Prev: multithreading in Asm
Next: Debugger for AMD64?
From: Willow on 3 Jan 2010 08:47
Happy new year everyone!

It's been nearly a year and a half since I first released CRUDASM1, a
disassembler written entirely by me that supported 16 and 32 bit x86
raw binary images and is available under GPL 3.0.

After some discussion at this newsgroup, people found bugs and this
motivated me to rewrite it without the bugs, into CRUDASM2 a little
while later.

Well, I just posted CRUDASM3, an improved disassembler engine with
full source code!
You can find it at the top of this site:
http://code.google.com/p/vm64dec/downloads/list

The new disassembler supports 64 bit mode as well as 16 and 32 bit
mode. It's a rewrite, with only some code from CRUDASM2 and the
original crudasm. As far as I know the bugs were left out!

My next step is to follow in the footsteps of the DCC decompiler and
add control flow analysis to the disassembler, along with 32-bit and
64-bit PE file loading support, and PDB debugging symbol support (I've
added 32bit PE and old PDB support to an older disassembler/decompiler
project but it wasn't kept in the rewrite).

In particular, I plan to convert code like this:

L1: add al,[bx]
inc bx
cmp bx,si
jnz L1

into this:
do
{
add al,[bx]
cmp bx,si
bit cond = ZF;
} while(!cond);

That is, with control flow analysis (even before data flow analysis) I
plan to make CRUDASM3 recognize loops and other HLL-constructs.
This will be done by following the PhD "thesis" (should it be
dissertation?) of the person who made DCC, which has an excellent
description of how to recognize loops, ||, && operators, if..else,
etc.

Should be fun! If it goes well I can worry about data flow analysis
after I graduate college and have more free time.

CRUDASM3 makes use of a script file with this sort of code:

insn _aad(B1 arg)
"d5 imm" ! no64
dis {
write("aad");
if(get_imm32() != 0x0a)
{
space();
write_args();
}
}
emu {
B1 tmp = AH;
tmp = cmul(tmp, arg);
tmp = add(tmp, AL);
AL = tmp;
AH = 0;
OF = undefined;
SF = sign(AL);
ZF = zero(AL);
AF = undefined;
PF = parity(AL);
CF = undefined;
}

This allows both emulators and disassemblers to be automatically
generated from the same script file. You can find a sample PC emulator
at the same site (sorry, I have a revised version but it's not ready
to be released). The "emulator" semantic information could be used as
the basis of a decompiler (you will also find my Win32 decompiler/
disassembler at the same site, named vmdecv0.10.zip; an older flat
decompiler is there too under the filename vm64dec-0.17.zip).
 | 
Pages: 1
Prev: multithreading in Asm
Next: Debugger for AMD64?