Disassembler theoreticaly
Hello.
I wanted to a a disasembler, and i was wondering on how hard it would be, adn waht would be the stuff that i will need to learn except the PE file format and op-code/mnemonics.
Thx
[195 byte] By [
Quell] at [2007-11-19 7:30:07]
# 1 Re: Disassembler theoreticaly
Hello.
I wanted to a a disasembler
Please read your post again, and re-compose it so that it makes sense.
Well, PE header and Opcode mnemonics will only be one part of it. Add interrupts, and identification of patterns in the opcode that cause I/O.
What you need to learn depends on what you already know! Composing dissambled information, and presenting it will not be easy either, and you might have to learn that too! :D
# 2 Re: Disassembler theoreticaly
Well..if you are considering to write a disassembler my first question would be why? There exists already quite good ones...
# 3 Re: Disassembler theoreticaly
why is because i wanna learn how windows workes, and i though that writing a disassembler will give me a chance to get into advanced topics of c++ and also allow me to learn how windows workes on a lower level.
Quell at 2007-11-9 0:44:31 >
# 4 Re: Disassembler theoreticaly
Let's turn it around and call it "Disassemblar practically". Given a program written in "modest" C++ (meaning that the source code doesn't use the more advanced language features, most of witch are available only with the latest compilers) there is no disassembler out there that will produce usable C++ source code. Period. There are a few for C, but the results are, mildly said, poor.
Understanding what the compiler produces for a given construct is, in certain circumstancies, usefull. Trying to reverse the process and speculate on how the C++ source for a given mnemonic sequence might have looked like is waste of time. One strong argument, among many others is, that you practically cannot say whether some module really was written in C++ (or, at least, you cannot say which parts of it).
I am not trying to be harsh to you, personally, in any way. I just want to point out that your question aims too far away.
# 5 Re: Disassembler theoreticaly
no, u didn;t get my question, i don't want a decompiler i want a disassembler,that is i want asm source code out of it...
and i was wondering what stuff i need to know to do it except c/c++ and PE format/mnemonics.
and what features should i include so i get more knowledge about windows Os, as well as maybe use some of advanced things in c++ to write the disassembler.
Quell at 2007-11-9 0:46:28 >
# 6 Re: Disassembler theoreticaly
For a disassembler you need to know only the PE spec and the mnemonic structure. You actually don't heed C++, not necessarily. You can use C, Pascal, [insefrt something here] or even Basic. ASM-Code si just a huamn reaadble form of machine code.
# 7 Re: Disassembler theoreticaly
well, what can i add to make it more complex, to the disassembler?
Any ideas?
Thx
Quell at 2007-11-9 0:48:39 >
# 8 Re: Disassembler theoreticaly
A complete table of the x86 instruction set, for 32bit and for 16bit... And that's all by now. If you need further informations on debugging etc. you should look deeper into the specification of the given Operating System...
NASM offers a completly free dissassembler (ndisasm) http://sourceforge.net/project/showfiles.php?group_id=6208 ... But the best disassembler on earth is WinDasm32 from URSoft Coorp.
# 9 Re: Disassembler theoreticaly
MASM32 is very nice in this case it has dictionaries of all mnemonics. :) As for me this program is the best in assembling and disassembling
