News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

disassembler

Started by minor28, June 10, 2017, 07:43:31 PM

Previous topic - Next topic

minor28

For those who want to test my disassembler.

I have tested on my own c++ and masm compiled programs and on others' programs, for example excel 2003. To disassemble excel took a while, about 3,000,000 lines.

I have as good as possible compared my decoded results with the results from dumpbin.exe. Some strange interpretations occur in both dumpbins and in my results. For example dumpbins "F2 B4 36 repne mov ah,36h" and my two lines "F2 repne" and "B4 36 mov ah,36h".

I have only tested on my Win10 OS.

jj2007

On Win7-64, I only get an invisible DialogApp window.

With some trickery, I can convince the window to maximise. Then, I see a menu. When opening a file, the app crashes, apparently in module ntdll. "Apparently" because Olly crashes, too, when trying to attach itself.

With this minor change: if 0
invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
else
invoke SetWindowPos,hWin,0,0,0,500,500,SWP_NOMOVE or SWP_NOZORDER
endif

... I can at least see the app when launching it, but it still crashes when opening a file. RichMasm says you have heap corruption when trying to invoke GetOpenFileName :(

TWell

I can open it only with Shortcut with Maximized in Windows 8.1

minor28

Thank you.
I ran it on win7 32bit and it didn't show up

The window did not appear in the center of screen so I wrote

invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER
invoke GetWindowRect,hWin,addr rect
invoke GetSystemMetrics,SM_CYSCREEN
add eax,rect.top
sub eax,rect.bottom
shr eax,1
push eax
invoke GetSystemMetrics,SM_CXSCREEN
add eax,rect.left
sub eax,rect.right
shr eax,1
pop edx
invoke SetWindowPos,hWin,0,eax,edx,0,0,SWP_NOSIZE or SWP_NOZORDER


Now I have changed it to

invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER


Now it should show up. No crach for me on win7 32 bit.

jj2007

It doesn't crash for simple hello world proggies. But I tested it with the attached file, and that one crashes in the @opcode loop.

The attached exe expects a media file in the commandline. Btw using the commandline would make testing your code much easier, too. Using the open file dialog all the time is a PITA.

minor28

Sorry. I attached an exe where I try to write to the window during decoding to speed up large files. Here is the old one.

What is PlayVideosWithDShow.exe. Cannot open it.

jj2007

Quote from: minor28 on June 11, 2017, 12:55:56 AMWhat is PlayVideosWithDShow.exe. Cannot open it.

Just a test; plays media files if you drag them over the exe (.avi, .wmv, .mpg, .wav, .mid, ...). For me, it works on XP, 7-64 and 10-64; but it crashes your disassembler (there is SSE2 code... ::)). What is your problem with the file?

Exe in Reply #5 has the same problems as before btw. Timestamp is today, 11:01:06

minor28

Thanks for the file. I had only tested a few SSE instructions. It was the fxsave instruction that caused the crash. There arae some direction errors also tho handle but they don't cause crasches.

The decoded file and updated files are attached.


HSE

Not good news:- Your site it's invisible
Equations in Assembly: SmplMath

jj2007

Quote from: minor28 on June 11, 2017, 04:27:04 AM
The decoded file and updated files are attached.

The exe still doesn't show. My screen resolution is 1366x768.

You should check some instructions:
0040102E: AB stosw  ; should be stosd
00401052: 6A F1 push 0F1h  ; should be -0Fh
00401067: 6A F0 push 0F0h  ; should be -10h
004010F8: 6A FF push 0FFh  ; should be -1
0040110E: AD lodsw  ; should be lodsd


Works fine in general :t

minor28

AB and AD are both code for 16 and 32 bit but I forgot to take into account to the 16 bit prefix.

6A and 68 are codes for pushing 8 bit and 16/32bit immediate

6A ib - PUSH imm8 - I - Valid - Valid - Push imm8.
68 id - PUSH imm32 - I - Valid - Valid - Push imm32.


ml.exe interprets
"push -0Fh" as "6A F1 push 0FFFFFFF1h" and
"push -1" as "6A FF push 0FFFFFFFFh" and
"push 0F1h" as "68 F1 00 00 00 push 0F1h" and
"push -FFh" as "68 FF 00 00 00 push 0FFh"

Is this not confusing?

Edit:
Forgott to write to push an imm8 to the stack the imm8 is sign-extended.

minor28

My screen resolution is 3840x2160.

Thank HSE i will fix my site.

jj2007

Quote from: minor28 on June 12, 2017, 05:53:10 PM
My screen resolution is 3840x2160

Congrats, that is high end equipment :t

However, you should adjust your code accordingly, so that us poor mortals can see the dialog, too:

invoke GetWindowRect,hWin,addr rect
invoke GetSystemMetrics,SM_CYSCREEN
add eax,rect.top
sub eax,rect.bottom
shr eax,1
push eax
invoke GetSystemMetrics,SM_CXSCREEN
add eax,rect.left
sub eax,rect.right
shr eax,1
pop edx
invoke SetWindowPos,hWin,0,eax,edx,0,0,SWP_NOSIZE or SWP_NOZORDER


How exactly can you divide a 32-bit value by 2?

minor28

shift 1 bit right is not an exactly division by 2, at least not for odd numbers, but good enough for this operation.

jj2007

No, it's not. Division by 2 is done with SAR, not SHR, and when using SAR, your window becomes visible even on my tiny 1366px screen. The "A" stands for "arithmetic", and there is a good reason for that. If you want to test it, use 3000 instead of 1000 for invoke SetWindowPos,hWin,0,0,0,1000,1000,SWP_NOMOVE or SWP_NOZORDER, and put an int 3 in front. Then launch Olly, and you will understand why your window did not show on "normal" machines.