Re: Looking for disassembler, decompiler, discompiler or whatever.

"Mickaël Pointier" <mpointie@eden-studios.fr>
11 Sep 2001 00:24:26 -0400

          From comp.compilers

Related articles
Looking for disassembler, decompiler, discompiler or whatever. zuyihe@163.net (2001-09-03)
Re: Looking for disassembler, decompiler, discompiler or whatever. andyjnsn@ma.ultranet.com (2001-09-05)
Re: Looking for disassembler, decompiler, discompiler or whatever. vbdis@aol.com (2001-09-05)
Re: Looking for disassembler, decompiler, discompiler or whatever. mpointie@eden-studios.fr (Mickaël Pointier) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. joachim_d@gmx.de (Joachim Durchholz) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. mpointie@eden-studios.fr (Mickaël Pointier) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. ralph@inputplus.demon.co.uk (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. debray@CS.Arizona.EDU (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. dlindauer@notifier-is.net (david lindauer) (2001-09-11)
Re: Looking for disassembler, decompiler, discompiler or whatever. eanders@argus.EECS.Berkeley.EDU (2001-09-11)
[2 later articles]
| List of all articles for this month |

From: "Mickaël Pointier" <mpointie@eden-studios.fr>
Newsgroups: comp.compilers
Date: 11 Sep 2001 00:24:26 -0400
Organization: ImagiNET / Colt Internet
References: 01-09-011
Keywords: assembler
Posted-Date: 11 Sep 2001 00:24:26 EDT

> Platform: Linux/PowerPC
> My question is: is there any tool that, given exe, will give an
> assembly which looks like the one generated by "gcc -S *.c"? Or, in
> the example, given a.out, will generate hello0.s?


So far, all the reverse-engeeniering/disassembler tools I've used were
very, very bad tools. Some of them eventually manage to give you an
assembly source code that can be reassembled without error, but that's
not the case for all of them.


The only exception was a tool on Atari ST called "Easy Rider" that was
in fact a kind of interactive disassembler. It's the only tool that
allows you to dynamically scroll through the disassembly result,
change the content by saying to the tool "from adress xxxx to adress
yyyyy this is binary data" or "this is assembly code"... It uses the
debug informations when available, and you can edit all hexadecimal
adresses and replace them by labels. It was even able to recognise
sequences of instructions that were called to the operating system,
correctly commenting them with the right function name.


Using this tool it was possible to create a fully labeled source code
by doing very simple things like:


- locate all the messages into the source code, and give them a
meaningfull label (something like "message_quit", "message_yes",
"message_no",...)
- locate all the code that reference those messages (look for
"lea message_quit,a0", and give an adequate label to the function
that contains them (like "function_ask_for_exit")...
- ...
- ...


after a while you have a nearly understandable 68000 source code, that
can be saved in xxx.s format, and then can be rebuild using your
favorite assembler. (it also has a "work in progress" format that
allows you to continue the analysis later).


From this re-assembled program you can then launch the debuger, and
trace the program, with your newly added labels, making the whole
stuff a lot more understandable :) When the knowledge you gain by
tracing the code with labels you can understand the role of some
undocumented functions, so you can get back to easy-rider and add some
new labels, and so on until you finaly get a completely
commented/labeled assembly source code.


This tool was a real hacker-dream, but I never find anything close
to this in the unix/windows world :'(


        Mickael Pointier


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.