Search Results

Search found 42 results on 2 pages for 'disassembling'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • Disassembling with python - no easy solution?

    - by Abc4599
    Hi, I'm trying to create a python script that will disassemble a binary (a Windows exe to be precise) and analyze its code. I need the ability to take a certain buffer, and extract some sort of struct containing information about the instructions in it. I've worked with libdisasm in C before, and I found it's interface quite intuitive and comfortable. The problem is, its Python interface is available only through SWIG, and I can't get it to compile properly under Windows. At the availability aspect, diStorm provides a nice out-of-the-box interface, but it provides only the Mnemonic of each instruction, and not a binary struct with enumerations defining instruction type and what not. This is quite uncomfortable for my purpose, and will require a lot of what I see as spent time wrapping the interface to make it fit my needs. I've also looked at BeaEngine, which does in fact provide the output I need, a struct with binary info concerning each instruction, but its interface is really odd and counter-intuitive, and it crashes pretty much instantly when provided with wrong arguments. The CTypes sort of ultimate-death-to-your-python crashes. So, I'd be happy to hear about other solutions, which are a little less time consuming than messing around with djgcc or mingw to make SWIGed libdisasm, or writing an OOP wrapper for diStorm. If anyone has some guidance as to how to compile SWIGed libdisasm, or better yet, a compiled binary (pyd or dll+py), I'd love to hear/have it. :) Thanks ahead.

    Read the article

  • How is printf() implemented in c?

    - by Mask
    Disassembling printf doesn't give much info: (gdb) disas printf Dump of assembler code for function printf: 0x00401b38 <printf+0>: jmp *0x405130 0x00401b3e <printf+6>: nop 0x00401b3f <printf+7>: nop End of assembler dump. How is it implemented under the hood? Why disassembling doesn't help? What does * mean before 0x405130?

    Read the article

  • What does * address(found in printf) mean in assembly?

    - by Mask
    Disassembling printf doesn't give much info: (gdb) disas printf Dump of assembler code for function printf: 0x00401b38 <printf+0>: jmp *0x405130 0x00401b3e <printf+6>: nop 0x00401b3f <printf+7>: nop End of assembler dump. (gdb) disas 0x405130 Dump of assembler code for function _imp__printf: 0x00405130 <_imp__printf+0>: je 0x405184 <_imp__vfprintf+76> 0x00405132 <_imp__printf+2>: add %al,(%eax) How is it implemented under the hood? Why disassembling doesn't help? What does * mean before 0x405130?

    Read the article

  • How is prinf() implemented in c?

    - by Mask
    Disassembling printf doesn't give much info: (gdb) disas printf Dump of assembler code for function printf: 0x00401b38 <printf+0>: jmp *0x405130 0x00401b3e <printf+6>: nop 0x00401b3f <printf+7>: nop End of assembler dump. How is it implemented under the hood?

    Read the article

  • Wanted a tool for decompiling obfuscated .NET code

    - by Shrike
    Hello. I need a tool to decompile obfuscated .NET code. Yes, I know about Reflector and its plugins (FileDisassemble, FileGenerator). But they create VS project which won't compile. For an example the decompiled code contains: private sealed class d__0 : IEnumerator, IEnumerator, IDisposable { private int <1__state; private int <2__current; I need a tool which could rename automatically such name into readable (read "compilable") form. Thnx.

    Read the article

  • Windows PE - Where and how are strings stored if not in resources?

    - by sdadsas
    Usually strings (like content/titles of dialog boxes) in .exe files are stored in some sort of resources. But in some recent exes I disassembled/resource-inspected I couldn't find any resources containing the string but it was somehow hardcoded with db's into the program source code. How can I extract and modify strings directly located in the program? I assume those are just the equivalent to const char*s in C++? Why would someone not "outsource" the contents of dialog boxes, menus, etc?

    Read the article

  • GDB question - how do I go through disassembled code line by line?

    - by user324994
    I'd like to go through a binary file my teacher gave me line by line to check addresses on the stack and the contents of different registers, but I'm not extremely familiar with using gdb. Although I have the C code, we're supposed to work entirely from a binary file. Here are the commands I've used so far: (gdb) file SomeCode Which gives me this message: Reading symbols from ../overflow/SomeCode ...(no debugging symbols found)...done. Then I use : (gdb) disas main which gives me all of the assembly. I wanted to set up a break point and use the "next" command, but none of the commands I tried work. Does anyone know the syntax I would use?

    Read the article

  • Write Secure Cocoa Code

    - by happyCoding25
    Hello, Im making an application in cocoa and wanted to see if some strings in it were easily accessible so I ran OTX on it and sadly all of my code was found. Is there a method I can use to make my code more "secure" or at least encrypt/hide the strings? The reason I want to encrypt the string is it's a password for a server. I don'd need it really secure I just don't want the password to be so easy to find. Thanks for any help

    Read the article

  • Is there a disassembler + debugger for java (ala OllyDbg / SoftICE for assembler)?

    - by Ran Biron
    Is there a utility similar to OllyDbg / SoftICE for java? I.e. execute class (from jar / with class path) and, without source code, show the disassembly of the intermediate code with ability to step through / step over / search for references / edit specific intermediate code in memory / apply edit to file... If not, is it even possible to write something like this (assuming we're willing to live without hotspot for the debug duration)? Edit: I'm not talking about JAD or JD or Cavaj. These are fine decompilers, but I don't want a decompiler for several reasons, most notable is that their output is incorrect (at best, sometimes just plain wrong). I'm not looking for a magical "compiled bytes to java code" - I want to see the actual bytes that are about to be executed. Also, I'd like the ability to change those bytes (just like in an assembly debugger) and, hopefully, write the changed part back to the class file. Edit2: I know javap exists - but it does only one way (and without any sort of analysis). Example (code taken from the vmspec documentation): From java code, we use "javac" to compile this: void setIt(int value) { i = value; } int getIt() { return i; } to a java .class file. Using javap -c I can get this output: Method void setIt(int) 0 aload_0 1 iload_1 2 putfield #4 5 return Method int getIt() 0 aload_0 1 getfield #4 4 ireturn This is OK for the disassembly part (not really good without analysis - "field #4 is Example.i"), but I can't find the two other "tools": A debugger that goes over the instructions themselves (with stack, memory dumps, etc), allowing me to examine the actual code and environment. A way to reverse the process - edit the disassembled code and recreate the .class file (with the edited code).

    Read the article

  • Windows disassembler: looking for a tool...

    - by SigTerm
    Hello. I'm looking for a (preferably free) tool that can produce "proper" disassembly listing from a (non-.NET) windows PE file (*.exe or *.dll). Important requirement: it should be possible to run the listing through a windows assembler (nasm, masm or whatever) and get working exe again (not necessarily identical to original one, but it should behave in the same way). Intended usage is adding new subroutines into existing code, when source is not available. Ideally, tool should be able to detect function/segment boundaries, API calls, and generate proper labels for jumps (I can live without labels for loops/jumps, though, but function boundary detection would be nice), and keep program resources/segments in place. I'm already aware of IdaPRO(not free), OllyDBG (useful for in-place hacking, doesn't generate disassembly listing, AFAIK), ndisasm (output isn't suitable for assembler), dumpbin (useful, but AFAIK, output isn't suitable for assembler) and "proxy dll" technique. Ideas? Or maybe there is a book/tutorial that explains some kind of alternative approach?

    Read the article

  • Printf in assembler doesn't print

    - by Gaim
    Hi there, I have got a homework to hack program using buffer overflow ( with disassambling, program was written in C++, I haven't got the source code ). I have already managed it but I have a problem. I have to print some message on the screen, so I found out address of printf function, pushed address of "HACKED" and address of "%s" on the stack ( in this order ) and called that function. Called code passed well but nothing had been printed. I have tried to simulate the environment like in other place in the program but there has to be something wrong. Do you have any idea what I am doing wrong that I have no output, please? Thanks a lot EDIT: This program is running on Windows XP SP3 32b, written in C++, Intel asm there is the "hack" code CPU Disasm Address Hex dump Command Comments 0012F9A3 90 NOP ;hack begins 0012F9A4 90 NOP 0012F9A5 90 NOP 0012F9A6 89E5 MOV EBP,ESP 0012F9A8 83EC 7F SUB ESP,7F ;creating a place for working data 0012F9AB 83EC 7F SUB ESP,7F 0012F9AE 31C0 XOR EAX,EAX 0012F9B0 50 PUSH EAX 0012F9B1 50 PUSH EAX 0012F9B2 50 PUSH EAX 0012F9B3 89E8 MOV EAX,EBP 0012F9B5 83E8 09 SUB EAX,9 0012F9B8 BA 1406EDFF MOV EDX,FFED0614 ;address to jump, it is negative because there mustn't be 00 bytes 0012F9BD F7DA NOT EDX 0012F9BF FFE2 JMP EDX ;I have to jump because there are some values overwritten by the program 0012F9C1 90 NOP 0012F9C2 0090 00000000 ADD BYTE PTR DS:[EAX],DL 0012F9C8 90 NOP 0012F9C9 90 NOP 0012F9CA 90 NOP 0012F9CB 90 NOP 0012F9CC 6C INS BYTE PTR ES:[EDI],DX ; I/O command 0012F9CD 65:6E OUTS DX,BYTE PTR GS:[ESI] ; I/O command 0012F9CF 67:74 68 JE SHORT 0012FA3A ; Superfluous address size prefix 0012F9D2 2069 73 AND BYTE PTR DS:[ECX+73],CH 0012F9D5 203439 AND BYTE PTR DS:[EDI+ECX],DH 0012F9D8 34 2C XOR AL,2C 0012F9DA 2066 69 AND BYTE PTR DS:[ESI+69],AH 0012F9DD 72 73 JB SHORT 0012FA52 0012F9DF 74 20 JE SHORT 0012FA01 0012F9E1 3120 XOR DWORD PTR DS:[EAX],ESP 0012F9E3 6C INS BYTE PTR ES:[EDI],DX ; I/O command 0012F9E4 696E 65 7300909 IMUL EBP,DWORD PTR DS:[ESI+65],-6F6FFF8D 0012F9EB 90 NOP 0012F9EC 90 NOP 0012F9ED 90 NOP 0012F9EE 31DB XOR EBX,EBX ; hack continues 0012F9F0 8818 MOV BYTE PTR DS:[EAX],BL ; writing 00 behind word "HACKED" 0012F9F2 83E8 06 SUB EAX,6 0012F9F5 50 PUSH EAX ; address of "HACKED" 0012F9F6 B8 3B8CBEFF MOV EAX,FFBE8C3B 0012F9FB F7D0 NOT EAX 0012F9FD 50 PUSH EAX ; address of "%s" 0012F9FE B8 FFE4BFFF MOV EAX,FFBFE4FF 0012FA03 F7D0 NOT EAX 0012FA05 FFD0 CALL EAX ;address of printf This code is really ugly because I am new in assembler and there mustn't be null bytes because of buffer-overflow bug

    Read the article

  • Best disassembler tool for the .NET reflector?

    - by Joan Venge
    What's the best disassembler tool for the .NET reflector? By best I mean, saving a .NET assembly in a disassembled state in most readable, most likely to compile with fewer changes. The current one I use doesn't show simplified enumeration but shows the full IEnumerable implementations with MoveNext, etc with member names like: this.<4_state CS$<9_CachedAnonymousMethodDelegate3 Btw I am not trying to steal code, just trying out certain things on an already existing assembly instead of writing a similar thing from scratch. In the end, it's what I will learn from this that will stay, not the modified assembly.

    Read the article

  • Modify Emdeded String in C# compiled exe

    - by nitefrog
    I have an issue where I need to be able to have a compiled exe ( .net 3.5 c# ) that I will make copies of to distribute that will need to change a key for example before the exe is sent out. I cannot compile each time a new exe is needed. This is a thin client that will be used as part of a registration process. Is it possible to add a entry to a resource file with a blank value then when a request comes in have another application grab the blank default thin client, copy it, populate the blank value with the data needed. If yes how? If no do you have any ideas? I have been scratching my head for a few days now and the limitation as due to the boundaries I am required to work in. The other idea I has was to inject the value into a method, which I have no idea how I would even attempt that. Thanks.

    Read the article

  • Modifying .rdata unicode strings from windows PE files

    - by sdaa
    I have been looking for a way of modifying static strings stored in Windows .exe files in the .rdata section, however I haven't found a real way to do so yet. The whole thing is too complicated to do by hand (in this case by a HEX editor) and so I wanted to know if you have a solution to do so.

    Read the article

  • Can someone explain the output of this disassemly snippet?

    - by Mask
    I used two different command x/w and disas at the same address 0x405130,get totally different output: (gdb) x/w 0x405130 0x405130 <_imp__printf>: 0x77c1186a (gdb) disas 0x405130 Dump of assembler code for function _imp__printf: 0x00405130 <_imp__printf+0>: push $0x18 0x00405132 <_imp__printf+2>: (bad) 0x00405133 <_imp__printf+3>: ja 0x405109 <_imp___iob+1> End of assembler dump. I don't understand why it's like this,can anyone explain it?

    Read the article

  • Does the compiler provides extra stack space for byte-spilling?

    - by xuwicha
    From the sample code below which I got here, I don't understand why the value of registers are move to specific part in stack when byte-spilling is performed. pushq %rbp movq %rsp, %rbp subq $96, %rsp leaq L__unnamed_cfstring_23(%rip), %rax leaq L__unnamed_cfstring_26(%rip), %rcx movl $42, %edx leaq l_objc_msgSend_fixup_alloc(%rip), %r8 movl $0, -4(%rbp) movl %edi, -8(%rbp) movq %rsi, -16(%rbp) movq %rax, -48(%rbp) ## 8-byte Spill movq %rcx, -56(%rbp) ## 8-byte Spill movq %r8, -64(%rbp) ## 8-byte Spill movl %edx, -68(%rbp) ## 4-byte Spill callq _objc_autoreleasePoolPush movq L_OBJC_CLASSLIST_REFERENCES_$_(%rip), %rcx movq %rcx, %rdi movq -64(%rbp), %rsi ## 8-byte Reload movq %rax, -80(%rbp) ## 8-byte Spill callq *l_objc_msgSend_fixup_alloc(%rip) movq L_OBJC_SELECTOR_REFERENCES_27(%rip), %rsi movq %rax, %rdi movq -56(%rbp), %rdx ## 8-byte Reload movl -68(%rbp), %ecx ## 4-byte Reload And also, I don't know what is the purpose of byte-spilling since the program logic can still be achieved if the function is the one saving the value of the registers it will be used inside it. I really have no idea why is this happening. Please help me understand this.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >