Anyone here know what disassembler that produce a .txt as an output?
MASM can do that
Tools -> DisAssemble exe file
but not clean source
If the dissassembler can output to stdin can be redirected If Im not wrong like
ndisasmw x.exe >disassembly.txt
You also can try ndisasm you should introduce a command in the invocation at cmd for "skip" the first bytes that are not instructions...
ndisasmw is the other tool that come with nasm it output to stdin.
Farabi,
rea is correct here. The default method employed by DOS is to input from the default input device (keyboard) and outputs text to the standard output device (monitor). Eith one (or both) can be re-directed. In this case, if you add >trash.can to the end of the string you are typing; DOS (when it executes that particular command) will send the text output to a file called trash.can
If you want to add that text to the end of an existing file while preserving its previous contents use >>trash.can instead.
Paul
http://www.geocities.com/~sangcho/disasm.html
Here. Complete with source.
my lovely project:
http://pvdasm.reverse-engineering.net/index.php?Section=3
IDA and Ollydbg
Hai. I saw all the 32 bit application is always start at 0x400000 with an entry point on the end. Why it always like that? Is anybody have the structure information?
Most exe (this is not apply to dll) are loaded into the address 400000h (Base address/hinstance value). The location of the entry is dependent on how your code is like.
Quote from: roticv on May 01, 2005, 07:44:09 AM
Most exe (this is not apply to dll) are loaded into the address 400000h (Base address/hinstance value). The location of the entry is dependent on how your code is like.
If an .EXE is loaded into address 400000h then what happens when a second .EXE is brought into memory? Is there a conflict of load addresses?
Robert,
the OS assigns each process its own memory space so every process that is started as an exe file is started at 400000h. The mechanism is part of the OS design for a hardware multitasking operating system. An address within one process memory space is not a valid address within another so for example if you pass the adress of something through interprocess communication, that address will refer to the same data from another process.
Quote from: Robert Collins on May 01, 2005, 01:35:16 PM
If an .EXE is loaded into address 400000h then what happens when a second .EXE is brought into memory? Is there a conflict of load addresses?
Conflict of load address only occurs in dll. In such cases, reloc sections come in handy.
Quote from: hutch-- on May 01, 2005, 01:53:11 PM
Robert,
the OS assigns each process its own memory space so every process that is started as an exe file is started at 400000h. The mechanism is part of the OS design for a hardware multitasking operating system. An address within one process memory space is not a valid address within another so for example if you pass the adress of something through interprocess communication, that address will refer to the same data from another process.
That kind of tells me that if each process has it's own memory space then each memory space also has it's own 400000h load address which sounds like virtual memory. Am I on the right track?
Right!! :U
WOW wizzra that's incredible, excellent job! :thumbu
Glad you liked it ^^ :) :U