that is high end equipment :t

However, you should adjust your code accordingly, so that us poor mortals can see the dialog, too:

Code: [Select]
invoke GetWindowRect,hWin,addr rect
invoke GetSystemMetrics,SM_CYSCREEN
add eax,rect.top
sub eax,rect.bottom
shr eax,1
push eax
invoke GetSystemMetrics,SM_CXSCREEN
add eax,rect.left
sub eax,rect.right
shr eax,1
pop edx
invoke SetWindowPos,hWin,0,eax,edx,0,0,SWP_NOSIZE or SWP_NOZORDER

How exactly can you divide a 32-bit value by 2?

minor28

  • Member
  • **
  • Posts: 111
    • Minor28 DivDev
Re: disassembler
« Reply #13 on: June 13, 2017, 04:48:41 PM »
shift 1 bit right is not an exactly division by 2, at least not for odd numbers, but good enough for this operation.
This and that on my site

jj2007

  • Member
  • *****
  • Posts: 7882
  • Assembler is fun ;-)
    • MasmBasic
Re: disassembler
« Reply #14 on: June 13, 2017, 08:32:19 PM »
No, it's not. Division by 2 is done with SAR, not SHR, and when using SAR, your window becomes visible even on my tiny 1366px screen. The "A" stands for "arithmetic", and there is a good reason for that. If you want to test it, use 3000 instead of 1000 for invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER, and put an int 3 in front. Then launch Olly, and you will understand why your window did not show on "normal" machines.