Re: Reverse engineering != piracy (was Re: RosAsm disassembler output vs. IDA Pro)

From: Randall Hyde (randyhyde_at_earthlink.net)
Date: 01/28/04 

Date: Wed, 28 Jan 2004 03:14:46 GMT

"Frank Kotler" <fbkotler@comcast.net> wrote in message
news:BVBRb.170727$na.278291@attbi_s04...
>
> There's a *big* difference between having source code, and having source
> code in RosAsm syntax! I don't know what Betov's got in mind (he might
> not object too strenuously to some "Robin Hood work"), but to me, that's
> the big plus. In the LuxAsm world, for example, we'd be able to
> auto-convert Linux to LuxAsm syntax and start chopping that C cruft out
> of it! :)

Frank,
I don't know how much time you've ever spent with a *good* disassembler
reverse-engineering some code and bringing up to acceptable standards (God
forbid you try this with a *bad* disassembler!), but it's a tremendous
amount
of work. If you've got the source code to the original routines *in just
about
any language*, it's far easier to do the translation by hand than clean up
the
disassembled code. There are only a couple of reasons I can see for using
a disassembler for this purpose:

1. You don't know the HLL in question (though, if you're halfway smart,
    you can learn enough of the language to do the translation in less time
    that it would take you to clean up the code you're converting).

2. The source code is not available (either lost, or you're disassembling
code
    for which source code is not generally available).

I've spent some time disassembling code in the past (over two decades ago,
I once disassembled the Apple II DOS 3.3 operating system and sold
a "disassembled listing" to a bunch of Apple II owners, that's why I can
speak with a little bit of authority concerning the copyright law in this
area - it only took Apple's lawyers about three weeks to send me a
"cease and desist" order and my own lawyer, wisely, told me that I should
give it up; even if I stood a chance of winning in court, I'd lose far more
on court costs than I'd ever make selling the listings). In any case, it is
a *tremendous* amount of work to disassemble code, ensure the
disassembly is correct, comment the code, replace funky labels with
meaningful labels, etc. Then, of course, there's the issues of data
structures.
E.g., a simple statement in C like "sizeof( someStruct )" becomes a
nightmare
when you decompile it. Sure, it will get replaced by the appropriate
constant
that was compiled originally, but what happens when you modify the data
structure at some point down the road? Did you catch all the "hard-coded"
numeric constants that used to be "sizeof(---)" expansions?

Now if the "two-click" disassembly/reassembly is intended simply to produce
the *exact* object code that appeared originally, with no hope for
modification,
then why bother with source code at all? Why not just package up the object
module and include that somehow? (Okay, RosAsm doesn't support that, but
speaking in general.)

"Two-click" disassembly/reassembly is the "holy grail" of the disassembly
crowd. Unfortunately, like the mythical grail, it's never going to be
achieved.
Even if it were perfect, it's still a ton of work to try and use the
disassembler
the way that Rene is suggesting. It's much easier to do the translation
manually.
And in the time that Rene will wind up spending getting his disassembler to
the
point it's as good as IDAPro, he could become an *expert* in *several* HLLs
and do all the translations that he's interested in, and still have time
left over.
Of course, he wouldn't have a wonderful disassembler that's part of his
package,
but he would have a much better set of library routines.

If Rene is *really* interested in doing something to make life easier for
RosAsm
users, he'd drop the disassembler project immediately and get to work on
a MASM->RosAsm translator. Those who want a disassembler could then
use IDAPro and the RosAsmites would have a *great* tool for dealing with
the plethora of other MASM source code out there. Now *that* would be
a much better tool for what Rene's trying to achieve.

Cheers,
Randy Hyde

Relevant Pages

  • Re: In search of the perfect Disassembler
    ... >> perfect) disassembly was possible and RosAsm was going to do that. ... > would have written that RosAsm Disassembler was going ... thing about IDAPro's interactivity is that I can easily change labels ... data to their appropriate source code form. ...
    (alt.lang.asm)
  • Re: A (mild-mannered) defense of RosAsm (#2)
    ... > You may, one day, decide to have a look at RosAsm, as one of the options ... > using from so many programs (possibly in multiple languages) for so long? ... This is why Rene is working feverishly on his "two-click disassembler". ... RosAsm source code from it. ...
    (alt.lang.asm)
  • De- Evolution
    ... > RosAsm Disassembler-Reassembler is actually (developement ... disassembler *doesn't* disassemble anything properly. ... RosASM as long as you take the attitude "I'll get around ... recursive macro invocations. ...
    (alt.lang.asm)
  • Re: .EXE -> .ASM -> .EXE
    ... You are mistaken in asuming that all RosAsm users are only the ones ... But you guys have claimed how great your disassembler ... The goal is translation of libraries to pure assembly code, ... insetad simply you do as in other assemblers that is.. ...
    (alt.lang.asm)
  • Re: Renes Revisionist History, Again
    ... When I said the apps "sucked hard", ... I was astonished that even Rene would use a few simple "hello world" ... examples as proof that RosAsm is "the fastest, ... >> have you seen how poorly it works compared to a real disassembler? ...
    (alt.lang.asm)