How to disasamle code from another process?

delphi package - full disassembler
Post Reply
shadow110
Posts: 8
Joined: Tue Apr 27, 2004 6:26 pm

How to disasamle code from another process?

Post by shadow110 »

Hello.

I can disasamble my own code:

Code: Select all

var:
a:^integer;
b:TCodeInfo;
begin
a := ptr($00400010);
b := parsecode(a);
showmessage(inttohex(b.opcode,4));
b := parsecode(b.next);
showmessage(inttohex(b.opcode,4));

end
Is it possible, to use parsecode with the memory address of another process (calc.exe) ?

I ask many questions the last time.. :oops:

Greetings
Alex
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

No, that's not possible, because your process can't even directly reach another process. The only way to even access the memory/code of calc from inside your process is to use ReadProcessMemory.

If you want to disassemble code of another process, you have to inject a dll into that process and then call ParseCode/Function there.
Claes
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Post by Claes »

It would be a nice Demo-project if you could provide some source code for that, Mathias. The Demo folder under madDisAsm is still "under construction"... :sorry:
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Yeah, I should really put something into the demo folder. But directly disassembling another process' memory will probably not be what I'll make a demo about. It's just too difficult to solve 100% right without using a dll.
Claes
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Post by Claes »

On the other hand, you could cover hooking and disasm in just one Demo..! And I wouldn't mind it had to go in a DLL... :D
madshi
Site Admin
Posts: 10749
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

But there are customers who have madDisAsm, but not madCodeHook. So I can't put a demo into madDisAsm's demo folder, which can only be compiled with madCodeHook. The demo has to be madDisAsm only.
Claes
Posts: 52
Joined: Thu Apr 22, 2004 10:52 pm
Location: Denmark

Post by Claes »

Bollox! ;) But you got a strong point, I must admit... 8)
Post Reply