On Apr 30, 11:08 pm, Belal <spamt...@[EMAIL PROTECTED]
> wrote:
> I was searching too long time for doing this friend, but no success
> until now? Did you find the way to do it?
> I don't know why this should not be easy and why doesn't there any
> utility do it directly.
> the disassembler should should know what it's doing when disassemble
> and then reverse it.
> my problem is different than yours, what I need is to disassemble a
> binary add some modifications and correct some bugs then recompile it
> again into binary without altering anything relates to the libraries,
> linking nor the CPU architecture.
The disassembler must disassembly everything and where it has
difficulties it must just output a bunch of DB's. By difficulties I
mean unknown opcodes and opcodes that may disassembly to instructions
whose assembling does not produce unique instruction byte sequences
(i.e. there're a few duplicates in the instruction set, and some
things usually can't be specified in the instruction and the assembler
is free to choose whatever it wants, i.e. the bit size of the
displacement in the ModRm/SIB encoding). The disassembler must also
generate the linker script so the linker doesn't have to make its own
choices either. If such an unambiguous disassembly with the linker
script can be obtained and then assembled and linked again, the
resulting binary must match the original. I think very few minds have
actually thought of this when implementing the assemblers, linkers and
disassemblers, which is why the available tools usually don't let us
disassembly and reassembly binaries without any problems, although
theoretically this is feasible.
I think to fix a few bugs and add functionality one can patch the
binary w/o disassembling and reassembling the whole thing. The easiest
is when the data structures don't need to be adjusted in size and
layout. In this case it's most likely just a matter of adding code and
placing jumps/calls to it from the existing code. If the data
structures require modification, then it may be very complicated since
there may be many references to them and all of the hardcoded offsets
and sizes must be found and adjusted, which may not be an easy problem
to solve, especially in optimized code.
Alex
|
