Page 1 of 1

How to disasamle code from another process?

Posted: Mon May 10, 2004 3:15 am
by shadow110
Hello.

I can disasamble my own code:

Code: Select all

var:
a:^integer;
b:TCodeInfo;
begin
a := ptr($00400010);
b := parsecode(a);
showmessage(inttohex(b.opcode,4));
b := parsecode(b.next);
showmessage(inttohex(b.opcode,4));

end
Is it possible, to use parsecode with the memory address of another process (calc.exe) ?

I ask many questions the last time.. :oops:

Greetings
Alex

Posted: Mon May 10, 2004 7:52 am
by madshi
No, that's not possible, because your process can't even directly reach another process. The only way to even access the memory/code of calc from inside your process is to use ReadProcessMemory.

If you want to disassemble code of another process, you have to inject a dll into that process and then call ParseCode/Function there.

Posted: Sun Aug 15, 2004 6:47 pm
by Claes
It would be a nice Demo-project if you could provide some source code for that, Mathias. The Demo folder under madDisAsm is still "under construction"... :sorry:

Posted: Sun Aug 15, 2004 7:01 pm
by madshi
Yeah, I should really put something into the demo folder. But directly disassembling another process' memory will probably not be what I'll make a demo about. It's just too difficult to solve 100% right without using a dll.

Posted: Sun Aug 15, 2004 8:25 pm
by Claes
On the other hand, you could cover hooking and disasm in just one Demo..! And I wouldn't mind it had to go in a DLL... :D

Posted: Sun Aug 15, 2004 8:43 pm
by madshi
But there are customers who have madDisAsm, but not madCodeHook. So I can't put a demo into madDisAsm's demo folder, which can only be compiled with madCodeHook. The demo has to be madDisAsm only.

Posted: Sun Aug 15, 2004 10:28 pm
by Claes
Bollox! ;) But you got a strong point, I must admit... 8)