Archived

This topic is now archived and is closed to further replies.

Zomart

Disassembling

Recommended Posts

Hey- I''ve been looking at a lot of disassemblers lately and decided that I''d like to take on the task of making my own. I''ve searched for the topic on the web, but all I''ve come up with is a bunch of cracking tutorials that only teach me how to use a disassembler, not anything on programming them. I''ve used my brain (a little) to figure out that you need to open up files in binary read mode, but then I have no idea how to output the binary data in text and even worse to how to find the assembly code that would equal it... if anybody can give me a few starting tips I would greatly appreciate it, thanks!

Share this post


Link to post
Share on other sites
Goto the intel website and search around for the developers resources. You''ll find the programming references etc. (can''t remember exactly what the files are called and I don''t have links handy).

If you are trying to disassemble PE executables and not .com or .sys then you''ll need to find the PE specs too so you can extract the code sections. Disassemblers aren''t all that tricky to write, just takes some patience.

Share this post


Link to post
Share on other sites
You need a list of the opcodes. Search for opcode references.



What does God want?
Does God want goodness or the choice of goodness?
Is a man who chooses the bad perhaps in some way better than a man who has the good imposed upon him?

Share this post


Link to post
Share on other sites
It''s a matter of figuring out which parts of the program are data, and which are code. You leave the data alone, and then go through the code one byte at a time, mapping them to their corresponding instruction names. Of course most instructions are more than one byte but the idea is the same.

Watch out though, there may be some padding between instructions (to align them to a dword boundary perhaps) and there''s no easy way to track that, so if you assume 100% of the code segment contains valid code, then your disassembler will think the padding are opcodes, and it''ll usually throw off the rest of your output from that point on. I don''t know if compilers insert opcode 00 (NOP) for padding. Would help greatly if they do, but you can''t assume. Maybe they insert junk opcodes to thwart people like you... but don''t worry, you can do it

I suggest you start off easy, for example original Gameboy ROMS that run on a modified z80 CPU. The instruction set is fairly simple and no opcode is bigger than 3 bytes.

Good luck.

Share this post


Link to post
Share on other sites