I disassembled a program using IDA. I know that ida isn't designed to give MASM that'll assemble again.. but still.. i get quite a strange error while assembling with MASM32
(small sniped of code ida produced:)
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
MSG struc ; (sizeof=0x1C, standard type)
hwnd dd ? ; offset
message dd ?
wParam dd ?
lParam dd ?
time dd ?
pt POINT ?
MSG ends
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
POINT struc ; (sizeof=0x8, standard type)
x dd ?
y dd ?
POINT ends
This obviously gives an error because MSG uses POINT before POINT is defined.
So i decided to change it to:
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
POINT struc ; (sizeof=0x8, standard type)
x dd ?
y dd ?
POINT ends
; ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
MSG struc ; (sizeof=0x1C, standard type)
hwnd dd ? ; offset
message dd ?
wParam dd ?
lParam dd ?
time dd ?
pt POINT ? ; <-- ! line 64 !
MSG ends
But now i get the following weird error messages:
C:\doso\ida.asm(64) : error A2179: structure improperly initialized
C:\doso\da.asm(64) : error A2008: syntax error : in structure
Probably a newb question, but: improperly initialized? Why? To me it seems like it's initialised..
Disassembling and reassembling a program is called RE, so you will get no more help from me but I will answer this 'one' question. Use:
pt POINT <?>
Paul
Ofcource it is, but why can't i RE my own application? It's good exercise, debugging still makes you learn the language more then any other way since you're actively searching for stuff you didn't knew about before.
But thanks, that'll help :)
<PBrennick>
Disassembling and reassembling a program is called RE, so you will get no more help from me....
<FromTheSun>
Ofcource it is, but why can't i RE my own application?
REVERSE ENGINEERING - is in NO way is the same as DEBUG-ing - two seperate literal concepts.
Besides - it "looks" like you might not "really" be interested in programming in assembler - but
something else....... which generally around here does'nt go down well .....
I disassembled a program using IDA - could be misconstrude as "some-one else's" program
I actually am. To see if i can speed things up by using assembly.
Came across a couple more tutorials, but some things just aren't explained, just like the following:
pt POINT {}
pt POINT <>
pt POINT <?> (This one thanks to PBrennick)
Whats the difference between them?
Besides that, it's debugging ida asm code. Not my own application.
But yes, that's REing my own app. Which i still think is good exercise.
This topic has an element of bullsh*t about it.
> Ofcource it is, but why can't i RE my own application?
If you wrote it yourself you would KNOW how a POINT structure worked. It would seem obvious that you don't have the source code for the app so unless you can provide the source code this topic will be closed.
Quote from: FromTheSun on April 02, 2007, 11:16:13 AM
But yes, that's REing my own app. Which i still think is good exercise.
The forum rules are there, and they are enforced, we don't care if it is your app or not.
Quote from: hutch-- on April 02, 2007, 11:17:00 AM
This topic has an element of bullsh*t about it.
> Ofcource it is, but why can't i RE my own application?
If you wrote it yourself you would KNOW how a POINT structure worked. It would seem obvious that you don't have the source code for the app so unless you can provide the source code this topic will be closed.
Well, here's my MFC application: http://www.vstrien.info/ASM/MyApp.rar
And here's the ASM code ida produced: http://www.vstrien.info/ASM/myapp.asm
It's just a normal mfc application, nothing special. Besides that, ofcouce i know how a POINT works in c++, i just don't know asm syntax, that's why i opened this topic.
Well - seeing as you are persistent and like looking at dumps - this
should explain it to you => RE : "But yes, that's REing my own app. Which i still think is good exercise"
Just the way you like it then .......
http://faculty.uwstout.edu/johnstonb/ico/chapter10/chapter10.1.shtml
[Just source and dumps - with high-lighting - various combinations - using Masm syntax :P]
Yay, lol :bg
Well yeah, that's exactly what i meant.. Most so called "tutorials" don't handle things like whats the difference of: :(
pt POINT {}
pt POINT <>
pt POINT <?>
http://win32assembly.online.fr/tutorials.html = a nice site too.
But yea, there's nothing bad about looking at dumps :)
FromTheSun,
Disassembled code is useful because you can learn in details about
other's algorithms but you need to ask Ilfak from Datarescue how to compile the
disassembled code from IDA... :lol
Here you can learn how to create, compile and link your own assembly code and
it is mandatory if you want to understand other's code in the future
Well, actually the whole idea of using ida was just to make some asm code from my mfc application, and have some asm code to debug. As you see, actually all questions i ask are just about asm syntax i can't find tutorials about that ask my questions. I dont ask anything about how i should reverse engineer someone else's application. I never did.
And yes, i'm quite persistent in learning asm, since i find it interesting to program low level.
I thought I'd be less evil and let you have the defacto explanations aswell:
http://maven.smith.edu/~thiebaut/ArtOfAssembly/CH05/CH05-3.html#HEADING3-1
[Last Words] - (RE)VERSE ENGINEERING = BAD TOPIC
- DISASSEMBLY = THIN-ICE TOPIC
- DEBUGGING = GOOD TOPIC
FromTheSun,
Disassembling an entire program to see how asm works is an exercise in futility. In my opinion, you should take a small part of your program, compile it and then disassemble it. That way you will have a better idea what code is associated with what. You can eventually do the entire project that way. This is just 'my' opinion. I am not well versed in C++, just trying to give helpful advice.
In the future, it would be a good idea for you to explain fully what you are doing so as to avoid people getting the wrong idea. There are people around here who are good at converting C++ to assembly without using the method you are embracing.
Paul
I think the level of paranoia in here is a little high - anyone mentions anything remotely related to something that could in some circumstances be construed as less than legitimate and they get jumped on.
Of course it's a judgement call - but please, people, keep up a healthy level of paranoia :bdg
(Not condoning anything, just seem to be noticing an increased 'uptightness' - yes I know we have to be careful, but let's also be reasonable.)
After learning most of this stuff the hard way, we exercise a policy of shooting first and asking questions later. Tolerance was abused too many times by too many people who misread it as weakness. Dumping an IDA PRO disassembly and asking questions about it as a new member is a recipe for suspicion and the response was fully justified. having heard every excuse under the sun and enough others as well from people trying to get support for cracking and / or similar, nothing is going to change much.