problem with MadDisAsm

delphi package - full disassembler

problem with MadDisAsm

Postby Storm » Thu Nov 23, 2006 11:46 am

Hello!
I have a some questions (sorry for my english).

I have this asm code:
Code: Select all
include 'INCLUDE\win32ax.inc'
.data
Serial db 'Some program',0
_MsgCaption db 'Disasm this',0
.code
start:
push 0
push Serial
push _MsgCaption
push 0
call MessageBox
push 0
call ExitProcess
retn
.end start
and have this compiled application:
http://rapidshare.com/files/4496667/HELLO.EXE.html

After disassembling (with MadDisAsm) a have this code:
Code: Select all
0011fbfc   push    0
0011fbfe   push    $401000
0011fc03   push    $40100d
0011fc08   push    0
0011fc0a   call    +$1069 ($120c78)
0011fc0f   push    0
0011fc11   call    +$1044 ($120c5a)
0011fc16   ret


Can you transfer +$1069 ($120c78) in MessageBox?
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Thu Nov 23, 2006 2:23 pm

What does madDisAsm do if you ask it to disassemble "$120c78" for you?
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Thu Nov 23, 2006 7:09 pm

How to dissasm this string via maddissasm?
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Thu Nov 23, 2006 9:45 pm

That's not what I meant. I want to know what $120c78 looks like. So I can understand why madDisAsm doesn't translate it to MessageBox. Normally it should do that.
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Mon Nov 27, 2006 1:23 pm

Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Mon Nov 27, 2006 1:45 pm

If you don't answer my question, there's not much else I can do for you. I need to know what code is at $120c78.
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Tue Nov 28, 2006 10:36 am

Function MessageBoxA is (on data PETools) to the address 00003084. Though, maybe, I do not understand a question, explain more precisely.

PS. Instead of you could make a small demo - example disassembling an exe-file?
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Tue Nov 28, 2006 11:05 am

madDisAsm is not meant to disassemble a file from harddisk. It is meant to do in memory disassembling of loaded modules. There's an important difference: Loaded modules are made up by the OS loader. Files on disk are stored in a rather raw format and look different than loaded modules. If you want to disassemble a file from harddisk then madDisAsm is probably not really what you need.
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Tue Nov 28, 2006 11:20 am

Then you could not create a small example use MadDisAsm?
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Tue Nov 28, 2006 11:49 am

Example for what? Disassembling a file from harddisk? As I said, that's not what madDisAsm is meant for.

P.S: You could use LoadLibraryEx(DONT_RESOLVE_DLL_REFERENCES). Maybe then madDisAsm works better for you. I've not tested that, though.
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Wed Nov 29, 2006 8:36 am

Ok, whether you can create those an example of use madDisAsm. (it is simple an example for what can it is required madDisAsm)
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Wed Nov 29, 2006 9:02 am

Code: Select all
var disAsm : string;
begin
  ParseFunction(GetProcAddress(GetModuleHandle('kernel32.dll'), 'CreateFileA'), disAsm);

This should give you something like this:

http://help.madshi.net/CreateFileADisAsm.htm
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Wed Nov 29, 2006 9:17 am

And it is possible also an example for ParseCode?
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Postby madshi » Wed Nov 29, 2006 10:11 am

Just replace ParseFunction with ParseCode in the example above... :)
madshi
Site Admin
 
Posts: 9387
Joined: Sun Mar 21, 2004 5:25 pm

Postby Storm » Wed Nov 29, 2006 11:09 am

Also let last question a little not in a theme. Whether it is possible to take from a file text lines (for example parameters)?
Storm
 
Posts: 16
Joined: Tue Jul 18, 2006 8:22 am

Next

Return to madDisAsm

Who is online

Users browsing this forum: No registered users and 1 guest

cron