Assembly Parsing
[117 byte] By [Diego898] at [2007-11-19 10:47:23] 
Is there such a tool as to parse assembly? If there is, would there be one available in the c++ programming language?
# 1 Re: Assembly Parsing
what do you mean by 'parsing assembly'? What do you need to do with asm files?Hob
Hobson at 2007-11-10 3:55:52 >
# 2 Re: Assembly Parsing
I need to be able to search through them and find lines / sections of code which coincide with the specifications I need. For example, I need any line performing addition of any values in two registers.Diego898 at 2007-11-10 3:56:54 >
# 3 Re: Assembly Parsing
Unfortunately, I have never seen such a tool, and I do not think that it exists. It has more to do with expression parsing than with assembly. Anyway, try to download some IDE for assembly, maybe in any will be this feature implemented. Also, you could try to create such a tool by yourself, using regular expressions. As long as your conditions are as simple as 'finding add reg1, reg2', it would not be too hard.Regards,
Hob
Hobson at 2007-11-10 3:57:52 >
# 4 Re: Assembly Parsing
I need to be able to search through them and find lines / sections of code which coincide with the specifications I need. For example, I need any line performing addition of any values in two registers.Anyway ASM parsing is not that difficult, since it is line based and a semicolon begins a comment. I imagine it wouldn't be much more than ~30 lines of C++ code to archieve what you need.
NoHero at 2007-11-10 3:58:51 >
# 5 Re: Assembly Parsing
What I'm trying to do is parse through an .ASM file to determine whether or not i can add things without damaging the functionality of the code. For example, I want to be able to manipulate Assembly based on my directions without damaging the functionality of the code. IE I still want it to be the same , just lets say, longer, or with different names for variables etc. Maybe even insert comments that say nothing about the code, or manipluate registers which are being added on, lets say reg2 is being added by 1, I would then add 4 and take away 3. Something like that.Thanks
Diego898 at 2007-11-10 3:59:50 >
# 6 Re: Assembly Parsing
Does any know of any tool / method of accomplishing this? If not, would anyone be willing to assist me in this project?Thanks
Diego898 at 2007-11-10 4:00:57 >
# 7 Re: Assembly Parsing
So you are going to try something like obfuscator or tool inserting junk codes into executables to make reading code and/or cracking harder, right? So, if you are going to obfuscate assembly code, I doubt if there is any need for that, its already almost illegible :D And if you are going to obfuscate compiled executables, then there is no need to bother with comments, symbol names (maybe except exports and section names), and labels, because they should not exist in compiled binaries (in 'release mode' of course).Implementing some basic functionality in your program would not be hard: just get some library for regular expressions (I think that boost is ok). Then you would have to define what operations you perform. Lets say, following your example, that you are going to replace some lines add reg32, immed;some comment or no with lines like
add reg32, immedPlusSomeRandValue
.....a few lines of code here
sub reg32, sameRandValue
So you are building appropriate regular expression:
\s?add\s+e..\s+,\s+\d+(\s?;.*)?
WARNING: I am NOT very familiar with regular expression,
so I have NO IDEA if above is correct, efficient, whatever.
I followed rules from here:
http://www.boost.org/libs/regex/doc/syntax.html
and check line by line if any meets this condition. If it does, you extract from this line a register name and immediate value (also using regular expression) and now you can modify this line, add some lines above or below this one, etc.
Maybe it looks complicated, but its really not that hard.
Another thing you could do is to put in your code whole blocks of assembly which do nothing special. However with this you have to be careful to not corrupt stack, or exceed jump range.
Anyway, good luck.
Hob
Hobson at 2007-11-10 4:01:50 >
