Re: Disassembler questions


"thiesd" <spamtrap@xxxxxxxxxx> wrote in message
news:g6fn9h$f6o$1@xxxxxxxxxxxxxxxxxxxxxxxxxx
Hello,
I have been recently trying to see how some simple c programs translate
into assembly but my efforts have led to endless segfaults after
reassembling them

so i started with a simple hello world program
int main(){
printf("Hello, World!\n");
}
which to my surprise "ndisasm -b 32" returned a asm file that was 30000+
lines long

Depending on the compiler, it will most likely add all of the startup code,
including the PE header (for Windows), etc. Also, see below for more.

so i thought hmm that wasn't right
so i did the simple hello world with nasm
section .data
msg db "Hello, World!","$"
len equ $ - msg
section .code
global _start

_start:
mov edx,len
mov ecx,msg
mov ebx,1
mov eax,4
int 21h

mov eax,1
mov ebx,0
int 21h

The code looks like Linux, but the int 21h looks like DOS.
I haven't done any Linux programming, so I may be wrong here,
but shouldn't the int 21h be int 80h?

also returned code with several thousands of line (mostly 'add [eax], al')

If you will notice, the binary form for add [eax],al is 00 00.

Most likely, nasm is adding padding to the end of the section. I don't
know much about nasm, but this would be my guess. Now, if a section
is 4096 bytes, and it takes 2 bytes per add [eax],al, then you would
have 2048 lines. Not several thousand, but a couple thousand non the less.

any way i was wondering if there was a disassembler that if you reassemble
it it works like the first program

A disassembler simply takes the binary bytes and translates them
to the corresponding mnemonics. It doesn't know the difference between
data or code.

From your post, I get that you want a "smart" disassembler. There are
a few debuggers that do a better job, but the better the job, the more
expensive the tool.

also i get stuff that doesn't work right like 'loopne 0x154f38'

What is wrong with loopne 0x154f38 ?

It is the same as loopnz 0x154f38, which loops if the zero flag
is clear and ecx != 0.

i also tried udis but that worked less than ndisasm

I have never tried udis, so I have no comment here. Maybe someone
else has and can comment.

Ben

.

Relevant Pages

  • Re: newbie questions
    ... MOV AH,4EH; ... instruction operands must be the same size" this error is in line " INT 21H", because it points everything whats after mov dx, offset mask. ... X86 addresses *always* involve a segment register, ... The examples in your book will need some alteration to work with Nasm. ...
    (alt.lang.asm)
  • Re: questions from a newbie
    ... Nobody has given me reasons to use as, nasm, or others and why. ... O_DIRECTORY equ 00200000Q ... mov ebx,texmfdir ... int 80h ...
    (alt.lang.asm)
  • Re: Disassembler questions
    ... I have been recently trying to see how some simple c programs translate ... int main{ ... mov edx,len ... nasm is adding padding to the end of the section. ...
    (comp.lang.asm.x86)
  • Re: What Assembly Language Should I Use?
    ... assembly language is *not* the way to program for Linux. ... int $0x80 ... mov eax,4 ... For the Nasm example above, the command line to Nasm would be: ...
    (alt.lang.asm)
  • Re: CSpinButtonCtrl, CTabCtrl transparent oder im Edelstahllook ?
    ... einen Transparent Blit, kann mit der GDI nur über umwegen erreichen, ... TransparentBlt(HDC hdcDest, int nXDest, int nYDest, int nWidth, ... mov edi, CDraw.m_pTmp ...
    (microsoft.public.de.vc)