Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)
From: Gerhard W. Gruber (sparhawk_at_gmx.at)
Date: 01/26/04
- Next message: Gerhard W. Gruber: "Re: Mikro$loth Triumphs Again"
- Previous message: T.M. Sommers: "Re: LuxAsm Development Team"
- In reply to: Betov: "Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)"
- Next in thread: Beth: "Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)"
- Reply: Beth: "Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 26 Jan 2004 20:17:37 +0100
On 25 Jan 2004 20:32:22 GMT wrote Betov <betov@free.fr> in alt.lang.asm with
<XnF947BDEBA79024betovfreefr@213.228.0.33>
>3) When a programmer means to switch from any other Language
>to Asm, he may like to recover some of his previous works
>in Assembly. Such a Tool is supposed to make this very
>easy (and, by the way,... very pedagogic).
Today I was thinkning about this disassembler approach and suddenly I noticed
what it is, what makes it really hard to use this as a recignized feature for
code reusage. Even if you manage to disassemble perfectly, so that you can
discern all data and all code you still face a major problem. You can't
disassemble structures and constants.
One of the main features of a symbolc assembler is to have names for values.
i.E. O_RDWR for one of the open flags. So if your disassembler could also
recognice which function call you are calling, and from that determine which
name a value equeates to, you still have the problem of userdefined values and
of course structures. If a function takes a structure as an argument, but the
caller only filles some values of it, you can never determine how large the
structure should be. This means that you will very often produce code which is
simply wrong.
>
>4) Inside the Open Sources Mouvement, translating, say, a
>C App to Asm is not a so trivial task. It is, anyway, always
C to ASM is VERY easy. :) Every compiler can do this, so you will have a
syntactical correct assembler sourcefile. The other way around is the problem.
Actually I use this feature of C compiler very often when I have to hunt bugs
which I can't find otherwise. I already found two bugs in Visual C where it
created wrong code. In such a case I usually turn on the assembler output and
examine that to get all the symbols, adresses and of course the code itself.
>a _long_ task to do this by hand. In many cases, RosAsm
>Disassembler will do this in a couple of seconds, with
>recovering all of the original PE components at once. Not
>so bad... ;)
The PE content is rather boring. What is interesting, from a coder point of
view, is all the values and this stuff, because that is what you usually
include via include files.
-- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu
- Next message: Gerhard W. Gruber: "Re: Mikro$loth Triumphs Again"
- Previous message: T.M. Sommers: "Re: LuxAsm Development Team"
- In reply to: Betov: "Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)"
- Next in thread: Beth: "Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)"
- Reply: Beth: "Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
