Re: Don't be a Hacker

From: wolfgang kern (nowhere_at_nevernet.at)
Date: 10/12/03

• Next message: wolfgang kern: "Re: BSS with MS Link"
• Previous message: Annie: "Re: HLA is productive"
• In reply to: Randall Hyde: "Re: Don't be a Hacker"
• Next in thread: Beth: "Re: Don't be a Hacker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Sun, 12 Oct 2003 12:36:32 +0200

Hi Randy!

| > I think a standard x86 disassembler
| > (as all 8-bit-CPU tools already have since long)
| > should have the options:
| > to perform branch-oriented, detect (conditional) loops and
| > list called routines/procedures.
 
| All those ideas work great, until the user starts writing code
| like the following:
 
| call printf
| byte "i=%d, f=%6.2f, s=%s, x=%02x", 13, 10, 0
| dword i, f, s, x
| mov eax, 0
| ret

Sorry, I cannot imagine how the resulting code will look like,
I estimate:

CALL FAR xxxx:xxxxxxxx
jmp short +15 ;skip this 15 bytes
data field ... ;whatever percentage "%" of whatever :)
mov eax,0
ret

Or without the short-jump if the API-call already adds the data-offset
 to the return-address.

I wont see too much trouble to automated follow that scenario,
even the names of the variables in the data-field are lost,
the presence of them will be revealed if the data-field is
altered from elsewhere. If not altered, then they are just
constants created during compilation.
 
| Code, I might point out, is not untypical in human-written
| assembly code. Sure, you could write a "smart" debugger that
| recognizes "printf" as some sort of API, but that disassembler
| won't do well when handed code containing routines that were
| written by the application's author.

Even a disassembler may not know about API-conventions,
it may follow the functionality found in the API-calls.
 
| Lest you think that code like the above is rare, take a look
| at the 16-bit edition of "The Art of Assembly" sometime.

No, similar is common for drivers using the VXD-API:
 INT 20
 dw class-ID, sub-fnct

and DOS6.0-IRQ-nesting, and stack-less ROM-routines, and...
__
wolfgang

---

• Next message: wolfgang kern: "Re: BSS with MS Link"
• Previous message: Annie: "Re: HLA is productive"
• In reply to: Randall Hyde: "Re: Don't be a Hacker"
• Next in thread: Beth: "Re: Don't be a Hacker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: A modern view of the halting problem ... any disassembler but RosAsm, re-Assembled with whatever ... It was assembly code, not C. ... RosAsm could chocking when adding a NOP to a disasembly. ... absurd Pascal-Like Strings. ... (alt.lang.asm) Re: Numeric output ... Run your disassembler on a 2MB program written in a HLL and ... compare the number of lines of assembly code against the number of ... lines of original HLL code. ... (alt.lang.asm)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)