RTA2 allows you to edit both the hex and assembler version of the output by simply positioning the cursor over what you would like to edit and start typing. Errors in your assembly editing are immediately shown in the bottom status bar as you edit the assembly - this can be useful to see what instructions will take what arguments for example without having to load up the intel instruction set reference.

By editing the hex, the disassembly is automatically updated as you change the hex bytes.

If you have any bug reports, please send them to paulc@ibiblio.org stating the version you are using, what file the fault occurs on, what OS and anything else you think it relevent.

Suggestions for new features should be sent to the same address.

=====

Changes in b2: Configuration file has made an appearance, file analysys (A pe sniffer using data from PE Tools), support for the SAL instruction, faster editor and lots more.

Changes in b2.1: Bug fixes + option to have shell extension added (now you can just right click an exe/dll/etc and "Open in RTA"

Note however that this is still beta and under development, so not everything works perfect, but the basics seem to work quite well now. I'd like to hear about any problems however.

Features waiting to be added:

"Find" function will be improved to allow wildcards & multiple statement searching, as well as searching for more than just assembler.

"Paste" will allow you to relocate the addresses used in the pasted instructions to the new address.

"Print" function.

PE Editor (via external program).

etc, etc...

Download and screenshots:

hxxp://ibiblio.org/paulc/rta

Cool, seems to be growing into quite the nice/advanced/useful tool.

Keep up the good work.

Squidge, I was wondering, do you like to use Visual C , or do you usually stick with Borland mostly? I'm getting better and better at throwing together small VC++ apps finally lol, but still project organization is always a complicated matter blah balh

Anyway, keep up the good work, man!!

-nt20

I prefer Borland for most things, simply because it takes all the effort of the GUI of you and lets you concentrate on the main program design and operation. Visual C++ still has far too much messing around with windows messages, and so takes far longer to create a similar sized project to one in Borland. VC++ does however have far more power behind the gui, but thats only because you do everything yourself. Borland indeed does it all for you, but your kind off restricted to the way they want you to do things, rather than how you want to do things.

Visual C++ does however have the "Industry standard" mark on it, so it's always worth being able to write windows apps using it.

When I get some time, I may attempt to convert RTA over to VC++, it'll be a good learning exercise me thinks

Update: There were a few bugs I've found in beta 2 that have now been solved. You can download the updated program from the same URL as before. I've also added a "Register as shell extension" option into the program to make it easier to edit things.

hi squidge, it is a nice tool,
but it is unfair not to mention olleh in ur about window...
u do use his disasm engine you know.
unless u wrote ur own

speaking of bugs:
RTA will not let me click on a JMP unless u move it with keys.

Yes, although Olly's disassembler engine has now been heavily modified, I should really thank him still.

Doubleclicking an address to follow it is still something on the to-do list - until then you have to press return (or whatever key you have configured) to follow the address.

Hi Squidge,
Nice work, just a few suggestions to make RTA a little bit more user friendly for a novice like myself:

1: When you write a line of asm code and then jump to another line with the mouse, it seems that, if you haven't "terminated" the previous line with an "up" or "down" arrow key, then, although you seem to be on another line, mousewise, you are actually still editing the previous line and strange complications arise!

2: The program seems to be permanently in "insert " mode as shown on the status bar, but any chance of being able to use the insert key to toggle to "overwrite" mode?

3: The "enter" key seems to lack any function. Perhaps you could also use it to "terminate" a line of code and move onto the next.

4: "Delete" key does not function. The only way to erase at present seems to be "backspace" key. What are the chances?

Just a few cosmetics but enough to be getting on with if you're interested.
Thanks for your time.
Cheers.

Thanks for the suggestions,

1. Yes, that's a problem. Most likely caused by my "mostly keyboard" attitude when writing and debugging programs. I tend to use the keyboard more than anything and use the mouse very little (I find I'm far faster if my fingers leave the keyboard as little as possible).

2. The insert key should toggle between insert and overwrite mode when the cursor is positioned over assembler code (not hex as the program can't insert new bytes into the program as it would just corrupt it). However, this seems to have been broken in one of the later releases.

3. The enter key's only current function is to follow an address specified in an instruction. I agree however that it could be useful to terminate a lin editing session with it.

4. Most likely the same problem as No. 2. It did work before!

Just a small note to say that 2.00 Beta 2.2 now contains the fixes and additions that "changes" & "Bengaly" suggests at the usual place. This version was upped 31/Aug/03, but I forgot to change website page.

I tested your program and have a small question.

When patching programs I sometimes have to write inline code. Most of the time I write the code from scratch which means that I have to insert/delete code a lot. Is it possible to make a function to shift the code up and down? Or to say that I want to insert an instruction or delete an instruction and that the program automatically rearranges the code?

Thanks for your time and efforts for this tool. I hope you can help me.

I-Warez

At times, I have the same problem and I do want to be able to do the things you describe. It's just a matter of finding the best way to do them at the moment. If anyone has ideas on how to do this efficiently, then I'm all ears

At the moment, the only way I can think of is to disassemble the code, replace all direct references by adding/subtracting an offset, and then re-assembling.

Hmmm, seems like this thread has lost a few articles since the restore.

So, Iwarez, your request was implemented and is available for download from the normal address.

Thanks! You're super! I'll try it.

It works. Great!

I have another question... When using olly I can make selections for the clipboard with the mouse. There is no way I can make selections with the mouse in your program. Is it possible to click the mouse, drag it, and release the mouse at the point until I want the selection? Also, Can I then select the option paste?

Another nice feature would be to select the complete text of a disassembled text so when you type something it gets erased.

And last but not least, an option to fill the remaining bytes with a NOP instruction and to fill a selected area with NOP's would be cool to.

I you'll implement this. Thanks for your investment and time.

I-Warez

Do you have a three button mouse? If so, you can make selections with the middle mouse button - click once to mark the start of the block, click again to mark the end, and it'll be all highlighted. Clicking a third time will "abort" the block.

Once a block is highlighted, you can click "Copy" to copy the block to the clipboard and deselect the block, and then click "Paste" later on, or, you can just click "Copy + Paste" to do both in one go.

To fill an selected area with NOPs, just select the area and select "Cut" rather than "Copy".

For the rest of your suggestions, I'll place them on my todo list.

Hi Squidge,
I must just say that you really have your finger on the pulse of "must have" software with RTA. It really is becoming a very intelligent piece of kit! What does RTA stand for? Reversing Tool for Assembler?

I'm eager to beta-test your latest version but can't find it in the usual place. This is still beta 2.4 dated 7th Sept.

Thanks for sharing your talents with us Squidge. Keep up the good work. I love the configurability and only wish I could help with the GUI you envisage for it, but I'm just a mere novice as yet. With it's inbuilt intelligence RTA is a good teacher and point of reference.

Thanks squidge, didn't know that.

changes: 2.4 is still currently the latest version and contains everything described in this thread. However, since the board died on the 7th, the posts here vanished, so I reposted after the board came back.

RTA originally stood for RealTime Assembler, as it could assemble single lines simply and easily. However, it's much more than that now, but changing the name is probably not a good idea.

Hi Squidge,
Sorry about the confusion, my main concern was to investigate how you'd implemented the cut and paste function suggested by Iwarez, and I didn't see it functioning at all when I only tried to cut a one byte instruction!
On checking with 2, 3 and 4 byte instructions, however, the reason is that the last byte of the instruction is not cut!

I'm sure you'll put it right in the next release. Noping the cut bytes was really the only way to go.

Thanks, this is certainly a bug, and it will be fixed in the next version.

RTA 2.0 Beta 2.5 is now released at the usual place. Still as unfinished as the previous versions, but we are slowly getting there as and when I find the free time to work on it.

squidge, great work and all, but isn't it getting to the point where it would just be easier to write a quick plugin for ida to do all of this?

Now, where would the fun be in that?

Besides, I don't know how to write plugins for IDA, and don't have the SDK anyway.

then i suppose the fun would be in learning how to write plugins for ida

and i don't think you'd need the sdk (although it is easy enough to find). idc should suffice