
          	   
          	   ۰
          	   ۰۲۲۰۲۲۲۲۲۲
          	   ۰۲۲۲۲۰۲۲۲۲۲۲
          	   ۰۲۲۲۲۲۰۲۲۲۲۲۲۲
        	   ۰۲۲۲۰۲۲۲۲۲۲۲
         	   ۰۲۲۲۲۲۲۲۲
        	   ۰۲۲۲۲۲۲۲۲۲
        	   ۰
        	   ۲
                	         ۲[Bengaly 2003]


                  	??????????????????????????????????????????????????????????????
                   	?                                                            ?
                   	?  ProView is : 32Bit Disassembler / PE Editor               ?
                   	?  Build Version: v1.05b                                     ?
                   	?  Copyrights by Bengaly (R) 2003                            ?
                   	?                                                            ?
                   	??????????????????????????????????????????????????????????????


                                               [OverView]

PvDasm is a fully written from scratch, the disassembly engine has been coded by me and its free for useage.
Proview is my attempt to make my own disassembler as a part for school final project and for basic knowledge.
Pv is coded fully in C (VC.6), a bit of C++ , and some STL Templates for memory managment.
It would be nice if someone will try it out and give some response.
Proview also includes a simplified version of a pe editor and a process manager (if you wish to dump from mem).
i hope to add a basic gui debugger in the future as well - hopefully :)
thank all for your support.



                                                [History]



-> 02.07.2004:  * Masm Wizard tool Functionality Enhanced!!
                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
		  Here's what new:
                  1. It will now clean: LEAVE instructions in procs.
                  2. it will fix RET XXXX -> RET instructions in procs.
                  3. Jumps and Calls are now automaticly refers to their lables!
                     e.g: 
                          'jnz 12345678' -> 'jnz ref_12345678'
                          ..code here..
                          ref_12345678:
                          'call 87654321' -> 'call proc_87654321'

                     Note: Call to an api imports stays the same! i.e: 'Call MessageBoxA'

                  4. Procedure StackFrame clean-up, wizard will remove,
                     The preceding "PUSH EBP" / "MOV EBP,ESP" signatures from a proc.
                     e.g:
		         before: 
                                 proc_12345678 proc ...
                                 push ebp     ; setup,
                                 mov ebp,esp  ; procedure stack frame,
                                 add esp,xxh  ; for local variables.
                                 ; uneffected code like more 'push ebp' 
                                 ; or 'mov ebp,esp' repeated instructions.
				 ret			
                     
                         after:
                                 proc_12345678 proc ...
                                 add esp,xxh  ; leave room for local variables.
				 ret

		  This gives us a compilable source code (in most cases),
                  but not executable image! since we need to make hand modifications,
                  for stuff like 'global' vars..etc.

		* Added a preceding zero (0) for a decoded instruction,
                  e.g: 'add esp,FFFFFFFFh' -> 'add esp,0FFFFFFFFh'
                  note: i haven't covered all the possibilities, so it will take a while.

-> 01.07.2004:  * Added a small bug fix in the Disassembly engine.
                * Save/Load project supports 'Data In Code' & 'Functions EntryPoint' information,
                  next time loading a project it will automaticly relocate your analyzed work.
		* Bug Fixes in the Masm wizard.	
                * Conditional or Unconditional jumps as references are,
                  shown in a new column in the disassembly view.
                  		

-> 21.03.2004:  * Corrected an Disassembly bug (hopefully,
                  Won't damage other decodings), this is the change:
                  'PUSH DWORD PTR SS:[EBP+00]' -> 'PUSH DWORD PTR SS:[EBP+EAX+00]'
                  Thanks to _Seven_ for the bug report.
                * Added a MASM Source Code Wizard Creator,
                  Check pvdasm.hlp to see how to use it.

-> 14.02.2004:  * While DblClick on an CALL<API> Instruction,
                  PVDasm will jump to it's "JMP<API>" jump table.
                * Api Recognition (engine) Added.
                  PVDasm will attempt to add API Parameters,
                  In order to make disassembly more easy to read.
                  Recognition DataBase is saved in the \sig\msapi.sig file. 
                  The File originally collected by Pegasus - Thnx!,
                  I'v altered it abit so pvdasm can read some missing,
                  Functions that aren't in the original build.
                  It can be altered anytime for your own need anytime.
                  the file can be renamed to any name.
                  only 1 (main) sig file is supported at this moment.
                * Few add-ons here and there.
                * You can now transform/Define address range to Data/Function EntryPoint by
                  Selecting the addresses (in the disassembly view) and
                  press either: 
                  Ctrl+Insert: #Define Data blocks.
                  Alt+Insert: #Define a Function(s) EntryPoint(s).
                  or using the contex menu for both missions.
                * Data/Function EntryPoint Managers can be accesses using,
                  Contex Menu (right click).
 

-> 10.02.2004:  * Added a New Plugin Message for Developers.
                * Updated Help File.
                * Added an Option to Edit/Add/Remove Function's
                  Start/End Addresses Analyzed by the FirstPass.
                  This Gives Flexibility for the users to modify 
                  The Bad Analisis created by the Incomplete FirstPass.
 

-> 26.01.2004:  * Api Calls/Jmps , Jmps,Calls Highlighting Added,
                  Use the Appearance Dialog to select your colors.
                * Right Click On Disasm window pops up a Menu. (For faster access)
                * Copy to File/Clipboard added, found in the right click popup menu.
                * Some Visual Fixes here and there.
                * Added a new Plugin to the site (Chip8 Emulator)


-> 15.12.2003:  * 2 new SDK Messages has been added, see the pvdasm.hlp file
                  at the PluginSDK.zip to review them.
                * FAQ added.
                * Some Bug Fixes.

-> 13.12.2003:  * Simple! FirstPass analyzer has been added.
                  if program uses FirstPass, you will be able
                  to modify/add/delete Bad/Good data addresses found,
                  by the analyzer when perssing 'data segments' for the next disasm process. 
                  No Herueistics in the analyzer yet.

-> 12.12.2003:  * Chip8 CPU Added to the CPU Category.
                  You can disassemble with added/New CPUs only 
                  if they are not Win32 Images (MZ/PE).
                  if Image Loaded is Binary, Select The CPU and press on 'Set',
                  finally press ok.
                  No need to set CPU for loaded Win32 images, they are automaticly
                  slects x86 CPU.


-> 02.12.2003:  * CodePatcher bug currected, where instructions,
                  With Prefixes were missing the last bytes (prefix size was not added).	
                * Added ability to create a custom data sections (segments),
                  if you want to treat code as data, add rva start and rva end.
                  

-> 11.11.2003:  * Load/Save Project Options Added.
	          There are 7 files for each saved project.
                  (yeah i know kidna allot, but it's easier to handle rather than 1 bif file.)

                * Plugin SDK Added!:
                  you can code your own plugins for PVDasm now.
                  Put your plugin at the \Plugin\ dir and ur done.
                  note: plugin will be executed only if a file has loaded into Pvdasm,
                  (no disassemble process require to execute the plugin).

                  PVDasm for now ships with this dll(s) list:
                  -------------------------------------------
                  1. "Command Line Disassembler"
                     CLD.Dll - Plugin coded by me, the plugin gives you option to preview disassemble
                     Opcode Vector from a command line alike mini-tool.
                     Source for plugin included.


-> 01.11.2003:  * Debug Window is now Dock-able (Via ToolBar or Menu).
                * Searching Withing the Disassembled code is no availble (be sure to check 'Match Case').
                * XReferences is not supported, if an address is being Refferences from another,
                  ToolBar Control will be availble, or a message will be writetn in the DebugWindow.
                  Press Ctrl+Space, ToolBar Control  or double click the Address to view XReferences to selected line,
                  The Window of xreferences will be opened accouring to your Mouse Pointer Position!,
                  idea came from the intellicase window, I kinda like it ;).
                * HexEditor - AddIn Created for RadASM (By KetilO) Has Been 'Converted' By Me to,
                  be Used Inside VisualC++ (For VC Example Check: http://radasm.visualassembler.com/projects/CustDemo.zip).
                  If AddIn Dll is not found in the AddIns\ Directory, you will not be able to access it via Proview (Run-Time).
                * String Refferences & Import Refferences Dialogs has been Changed, now you can perform,
                  Better Search Within Them, and view 'more' Information rather than using a simple ListBox ;).
                * Disasm Bugs Fixes (Those who has been reported.) 
                * Added Few More Seh Frames to avoid Crashes.
                * CodePatcher - Added Inline code patcher with Assembly Preview (After Patch) in same window.
                  After Patch has been complete you can or not ReDisassemble your Project in order to see,
                  Changes, iv done it beccause i want to avoid MisData information when patching new bytes,
                  So better keep stuff linear insted of curved ;) (PV is pretty fast to do ReDisassemble anyway hehe).
                  Access it by Double Click on Opcodes Culumn, ToolBar or Menu.
                * Gui Fixes/Edits (also fixed the bug in the disassembly appearance for the background color)
                 

-> 12.10.2003:  * Branch Tracing/Back Tracing has been added Using <- or -> Arrow Keys, opr trace in by,
                  Double Click Jxx instruction in disassembly Widnow (Column).
                  You can trace jxx/calls and return from them the same Way u traced them (No Metter how deep u traced!).
                  Fast Tracing / Ret from tracing with left/right arrow keys, tool bar or from the menu.
                * Tool Bar Has been upgraded, more option added


-> 01.10.2003:  * 100% Disassembly Speed!, you will notice a *huge!*,
                  Speed difference from the last build.
                  I think PVDasm can compete with the big boys now ;) (disasm speed)
                  Although there might be still false disasm (still in testing mode)
                * Added Colors Schmes (softice/ida/ollydbg/w32asm/custom) to the disasm window.
                * Goto.. (address/entrypoint/code start) options added.
                * x8 Speed optimizations to the disasm engine core.
                * Known Bug: if file is over 5mb PV might be not responding for a while
                  Because PV uses memory to store the information insted of a temp File (e.g: w32dasm).
                  but it doesn't mean it doesn't work, after a while u will get result,
                  so if you have more than 256mb mem, u will be fine during big files :) .
                * WinXP Theme (Manifest) Added to PV'S Gui (when XP theme shell is being used only).
                * Added String References with search dialog.     
                * Added a custom dialog About =) just to play with skinnble dialogs.           
                  

-> 27.08.2003:  * Import resolving added.
                * Imports dialog with searching added.
                * PV Now Uses Virtual ListView to hold big amount of data.
                * PV Will Auto Allocate memory based on the disassembled code data.
                * Double Click a disassembled line will allow to Add/Edit comments.

-> 15.08.2003:  * Disasm Engine Complete!! (except bugs i will find later :) )
                  it isn't the fastest engine, but it suites me fine now (as a student :))
                * Here we go.. Full support for 0F Set.
                  Meaning: MMX / 3DNow! / SSE / SSE2 instructions + prefixes support
                * Bug Fixes in disasm engine.
                * Disasm from EP option added.

-> 10.08.2003:  * added Options to the disassembler menu 
                * progress bar /percent added
                * force disasm's bytes from ep is now user defined (0-50 bytes).
                  Note: Smaller number of byte can cause few instructions to be not well decoded.

-> 09.08.2003:  * added 1/4 support for 0F Instruction set (JXX & 1 byte opcodes set)
                * added another opcode support (forgot to add it).

-> 08.08.2003:  * Fixed some problems, add a forgotten opcode :D
                * Added option to force disassembly before EP (lenght not yet user defined)
                * Auto jump to EP, code start, address added.
                * added option to restart disassembly

-> 07.08.2003:  * Opcode 0x0F remains to complete the Disasm engine.
                  So you will get from time to time some gaps if your
                  Exe is using its Set of instructions.
                * Process Viewer/Dumper supports 9x/2k/XP  


-> 18.05.2003:  * Disasembler implemented.

-> 10.02.2003:  * Added Expotrs Viewer

-> 05.02.2003:  * Added Import viewer at the
                  Pe editor/Directory viewer

-> 03.02.2003:  * Added a pe rebuilder
		  fix the algiment and headers size,
                  as well as the sections [vsize=rsize / vaddr=raddr]
                  i cannot say it will rebuild it successfuly,
                  notpad did worked though =)
                  and i am opened to suggestions.
		* Added a partial process dumper
                  you can choose how maby bytes to dump
                  and what address to start from.
		  notes: full/partial dump does not work under
                  win9x, due to: i dont have this OS installed :).



			??????????????????????????????????????????????????????????????
               	 	?                                                            ?
			? PVDasm.exe MD5 hash    : 6854DD37BB3F2CF9299FA350D7DF841C  ?
                	?                                                            ?
                	? If This is not the Hash you get, the exe has been altered! ?
                	?							     ?
			??????????????????????????????????????????????????????????????
