many of you are familiar with ollydbg assembler level disassembler/debugger. I am coding a project which will do similar work, although it will be less featured. my biggest hurdle will be the disassembly/assembly part of the project (i.e. disassembling code of another program while it is running 'live' for viewing). also, it would be nice to have the ability to assemble live as well, as you can do with ollydbg (i.e. you can take a code location and modify it while it is running for testing purposes or debugging, etc.). my goal is to also have this program be able to work in 64 bit environment (i.e. two different .exe's, one for 32 bit disassembly/ another for 64, etc.) my end OS will be windows (32 or 64 bit), with an emphasis on moving towards windows 7.
at any rate, there are several libraries available that can be used to disassemble. i have several questions here:
1) if you know of any good disassm/assm libraries please list them here. BeaEngine (3.x) is used in ollydbg plugins to make ollydbg current (SSE instructions). There is UDIS86 library which i think PB even uses for debugging commands (no idea if it has 64 bit support). Also there is DiStorm and some others. Some things I would like to see from the library:
a) simplicity of calls
b) easy to port to PB
c) ability to disassemble memory of another program (i.e. program A attaches to program B and Program A displays disassembly of Program B at x location, etc.)
d) ability to assemble (i.e. you pass assembly instructions to function and it returns the OpCodes)
i used olly.dll which is a circa 2002 .dll that the developer of ollydbg released a long time ago to do a similar crude project but i dropped it because the olly.dll was unable to disassemble current machine code instructions (i.e. the disassembler engine was out of date).
2) can someone help me to get a working PB simple program that disassembles code using the BeaEngine .dll? it seems very straightforward engine based on my reading. however, i have not much experience calling .dll's from within PB or converting C code into purebasic.
the link is here:
http://beatrix2004.free.fr/BeaEngine/support1.php
maybe we can have the program attach to notepad.exe, use the .dll to display some code from notepad.exe (disassembly).
this would be of a great help=
best,
Mike Yurgalavage
BeaEngine DisAssembly .dll need guidance
-
Mike Yurgalavage
- Enthusiast
- Posts: 118
- Joined: Thu May 17, 2007 8:35 pm
- Location: USA
-
Mike Yurgalavage
- Enthusiast
- Posts: 118
- Joined: Thu May 17, 2007 8:35 pm
- Location: USA
Re: BeaEngine DisAssembly .dll need guidance
bump.
surely someone has done some work with disassembly here. i guess i am willing to pay money for some guidance here if no one is willing to help me for free.
best,
Mike
surely someone has done some work with disassembly here. i guess i am willing to pay money for some guidance here if no one is willing to help me for free.
best,
Mike
Re: BeaEngine DisAssembly .dll need guidance
I think you should write your own engine. So you get a deeper understandment of it.
Here is a Disassembler written in PB: http://www.purebasic.fr/english/viewtop ... 27&t=37319
Here is a Disassembler written in PB: http://www.purebasic.fr/english/viewtop ... 27&t=37319
-
Mike Yurgalavage
- Enthusiast
- Posts: 118
- Joined: Thu May 17, 2007 8:35 pm
- Location: USA
Re: BeaEngine DisAssembly .dll need guidance
thanks for at least responding!
i would think that coding a disassembler from scratch would be an undertaking that would take more time than i would invest in the actual project that would USE it.
i saw the thread you linked to previously. Kudos to that person for going all out and making their own. perhaps he has a way to create a .dll for his project.
at any rate, i still could use some help with getting the BeaEngine to work. do you (or anyone) think you could do as i described (or help me do it), i.e. we create program to attach to notepad, then call the beaengine .dll to get disassembly from it (while notepad.exe is running)
best,
Mike
i would think that coding a disassembler from scratch would be an undertaking that would take more time than i would invest in the actual project that would USE it.
i saw the thread you linked to previously. Kudos to that person for going all out and making their own. perhaps he has a way to create a .dll for his project.
at any rate, i still could use some help with getting the BeaEngine to work. do you (or anyone) think you could do as i described (or help me do it), i.e. we create program to attach to notepad, then call the beaengine .dll to get disassembly from it (while notepad.exe is running)
best,
Mike
Re: BeaEngine DisAssembly .dll need guidance
I don't know enything about the BeaEngine but you just have to use the Windows debugging API for attach your process as debugger to another process.Mike Yurgalavage wrote: at any rate, i still could use some help with getting the BeaEngine to work. do you (or anyone) think you could do as i described (or help me do it), i.e. we create program to attach to notepad, then call the beaengine .dll to get disassembly from it (while notepad.exe is running)
If you only want to disassemble you don't need to attach at all. You just need to read the memory of the target process with ReadProcessMemory. Well first you have to get the image base addresse, you can get it by enumerating the modules of the process or read it from the PE header of the .exe file.
If you want to make a debugger, using the debugger API is the easiest way. OllyDbg uses it.
You can read all about it: http://msdn.microsoft.com/en-us/library ... 85%29.aspx