PDA

View Full Version : [Help] Translating asm code to ...

gaitmia
May 26th, 2007, 19:18
Hello, im translating a asm code (took from ollydbg) to c code. The function looks like this:
Code:


main-U-1_006876A0:                           ;<= Procedure Start

	...

        MOV ESI,0x618	; esi=arg2=0x618

        MOV EDI,0x320   ; edi=arg3=0x320

	....		;not important..



main-U-1_006876D9:



        LEA ECX,DWORD PTR DS:[ESI-0x60F]; ecx=esi-60f = 09 Switch (cases 60F..63A)

        CMP ECX,0x2B		; if ecx<=2b ...

        JA main-U-1_0068795C                 ; no jump ...

        XOR EDX,EDX                          ; edx=0

        MOV DL,BYTE PTR DS:[ECX+0x6879C0] ; dl = BYTE[6879C9], for ecx=9!

        JMP DWORD PTR DS:[EDX*4+0x687988] ; JMP 00687732 (using ecx = 9)



main-u-1_76f7:

	MOV CL,BYTE PTR DS:[EAX]  ;  Case 60F of switch 006876D9

	MOV ESI,3E9                      ;  ..

	...



main-U-1_00687732:

	;when ecx=9  prog jumps to here ..

        CMP EDI,3C                          ;  Case 618 of switch 006876D9

        JB main-U-1_00687815           ;

        CALL main-U-1_006880D0       ; not important..

	...

It simply jumps to a location based on the EDX/DL value got from [ECX+0x6879C0] address.
I dumped the [6879C0] address just to show what it looks with:
Code:


006879C0  00 01 0D 0D 0D 0D 02 0D 0D 03 04 0D 0D 0D 0D 0D

006879D0  0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 05 06

006879E0  07 08 0D 0D 0D 0D 0D 0D 09 0A 0B 0C 90 90 90 90

When ecx=9 the code above gets the byte located at the 9th index from [0x6879C0] address; in this case, the byte is 03 and then uses it to calculate the address for the JMP instruction.
The calculated address appears to be always in the "function start..end" range.
I'm wonder about the lines where olldbg recognized as "switch() case instructions".
the question:
How the hell can i convert it to a C code?

* Just to u know, this function is big enough and i'm trying to emulate it on my c application.
cEnginEEr
May 26th, 2007, 23:59
switch(ESI)
{
case 0x60F:{ ... ; break; }

case 0x610:{ ... ; break; }

case 0x615:{ ... ; break; }

case 0x618:{ ... ; break; }

case 0x619:{ ... ; break; }

case 0x62D:{ ... ; break; }

case 0x62E:{ ... ; break; }

case 0x62F:{ ... ; break; }

case 0x630:{ ... ; break; }

case 0x637:{ ... ; break; }

case 0x638:{ ... ; break; }

case 0x639:{ ... ; break; }

case 0x63A:{ ... ; break; }

default:{ ... ; break; }
}