Hello everybody. I'm new here. So is there anyway to see the code of an exe that been coded in assembly and is already complied. And the exe was compiled using MASM.
Posted on 2006-07-20 22:27:19 by luffy21
Well, you can load your exe into a debugger and see the code.
Posted on 2006-07-20 22:43:13 by ti_mo_n
Can you recommend a friendly user debugger??? I never used a debugger before.
Posted on 2006-07-20 22:49:17 by luffy21
I use OllyDbg. You just click File->Open (shortcut: F3), select a file, wait for the analysis to finish, and then, well, watch the code. Right after the file has been loaded, the pointer is at the first instruction to be executed in the program. The program is stopped right now. You use F7 and F8 to step instruction by instruction (F7 enters inside any function calls, while F8 steps 'over' them - highly recommended for WINAPI calls). F9 runs the program from the current position, F2 puts a breakpoint (the program will stop if it reaches a breakpoint. it can be resumed with F9, or you can press F7s and F8s).

That covers the basic tutorial ;)

Oh, 1 last thing: everything I described here is for the "CPU" window (the most interesting one). You activate it by pressing ALT+C.
Posted on 2006-07-20 23:11:59 by ti_mo_n
Just don't use a debugger to do anything illegal ^_^
Posted on 2006-07-21 03:31:59 by f0dder
u can load it into IDA if u want to analyze the code...
Posted on 2006-07-22 18:54:53 by SET
What is IDA??? I trying to figure out the coding of the program and it alot harder to read than I thought it would.

P.S. This was complied in 16-bit DOS instead of 32-bit
Posted on 2006-07-23 12:17:43 by luffy21
I have never used OllyDbg for 16 bit DOS programs.
But this is what I OllyDbg's help file says on 16 bit adressing:

About OllyDbg's disassembler it says:

Disassembler correctly decodes 16-bit addresses.
However, it assumes all segments to be 32-bit (segment
attribute USE32). This is always true for Portable
Executable (PE) files. OllyDbg does not support 16-bit New
Executables.


And about OllyDbg's assember the help file says:

Assembler and Disassembler share the same decoding table,
so if some command can be disassembled, it can be assembled too,
with one exception: 16-bit addressing modes are not supported.


So, the disassembler can understand 16 bit adresses but assumes the segment registers to be 32 bits (USE32).
But OllyDbg's assembler does'nt support 16 bit adressing at all, but maybe you don't need this.

Just try, and see what happens.

Friendly regards,
mdevries.
Posted on 2006-07-23 14:06:39 by mdevries

What is IDA???

IDA is the best disassembler around, see http://www.datarescue.com/idabase/ .


I trying to figure out the coding of the program and it alot harder to read than I thought it would.

This is starting to sound like something that's not appropriate for this forum... what is it exactly you want to do?
Posted on 2006-07-23 14:18:58 by f0dder
my friend gave me an exe that have some very cool features in that I like to know how to do. But he don't have the coding anymore. But this doesn't fall under the ruling of Reverse Engineering doesn't it??
Posted on 2006-07-23 14:40:16 by luffy21

my friend gave me an exe that have some very cool features in that I like to know how to do. But he don't have the coding anymore. But this doesn't fall under the ruling of Reverse Engineering doesn't it??

I'm afraid it does...

Your friend should be able to reconstruct the code or at least have a vague idea of what he did. If he doesn't, too bad - this might be a legitimate thing, but too often people are trying to subvert our rules by saying "oh, but it's from a friend" or whatever.

What are those features? Perhaps we could help you construct them without doing any RE, just from a description...
Posted on 2006-07-23 14:46:13 by f0dder
It basically a GUI with 4 sliders( on top, bottom, left and right of the screen) that pass an image and let the user zoom in and out and rotate the pic in real time. It also changes the color of the pic.

P.S. My friend said he remember using mostly floating points pass values but when I was looking at the coding with OllyDbg, the coding was passing registers instead of floating points.
Posted on 2006-07-23 14:51:54 by luffy21
Ah, so basically a roto-zoomer that is user-controlled?

You should be able to find a lot of sample code (C, Pascal, assembly - you name it) with google. At least rotozooming is an effect that's been done countless times, even in the 16bit dos days :)

It can be done hardware accelerated (OpenGL or Direct3D, which gives the additional benefit of bi/trilinear/anisotropic filtering, depending on capabilities, or probably even on GDI) - or you can implement it fully in software.

As for passing in registers, I would probably have the sliders go from 0-65536 and pass the slider value as an integer, then convert that value to "what makes sense" a bit later on.
Posted on 2006-07-23 15:02:56 by f0dder
wow thanks alot I did found some and some that were better looking thanks alot f0dder

edit: How do you use IDA? How do i make it display the codes? It doesn't seems to support coding in 16 bits.
Posted on 2006-07-23 15:34:10 by luffy21
How to use IDA is quite a topic, and not really suitable for this forum. I can't remember if the free/demo versions of IDA supports 16bit DOS executables, but I think they do - would be weird if they don't. Doesn't your version come with a "idahelp.hlp" file?
Posted on 2006-07-24 05:37:01 by f0dder