Log in

View Full Version : question about disassembling and assembling

_d_
June 7th, 2005, 08:52
i always ready that it is not possible to disassemble a programm and assemble it again.........why not?

image this case :
1) you have a exe file with reloc section
2) you know the compiler
3) you know that is pure e.g. c code without any _asm{} tricks

is it then possible?( i mean with a program with about 4 mb of code)
if you think that is not possible, then ...why not ?
naides
June 7th, 2005, 09:42
http://www.woodmann.com/forum/showthread.php?t=6725&highlight=decompiler
http://www.woodmann.com/forum/showthread.php?t=6583&highlight=decompiler
dELTA
June 8th, 2005, 15:14
One of the major problems is compiler optimization. If it has not been used and you know the exact version of the compiler and such, it would be theoretically possible to get relatively good reversed source code (where "relatively" is of course relative ) for some languages, like e.g. pure C (not necessarily the exact source code used to create the program in the first place though, but something a lot more easily read than an assembly listing anyway).
_d_
June 9th, 2005, 02:58
thanks for your fast responses, but i don't talk about decompiling..
i talk about disassembling !
and why should compiler optimations be a problem ?
dELTA
June 9th, 2005, 03:21
Ah, ok, I mixed up your thread with another one, sorry,
bilbo
June 9th, 2005, 03:28
So, given some .EXE file, you want to produce a .ASM file (as IDA does) and assembly it again...
Yes you can, and I have managed to do it some times: just try it!
But that's no fun, because you already have the .EXE!

Surely your next step will be to make some "modifications" and try to assembly again.
Some trouble could arise during this step, if you do not go deeper inside the assembly flow.

Just a stupid example:
Code:


        int i;  // linker will put this long at address 407EA0, for example

void

main(void)

{

	int p = 0x407EA0;  // I want exactly this value for some reason!

}


Now, disassemble it:
Code:


/*

main proc near



var_4 = dword ptr -4



	push    ebp

	mov     ebp, esp

	push    ecx

	mov     [ebp+var_4], offset i

	mov     esp, ebp

	pop     ebp

	retn



main endp

*/


The disassembler thought that my p value was related to the address of the variable 'i', but this deduction is wrong in current case!

Now, if I add a second variable j and, after the reassembly, the variable i is no more at address 0x407EA0, my exotic algorithm will be broken, because pointer p will take a value different from 0x407EA0!

I hope I could explain myself.
Best regards, bilbo
blabberer
June 9th, 2005, 05:50
well if it is about getting the source back in asm then bens pvdasm offers such a capability also the exotic rosasm also seems to offer such a possibility
to get kcab the source may be you give them both a spin and see if thats what you were looking for
reading the above sentence i feel i myself couldnt get back what i intended to say
_d_
June 9th, 2005, 06:34
>>well if it is about getting the source back in asm then bens pvdasm offers >>such a capability also the exotic rosasm also seems to offer such a possibility
>>to get kcab the source may be you give them both a spin and see if thats >>what you were looking for

i code on my own engine , but thanks...

the reason why i ask is, that my engine can decode now 3 programms(my own small test programms) into nasm syntax and then assemble it back with nasm and link it wit alink, and this works better than i though before i started.

but this programms are very small about 60 kb, but they are using also stl etc. stuff.

i hoped that any other peoble have done somthing similar so they can give me some hints where the main problems are with bigger and more complex executables.

@bilbo thanks for your post this was very helpful