What are the main concepts needed to write a simple
disassembler? Is there any available source?

Is it possible to do things like this in MFC (I don't use MFC....
just curious)?

Posted on 2001-09-20 13:13:15 by Xtreme
I have studied the subject and i consider it a 'long-term' project of mine.
First of all you could check here . This is a nice tutor on how to write your own disassembler. It focuses mainly on the 'architecture' of the program and kinda hides the 'implementation'; that is, you will not learn how to make an opcode decoding 'engine' which essentially is what you need.
There are lots of disassemblers with source out there. This one being one of the most important.
You can also take a look at Mammon's bastard project. Which is not a disassembler, but a disassembler enviroment. (Those are +_m words :) )
Get all the intel docs. get opcode maps. Pay a visit to sandpile .
There is also a .dll out there which will provide opcode translation for you. But i'd not follow this path since the most fun would be to code your own.
Anyway, hope you'll make it and learn a lot.

Posted on 2001-09-20 13:48:36 by latigo
Forget MFC ;)
Posted on 2001-09-20 13:50:25 by latigo
If you want to look at some assembly source for a debugger try TKOS Source. I have some other disassemblers in assembly - let me know and I'll look around for you on my HD? Basically, your decoding a byte stream, creating flags for different types of labels and parsing different data types.
Posted on 2001-09-20 19:13:00 by bitRAKE
hi, i'm your man ;)

first, read this paper: http://www.coderz.net/lifewire/stuff/intel.txt
to understand the logics. then you can get a table from me (if you want; lifewire@mail.ru; i don't have it online) with all the flags of an instruction. clear those flags and compare it to its mask, then you know if your instruction is yours. then some flag analysing (is oo flag 11 then this else that etc) and you are done.

easy erh? ;)

and erh, MFC.. ? no clue
Posted on 2001-09-24 14:05:42 by lifewire
You can write a disassembler in C, you can write it in C++, you can
write it in asm. You can write it in any language that supports arrays,
bitwise data access (and shifts), and byte access.

Most of the asm-source disassemblers I have seen have been pretty
inflexible and awkward. fluff's dazmit (http://mklasson.cjb.net) is
pretty good though. For a really *clean* disassembler that's pretty
flexible as well (I'm in the process of adding MMX and other opcodes
to it, as well as generally adapting it for my style), find the disassembler
from the mach project. Sorry, I don't have any URL handy, but...
it should be googlable :):
Posted on 2001-09-24 18:32:27 by f0dder
i think dazmit is not good to learn something from. its a huge, big file with totally confusing tables. ofcourse it works good blabla nothing to hurt the coder of it, but it is a mess. sorry ;)

i prefer nice tables like 'NOP 010101bitmask oflag positon wflag etc... and that is what you need, don't you?
Posted on 2001-09-25 14:38:57 by lifewire
Yeah, dazmit is probably not good to learn from ;). But it's nice in
use, which is what I meant :]. I feel it's "flexible".
Posted on 2001-09-25 15:49:14 by f0dder