I have the source code to a DLL that I wrote in 'C'. I want to convert some of the functions into a assembly
language DLL. I don't know enough about either 'C' or MASM to figure out the assembly op-codes for the
assembly written DLL. My question is: Is it conceivable to use the output of a very good PE dump
application by isolating out the assembly codes that make up the entire DLL function(incl. all the
assembly op-codes of other items such as addresses of data items, the data itself, addresses of
jump and call statements, etc.) and put these op-codes in an assembly source listing and be able to assemble
the program and the function works correctly?
In general, are the resources that are needed all within the binary file of the DLL?
Quote from: Robert Collins on February 07, 2005, 06:59:37 PM
I have the source code to a DLL that I wrote in 'C'. I want to convert some of the functions into a assembly
language DLL. I don't know enough about either 'C' or MASM to figure out the assembly op-codes for the
assembly written DLL. My question is: Is it conceivable to use the output of a very good PE dump
application by isolating out the assembly codes that make up the entire DLL function(incl. all the
assembly op-codes of other items such as addresses of data items, the data itself, addresses of
jump and call statements, etc.) and put these op-codes in an assembly source listing and be able to assemble
the program and the function works correctly?
Might work - depends on the "very good" part... :P
Most C compilers also have an option to emit a listing of the assembly code - this might be another approach. How well the "data" is described depends on the compiler.
Quote from: Robert Collins on February 07, 2005, 06:59:37 PM
In general, are the resources that are needed all within the binary file of the DLL?
In general, yes.
Pelle
Quote from: PellesC on February 07, 2005, 07:17:13 PM
Might work - depends on the "very good" part
Most C compilers also have an option to emit a listing of the assembly code - this might be another approach. How well the "data" is described depends on the compiler.
Pelle
Quote
Ummmm....maybe that's a better way to do it. That seems to be an easier way except when I have the source code but no way to compile it then I would be dependent on the PE dump.
As far as the 'very good' part I have a PE dump program that not only breaks it down into the 'procs' it also shows the target of all instructions that reference memory one way or another.
Robert,
How much 'C' is it ?
I may be able to help in converting it. I did 'C' for 10 years.
Quote from: striker on February 07, 2005, 07:52:04 PM
Robert,
How much 'C' is it ?
I may be able to help in converting it. I did 'C' for 10 years.
Thanks for the offer, striker, however it's not so much converting this particular 'C' function to assembly but more so that I am looking for a method (even if it is as crude as manually picking out code pieces from a PE dump) to convert many API functions into assembly. I was just using this function as a test basis so I would know if I correctly converted it over since I know exactly how it works. Once I find a method I will use it to convert the other functions.
Robert,
What C compiler are you using? If you are using Microsofts compiler (from either Dev Studio or the downloadable toolkit), just make sure you specify to have the assembly output when you compile. /Fa option.
I don't know about other compilers.
Relvinian
Quote from: Relvinian on February 08, 2005, 04:04:00 PM
Robert,
What C compiler are you using? If you are using Microsofts compiler (from either Dev Studio or the downloadable toolkit), just make sure you specify to have the assembly output when you compile. /Fa option.
I don't know about other compilers.
Relvinian
Thanks for the tip, Relvinian. I will use that for that exact purpose. What I am really looking for is a way to do it from a DLL binary file only. In most cases I will not have the source code. I think with a little practice and some patients I might be able to extract the assembly opcodes and other items and have enough resources to build that same function in a assembly DLL. For example, I want to extract the functions out of WS2_32.DLL and build my own winsock dll.
Maybe there is an already usable application out there that will do something similar. I'll search the net.
QuoteI want to extract the functions out of WS2_32.DLL and build my own winsock dll
I am afraid ws2_32.dll is a copyright protected DLL
Quote from: Vortex on February 08, 2005, 06:58:09 PM
QuoteI want to extract the functions out of WS2_32.DLL and build my own winsock dll
I am afraid ws2_32.dll is a copyright protected DLL
Ummmmmm.......I didn't give any thought to that at all. So, would it be considered illegal if I was to extract out a function from the DLL, convert it into an assembly program, figure out how it works, using the same mechanics as the function (ie. not an exact duplication of the original code but the same results), write me a Dll (or application) and process the parameters and arguments myself in my own program? My thinking along this line is
who cares? so as long as I dont sell my program. And even if I did sell it I think that there is nothing illegal about that. It's kind of like what Microsoft did when they took IBM's BIOS, figured out how it worked, then re-wrote the exact same functionality, then sold it as MS_DOS. Only in my case it is purely academic.
To stop WINE, M$ has been copyrighting file names and exports. Where they are in the process, I don't know.
You can write your own winsock.dll, just name it something different.
Regards, P1 :8)
You could always debug it in assembler mode and write down the output ?
AND if your trying to make a winsock, then look at the service provider side of winsock and the NDIS driver level.
wouldnt this be considerd as reversing thus illegal?
if not what would be the whole point into copyrighting if you can just 'debug' it and steal the code that way
Scorpie
Quote from: P1 on February 08, 2005, 07:42:15 PM
To stop WINE, M$ has been copyrighting file names and exports. Where they are in the process, I don't know.
You can write your own winsock.dll, just name it something different.
Regards, P1 :8)
I think it's more on the line of what you say above. Microsoft is copyrighting
names of files and functions. I agree, I cannot make my own winsock DLL and call it "ws2_32.dll" and also have the inner functions by the same name as those in MS's DLL and then distribute this DLL with a product that I intend to sell. I remember reading some 'software' copyright laws back when I had to develop a marketable application for a company and I seem to think it said something on the order that 'code' and 'functionality', among other things,
is not copyrightable but the product itself
is. Code is not copyrightable because in order for the author of the code to be protected he must be able to prove that the
copy code is an exact copy of the original code. Pretty much like it is in the song writing world; I can copy pieces of the melody and put it in my own composition without infringing on the copyright but I cant copy the entire script as is and sell my copy of it either under the same name or even a different name.
I believe the difference between 'legal' and 'illegal' comes into play based on what your end intentions are. If you use it to receive money then maybe it's illegal but if you don't use it for that purpose then no laws have be broken.
I don't know about 'reverse enginering'. I never really heard that it was illegal itself just what the results of doing that entails might be.
Someone please call my mother if what I say is nonsense.
Relvinian,
OK, i put the /Fa option in the C compilier (VC++ 6.0). It didn't belly-ache about the parameter so I figured it's a good one. So, just where and how do I see the assembly results of the compliation?
Hi Robert,
Here is an example for you tested with VC++ 6:
hello.c
#include <stdio.h>
int main()
{
printf("Hello world!");
return 0;
}
To get the assembly listing:
C:\PROGRA~1\MICROS~2\VC98\Bin>vcvars32
Setting environment for using Microsoft Visual C++ tools.
C:\PROGRA~1\MICROS~2\VC98\Bin>cl /c /Fa hello.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8804 for 80x86
Copyright (C) Microsoft Corp 1984-1998. All rights reserved.
hello.c
C:\PROGRA~1\MICROS~2\VC98\Bin>
The resulting file hello.asm
TITLE hello.c
.386P
include listing.inc
if @Version gt 510
.model FLAT
else
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
_DATA SEGMENT DWORD USE32 PUBLIC 'DATA'
_DATA ENDS
CONST SEGMENT DWORD USE32 PUBLIC 'CONST'
CONST ENDS
_BSS SEGMENT DWORD USE32 PUBLIC 'BSS'
_BSS ENDS
_TLS SEGMENT DWORD USE32 PUBLIC 'TLS'
_TLS ENDS
FLAT GROUP _DATA, CONST, _BSS
ASSUME CS: FLAT, DS: FLAT, SS: FLAT
endif
PUBLIC _main
EXTRN _printf:NEAR
_DATA SEGMENT
$SG770 DB 'Hello world!', 00H
_DATA ENDS
_TEXT SEGMENT
_main PROC NEAR
; File hello.c
; Line 4
push ebp
mov ebp, esp
; Line 5
push OFFSET FLAT:$SG770
call _printf
add esp, 4
; Line 6
xor eax, eax
; Line 7
pop ebp
ret 0
_main ENDP
_TEXT ENDS
END
So, your able to do this it appears to me by using a .bat file to compile the C program and include those arguments. I was trying to do it by runing the VC++ compilier in the IDE mode and not through a BAT file. I put the /Fa option in the Project|Settings|C/C++ tab|Project Options. It compiled OK but couldn't find anty assembly output listing.
if u want a function converted to asm do this:
void somefunc()
{
__asm nop; 3x used as marker for sourcer
__asm nop;
__asm nop;
printf("hello");
__asm nop; 3x used as marker for sourcer
__asm nop;
__asm nop;
__asm nop;
}
in sourcer you need to make a .def file VERRY IMPORTANT!
And you need to DIG into some data to MANUALLY fill in the .DEF file from sourer
so that the dissasembled code for your function is easy to read.
I believe i used an tool called importlib or some other tool to get the HEXIMAL offsets of the beginning and ending adresses of the function you want to have.
I use sourcer sometimes to get clean code from Visual c++, the std src isn`t always compiler food!