March 28, 2024, 06:13:55 AM

News:

IonicWind Snippit Manager 2.xx Released!  Install it on a memory stick and take it with you!  With or without IWBasic!


Ionic Wind Disassembler library

Started by Ionic Wind Support Team, November 09, 2006, 09:55:11 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Ionic Wind Support Team

November 09, 2006, 09:55:11 PM Last Edit: February 21, 2011, 12:45:32 AM by LarryMc
The Ionic Wind Disassembler library is now availble for general use.  The disassembler exists in a DLL and was written completely in Aurora for use with the Aurora and Emergence IDE's.  The library is being released in two versions.

#1.  A free for non-commercial use version with a slightly restrictive license.
#2.  A commercial license including full source code for $19.95 with no restrictions on use.

The library made its premeir in the Aurora IDE during Beta 1 Rev 3 and was the culmination of about a month of solid coding work.  The library includes 5 easy to use functions for dissasembly and working with machine code directly from a memory location. It can be used to disassemble code from another process using the standard Windows API for reading process memory.

Example output from the library:

subroutine 'test1' disassembly
00403050 push ebp
00403051 mov ebp,esp
00403053 sub esp,0x00000114
00403059 push ebx
0040305A push edi
0040305B push esi
0040305C lea eax,[ebp-160]
00403062 mov edx,eax
00403064 mov eax,0x00000005
00403069 imul esi,eax,0x00000010
0040306F mov eax,edx
00403071 add eax,esi
00403073 mov esi,eax
00403075 mov eax,0x00000002
0040307A mov edx,eax
0040307C mov dword [esi],edx
0040307E lea eax,[ebp-264]
00403084 mov edi,eax
00403086 mov dword [edi],0x0040A07B
00403090 push edi
00403091 call 0x004039D0
00403096 lea eax,[ebp-264]
0040309C mov edi,eax
0040309E push edi
...


The installation includes header files and import libraries for both Aurora and VC++.  See the documentation.txt and license.txt files included in the non-commercial version for further information.


The non-commercial version is attached to this message.

Any questions, just ask.

Paul.
Ionic Wind Support Team

Rock Ridge Farm (Larry)

Not sure I will use it but if it helps you out I will order it.
Just placed the order

Ionic Wind Support Team

Thank you.  The commercial version is on its way through email. 
Ionic Wind Support Team

John S

Paul,
Just sent you $100 for the Ionic Wind Disassembler library via PayPal (I wasn't able to include a message with the payment so I'm letting you know here).
John Siino, Advanced Engineering Services and Software

DominiqueB

Hello Paul,

just bought the disassembler...

Thank's

Dominique

Ionic Wind Support Team

Ionic Wind Support Team

Ionic Wind Support Team

Price of the dissasembler library is now $19.95.   Get it now before I change my mind  ;D
Ionic Wind Support Team

Blue Steel

How can the disassembler do / help with amateur / hobby programmers.

will it disassemble other programs besides Aurora ..

is it a good tool to have.. and if so why ???

I guess what I'm really asking is why would i want it.. ???

  http://www.codingmonkeys.com
Covers many languages including Aurora , IWBasicEbasic (Ebasic, IBasic) , Creative Basic

Ionic Wind Support Team

Yes you can dissasemble any binary with it.  Use it in your own IDE, learn assembly, etc.
Ionic Wind Support Team

Blue Steel

thanks.. I wish i had the money i'd buy it ;)

the last time i used a dis-assembler was when i had an amiga .. and then it was used to search for data blocks for particular content, ie: maps for ultima.. which i then wrote a program to display and print them out



  http://www.codingmonkeys.com
Covers many languages including Aurora , IWBasicEbasic (Ebasic, IBasic) , Creative Basic

Brice Manuel


Ionic Wind Support Team

It's a DLL and can be used in any language.

For Emergence BASIC just take the include file that comes with the archive and change the declares and the single structure (type) to EBasic style. Import library works for either language.

Paul.
Ionic Wind Support Team

Ionic Wind Support Team

Here's a quick conversion to Emergence (untested) of the include file .  Took about 2 minutes.


$use "disassem.lib"

type x86inst
word opcode
char modRM
char SIB
int displacement
int immediate
int address_size
int operand_size
endtype

$ifndef MAKEDLL
declare cdecl import,disassemble(code as pointer,base as pointer,nCount as int,buffer as pointer, cbBuffer as int,x86 as pointer),pointer
declare cdecl import,disassemble_range(code as pointer,end as pointer,base as pointer,buffer as string,cbBuffer as int)
declare cdecl import,get_func_count(code as pointer),int
declare cdecl import,get_func_size(code as pointer),int
declare cdecl import,get_inst_size(code as pointer),int
declare cdecl import,DecodeOpcode(opcode as word,modRM as char,SIB as char,displacement as int, immediate as int,opsize as int,adsize as int,startaddr as pointer,endaddr as pointer,base as pointer),string
$else
declare cdecl disassemble(code as pointer,base as pointer,nCount as int,buffer as pointer, cbBuffer as int,x86 as pointer),pointer
declare cdecl disassemble_range(code as pointer,end as pointer,base as pointer,buffer as string,cbBuffer as int)
declare cdecl get_func_count(code as pointer),int
declare cdecl get_func_size(code as pointer),int
declare cdecl get_inst_size(code as pointer),int
declare cdecl DecodeOpcode(opcode as word,modRM as char,SIB as char,displacement as int, immediate as int,opsize as int,adsize as int,startaddr as pointer,endaddr as pointer,base as pointer),string
$endif

Ionic Wind Support Team

Brice Manuel

Thanks, Paul.  I am not good at converting stuff like that.

Just ordered it  ;D

Ionic Wind Support Team

Brice,
Just tried emailing you the commercial version, your server rejected the attachment.  Any other emails you can use?
Ionic Wind Support Team

Brice Manuel

Unfortunately, no.  It "should" allow attachments as my daughter just sent me a zip filled with jpgs yesterday. 

Any chance you could rename the file(s) to a pdf and then zip it?  That usually gets through any server filters as they dont like exes or dlls that are zipped.

Ionic Wind Support Team

Just resent, renamed it with a .pdf extension.  If that doesn't work I will stick it up on my server later.
Ionic Wind Support Team

Steven Picard

February 05, 2007, 09:25:03 PM #17 Last Edit: February 05, 2007, 09:57:47 PM by Steven Picard
Payment, sent Paul. (don't forget the PayPal was registered in my wife's name.)

This past week I had to create a low level hook for a 3rd Party ActiveX in VC++.  It was quite a lot of work and finally got it done tonight.  I tried a global registry hook but I found that global hooks make the system unstable and some apps detect it and complain or just plain old crash  Since the ActiveX is loaded in a web page I created a form that hosted our clients web page that used the ActiveX that way the ActiveX was loaded in the same process.  Using the Pid (process Id) from the app that hosts it I could inject the dll into the memory in order to hook all API calls (at least the ones I specify.)  I am happy to be done this and it took me a good week of late night work.  You probably could have done it in a night.  I am going to be pursuing learning assembly to a much deeper level and will be happy to return to Aurora instead of VC++.  I'll tell you what drives me nuts is the different formats of strings.  Yeah, I can convert CString to string using (const char *) and string to CString using the .c_str() but I wish there was a global standards for C++.  I know std library has that purpose but then there's Microsoft...

Anyways, I'm just venting and happy to be done that.  Look for forward to programming in Aurora again and learning from your code.

Ionic Wind Support Team

Thanks Steven.  Sent a few minutes ago by email.
Ionic Wind Support Team