Alexei A. Frounze wrote:
> On May 2, 7:37 pm, Frank Kotler <spamt...@[EMAIL PROTECTED]
> wrote:
>> ljp wrote:
>>> Hi everyone, I have a bizarre question about x86 disassembly...
>>> I want to disassemble a Linux x86 executable into assembler source
>>> that can then be re-assembled into the original binary.
>> "AsmSrc" from Jeff Owens' package of tools:
>>
>> http://www.linuxasmtools.net/
>>
>> Pur****ts to so that. Never tried it, so I can't say if it'll work. Not
>> an easy thing to do! As Alexei points out, we'd really like a linker
>> script, too...
>
> Basically, for every producible distinct form of the binary there
> needs to be a tool to dissect the binary into parts and generate a
> linker script for the original linker. The linker must be able combine
> that back into an identical binary (maybe with the exception for any
> timestamps and debugging information). I'd say that's the first tool
> requirement. Then the disassembler must produce disassembly that one
> can reassembly unambiguously and feed the object file into the linker
> along with the script. If somebody creates the tools for this (the
> binary dissector/script producer, unambiguous disassembler and
> probably unambiguous assembler too), then the problem is solved. By
> design. :)
This is of course correct, but I'd like to step back to what I believe
was the original problem:
The OP needed to make a small modification to an existing binary, right?
This is a well-known issue with old IBM mainframe application, many of
them has no longer any source code available, but they have still been
maintained and modified for decades.
The tools used to solve this is a disassembler (to figure out where the
patch needs to hook in), a compiler/assembler to generate the patch
code, which can even be in the form of a separate program, loaded at a
known address, and then finally, the patcher which works similar to a
linker, modifying the binary image on the fly and inserting a jump
opcode to branch to the new function.
For an x86 program I would do the same, making a separate patch program
which loads the original binary (but in halted modus, or with an
inserted breakpoint) and then patch the function(s) to be modified.
Terje
--
- <Terje.Mathisen@[EMAIL PROTECTED]
>
"almost all programming can be viewed as an exercise in caching"
|
