drPL
September 10th, 2008, 19:58
Hi,
I'm new here, please be gentle
I've been using Ollydbg on and off for years in my attempt to learn x86 assembler. I've decided to experiment with the Disasm source code as provided on the Ollydbg website, but I have a few questions, which hopefully someone can answer.
It doesn't look like the source file enable a determination of which Win32 API is called ... how is this done? That is, how can you translate a call xxxxxx routine to mean (eg) call Win32.ReadFile ?
Does Disasm also provide information about the pre-asm preamble in a PE, such as the .data section? If not, how does this get displayed in the hex dump window in Ollydbg?
My last point concerns the use of Disasm in a windows program. I'd like to read in another executable, which is then totally disassembled, and I thought about the following:
FILE *input;
char filename[100]; // filename will be something like "helloworld.exe"
int count;
char *cFile;
ulong lFileLen;
input = fopen(filename, "rb" ));
lFileLen = ftell(input);
cFile = calloc(lFileLen + 1, sizeof(char));
fread(cFile, 1, iFileLen, input);
t_disasm da;
ulong l = Disasm( cFile,
iFileLen,
????????, <----------------------- what goes here????? The initial address of the PE? If so, won't this confuse the disassembler?
&da,
DISASM_CODE);
I'm not sure about the section I've marked above, and hence not sure if my little routine will work. Can anyone help?
Many thanks
Paul
I'm new here, please be gentle

I've been using Ollydbg on and off for years in my attempt to learn x86 assembler. I've decided to experiment with the Disasm source code as provided on the Ollydbg website, but I have a few questions, which hopefully someone can answer.
It doesn't look like the source file enable a determination of which Win32 API is called ... how is this done? That is, how can you translate a call xxxxxx routine to mean (eg) call Win32.ReadFile ?
Does Disasm also provide information about the pre-asm preamble in a PE, such as the .data section? If not, how does this get displayed in the hex dump window in Ollydbg?
My last point concerns the use of Disasm in a windows program. I'd like to read in another executable, which is then totally disassembled, and I thought about the following:
FILE *input;
char filename[100]; // filename will be something like "helloworld.exe"
int count;
char *cFile;
ulong lFileLen;
input = fopen(filename, "rb" ));
lFileLen = ftell(input);
cFile = calloc(lFileLen + 1, sizeof(char));
fread(cFile, 1, iFileLen, input);
t_disasm da;
ulong l = Disasm( cFile,
iFileLen,
????????, <----------------------- what goes here????? The initial address of the PE? If so, won't this confuse the disassembler?
&da,
DISASM_CODE);
I'm not sure about the section I've marked above, and hence not sure if my little routine will work. Can anyone help?
Many thanks
Paul