Re: It has been done before


\o///annabee wrote:

> You can try the RosAsm disassembler on this file.
>
> < http://www.szmyggenpv.com/Help.exe > (ca 335kb)
>
> This file has been updated _several_ times since I posted about it the
> first time.
> Its very easy to test. Just download RosAsm, and then open this exefile
> from the RosAsm's
>
> File/Open menu.
>
> Then, when the disassebler has finished, hit F5 to recompile.
> The dissassembler will stop, pointing out an error at the following line:
>
> ;fld T§edx*2+Data0407B9E ; DB 2C 55 9E 7B 40 00
>
> just comment it out by inserting a ; (semicolon) in front of the line.
>
> now, hit f6 and run the application. (Should be connected to the internet
> when you hit run), as the app will try to download the file :
> "http://www.szmyggenpv.com/MyHome.roa";, and if it cant find it, it will
> likly spawn some error message.
>
> The app run flawlessly compared to original.
>
> You know have the asm source of the app, even it was ripped from the exe
> prior to upload.

I dunno about you, but I thought software quality measures how many
ways
the code *fails* and not the sucesses of the program.

Take OpenBSD: their software is so high quality that they can boast
this logo on their software:
Only one remote hole in the default install, in more than 8 years!

It is good to know that the code only had a hole in 8 years; and those
developers fixed it up as soon as they found out there was a hole.

So the fact that *this* works really means nothing. It is why doesn't
*that* work, even if Randy's example is trivial. OpenBSD doesn't get
that reputation or that logo from an attitude like "That isn't a bug",
any
bug for OpenBSD is a serious issue, even if it has no known
implications.

As for the example itself:
How do you know that you have to comment out that line of code?

I mean, lemme post the whole code segment:

===============
Code0422508: N6:
fld1
mov dl al
and edx 0F
cmp edx 00 | jbe A0> ; Code0422520
lea edx D$edx+edx*4
*** fld T$edx*2+Data0407B9E
fmulp ST1 ST0
===============

I put *** there to show what Wannabie wanted to comment out.

There is no clue for me to say why this should be commented out.

I mean, yeah, all this code seems to do is multiply a number
with one (which obviously results in nothing done) but leaving the
stack unbalanced.

In fact, I decided to go ahead and comment out those 3 lines:

======= New code =====
Code0422508: N6:
fld1
mov dl al
and edx 0F
cmp edx 00 | jbe A0> ; Code0422520
; lea edx D$edx+edx*4
; fld T$edx*2+Data0407B9E
; fmulp ST1 ST0
========

You can see the new comments.

Anyway, compile again, and low-and-behold! Commenting those
3 instructions didn't effect the program at all!

In fact, I'm sure enough that the *only* reason this code could be
"commented out" and still work is that it is entirely dead code. Code
that is never executed during the course of the program.

Actually, I did try it out. I added the following code that would
easily mess up any program if executed:

=======
Code0422508: N6:
fld1
mov dl al
and edx 0F
cmp edx 00 | jbe A0> ; Code0422520

* mov eax, 1231231
* mov edx, 1351
* popad
=======

* == code I added.

So we can conclude that this code sequence is never executed.

So the question is: What *if* the code was executed? How much
of the program would have changed? What if the re-assembly
failed on code that did execute?

I don't think it is that hard to imagine a circumstance like that
either,
because we know the reassembly can fail, it is only a matter of time
before commenting code out doesn't solve the problem.

IMO, the fact that basically deleting code from the program worked
was a shot in the dark.

--Dragontamer

.

Relevant Pages