Hey Guys,
I am working on disassembling instructions into output text and assembling instructions back to opcodes.
For the disassembling BEAEngine is a wonderfull piece of software.
What I am struggling with is assembling instructions back into opcodes.
I've been searching a lot but it seems BEAEngine does not support assembling, so I thought let's try Olly.
I've got Olly.dll which has an export called: Assemble.
Function explanation from readme file:
int Assemble(char *cmd,ulong ip,t_asmmodel *model,int attempt,int constsize,char *errtext);
Parameters:
cmd - pointer to zero terminated ASCII command;
pi - address of the first byte of generated binary command in memory;
model - pointer to the structure that receives machine code and mask, see detailed description below;
attempt - index of alternative encoding of the command. Call Assemble with attempt=0,1,2... to obtain all possible versions of the command. Stop this sequence when Assemble reports error;
constsize - requested size of address constant and immediate data. Call Assemble with constsize=0,1,2,3 to obtain all possible encodings of the version selected by attempt;
errtext - pointer to text buffer of length at least TEXTLEN bytes that receives description of detected error.
t_asmmodel: structure that receives assembled code.
typedef struct t_asmmodel { // Model to search for assembler command
char code[MAXCMDSIZE]; // Binary code
char mask[MAXCMDSIZE]; // Mask for binary code (0: bit ignored)
int length; // Length of code, bytes (0: empty)
int jmpsize; // Offset size if relative jump
int jmpoffset; // Offset relative to IP
int jmppos; // Position of jump offset in command
} t_asmmodel;
Members:
code - binary code of the command. Only bits that have 1's in corresponding mask bits are significant;
mask - comparison mask. Search routine ignores all code bits where mask is set to 0;
length - length of code and mask, bytes. If length is 0, search model is empty or invalid;
jmpsize - if nonzero, command is a relative jump and jmpsize is a size of offset in bytes;
jmpoffset - if jmpsize is nonzero, jump offset relative to address of the following command, otherwise undefined;
jmppos - if jmpsize is nonzero, position of the first byte of the offset in code, otherwise undefined.
In my code I am using:
AssembleStructure STRUCT
code DB 256 Dup (?) // Binary code
mask DB 256 Dup (?) // Mask for binary code (0: bit ignored)
length DD 0 // Length of code, bytes (0: empty)
jmpsize DD 0 // Offset size if relative jump
jmpoffset DD 0 // Offset relative to IP
jmppos DD 0 // Position of jump offset in command
ENDS
_AssembleStructure AssembleStructure <>
invoke [AssembleFunction], offset wsprintbuffer, offset BinaryCode, offset _AssembleStructure, 0, 0
wsprintbuffer holds the string: mov esi, [esp+4b0]
The code doesn't seem to work and returns with an error value in eax.
Anyone been using Olly before in an project or anyone knows of a simple Assembler engine which can transfer a string back into it's opcodes?
Hi
What for Olly.dll i have look on Ollydbg page and cannot found this dll
Hey there ragdog,
My findings are based on:
http://www.purebasic.fr/english/viewtopic.php?f=5&t=42527
and if you click on the link from that page: http://sandsprite.com/CodeStuff/olly_dll.html
You will land on a page which explains the use of olly.dll.
I noticed the header files are on OllyDBG website, although the file to run it in Visual Studio isn't.
The Olly.dll I am talking about I picked from the package from the above site.
Although it's coded in Visual Basic, I should be able to use the 'DLL' in my own project calling the apropriate function parameters?.
Any other Assembler engine is fine, there just isn't much information.
You haven't looked in the org. code? The last parameter, which returns a string that describes occurring errors, is not optional.