Hey alloces..check this for a more than good intro to IDA. It's by Mammon. You should check the rest of his stuff too. It's very good reading :)


Latigo
Posted on 2001-08-01 08:57:01 by latigo
thanks man, it's a great intro!!!
Posted on 2001-08-01 09:05:33 by NOP-erator
A dissasmbler I recomend one called is Olly Debug (But then again I dont have much experience with Disasmblers).

Its only a 500kb download, and it manages to display all stack dump, dissasmbly (which includes procedure recognition), memory dump, and the current value of registers and what the possible value they contain is. It also recognises common Win32 API calls and there paremeters & common Win32 API structures.

I managed to pick up on how to use it after been completly stumped by Win32Dasm 1st try.

-huh
Posted on 2001-08-02 01:49:42 by huh
I tend to do as little as I need to do to get a disasembly so I use Clive Turvey's DumpPE from MASM32 after I put a number of nops before the code I want to look at. Its fine in MASM as it very rarely ever uses nops, I have from time to time dumped some of my PowerBASIC code as it does not use nops either.

Tracing function calls is a bit more work and you may need a dissassembler that can follow function calls to get around the dump more easily.

When it comes to library calls an optimising compiler is not going to mess it up all that much so I would not worry about identifying a piece of code with a set of nops in it as it will probably work OK.

Regards,

hutch@pbq.com.au
Posted on 2001-08-02 02:09:15 by hutch--
Hey people,
If your writing in assmbly there's little need for disassemblers.

if your debugging your own code why don't you try Windbg by our benovelent father up in Redmond.
I used SoftIce in my wilder days but i never liked that it was always running.

Windbg is very easy to use and very powerfull it s also FREE...It works with Asm source code as well as c/c++, so no need for any silly tricks to break on you code or whatever, It's very simple to include debugging info in your exe.

Olly debug is nice too but Windbg is my fav debugger

the Martial
Posted on 2001-08-02 06:18:57 by MArtial_Code
little need for disassemblers when programming in assembly? Not true :).
Especially if you start messing around with "interesting" macros...
I doubt many people have gotten a descriptor-creating macro right
the first time ;).

Softice is a nice debugger because it's so damn powerful, and you
can type commands in it, not bound by some GUI that requires mouse
clicks etc. And then we have icedump, which adds a LOT of useful
modifications to softice. Like thread suspend/resume, and dumping.
And dumping can be VERY useful when you're programming self-modifying
code. And stuff.

Hutch, your disassembly approach will not work very well with complex
applications :/. Some bugs can be so darned frustrating.. and not
very hard to spot unless you sit down and trace the program.
Posted on 2001-08-02 18:40:13 by f0dder
I can say I have already experienced some time-saving usefullness outa softice.. (now that i can jump in when ever i want :) )...

I have to admit tho, i still tend to use Erie's DMacros' as well... but the last set of problems were the smoothest to pound out yet (thanx to softice...)

NaN
Posted on 2001-08-03 16:08:42 by NaN
Dear Martial,

SoftIce is as powerfull as it can be. Think about it for two minutes and it's the closest thing to a miracle that you can see around.
(Miracle in terms of software applications that is ).

Many coders reject it just because of a non-user friendliness at first use which in turn is a consecuence of not RTFMing properly.

It's way more than a couple of quick tricks.
Yes, there are many many good debuggers but given the needed amount of analisis you'll end up realising that it's simply the best. :) :alright:


Latigo
Posted on 2001-08-03 17:03:00 by latigo