This QE40 plugin is aimed initially at formatting DumpPE output so its usable as code. t is useful for checking what MASM does with .IF and similar notation but as the DLL uses similar code to a number of automatic code optimisers I have played with over time, I added the safest of the code optimisations so that the user has the option of further modifying the formatted code.
In order it performs jump optimisation of a couple of different types, eliminated jumps to jumps, inverts reversed jumps and removed any dead jumps from earlier jump removal. The second option removes un-needed zero tests where the flag is set by the preceding operation. The last option is instruction replacement with what are generally faster alternatives but there is a risk that some of these replacements are unsafe (agressive optimisation) so the replaced instruction is commented off to the side if the replacement does not work correctly.
There are many other optimisations but the variation range with flag settings is so large that it is nearly impossible to get it to work reliably so I have left these ones out. Feedback on this DLL would be appreciated.
The second version is now attached, it corrected a problem with chained jumps of the following format.
main proc
jmp label0
nop
label0:
jmp label1
nop
label1:
jmp label2
nop
label2:
jmp label3
nop
label3:
jmp label4
nop
label4:
jmp label5
nop
label5:
jmp label6
nop
label6:
ret
main endp
When disassembled in DumpPE it looks like this.
00401025 fn_00401025: ; Xref 00401000
00401025 EB01 jmp loc_00401028
00401027 90 nop
00401028 loc_00401028: ; Xref 00401025
00401028 EB01 jmp loc_0040102B
0040102A 90 nop
0040102B loc_0040102B: ; Xref 00401028
0040102B EB01 jmp loc_0040102E
0040102D 90 nop
0040102E loc_0040102E: ; Xref 0040102B
0040102E EB01 jmp loc_00401031
00401030 90 nop
00401031 loc_00401031: ; Xref 0040102E
00401031 EB01 jmp loc_00401034
00401033 90 nop
00401034 loc_00401034: ; Xref 00401031
00401034 EB01 jmp loc_00401037
00401036 90 nop
00401037 loc_00401037: ; Xref 00401034
00401037 EB01 jmp loc_0040103A
00401039 90 nop
0040103A loc_0040103A: ; Xref 00401037
0040103A C3 ret
Run through the DLL it has the chained jumps removed so that each jump in the old chain branches directly to the last label.
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
fn_00401025:
jmp lbl6
nop
jmp lbl6
nop
jmp lbl6
nop
jmp lbl6
nop
jmp lbl6
nop
jmp lbl6
nop
jmp lbl6
nop
lbl6:
ret
The DLL is designed essentially to work on one procedure at a time once it has been disassembled in DumpPE. Using the old trick of putting a number of NOPS before and after the procedure so you can easily find it, select the procedure in the DumpPE output and try the DLL on the selected code.
[attachment deleted by admin]
I have posted a new version that fixed a problem with the jump optimisation above.