Post by Frank KotlerI think I've got a patch for ndisasm, contributed by "Anonymous Coward",
that allows ndisasm to produce something more like source code. I'll
take a look at it, and get back to ya if it looks like something you'd
want. (can you build Nasm?)
Later,
Well, that was easy... A.C.'s added a "-j" switch, for "just
instructions. Output from:
ndisasm -u -j -o 0x8048000 -e 0x80 showenv>tmp
Looks like:
mov eax,[esp]
lea ebx,[esp+eax*4+0x8]
mov esi,[ebx]
or esi,esi
jz 0x8048021
call 0x804802a
mov esi,0x80480c6
call 0x804802a
add ebx,byte +0x4
jmp short 0x8048007
xor ebx,ebx
mov eax,0x1
int 0x80
pusha
mov eax,0x4
mov ebx,0x1
mov ecx,esi
or edx,byte -0x1
cmp byte [ecx+edx+0x1],0x1
inc edx
jnc 0x804803a
int 0x80
popa
ret
... and a whole flock more garbage that I've snipped...
As you see, it doesn't do anything about labels. If you've got a copy of
the disassembly with and without the "-j" switch "side by side" it isn't
*too* bad to make up labels and substitute 'em... Not something I'd want
to do on something as large as I imagine your C++ output to be!!!
You might be better off to start with the asm output of your C++
compiler. Better yet, look over what the C++ code *does*, and write it
from scratch.
Anyway, if you want that "-j" patch... even if you don't, it's no
longer'n a Bethpost :) Here 'tis:
--- ndisasm.c.0.98.38
+++ ndisasm.c
@@ -21,9 +21,10 @@
#define BPL 8 /* bytes per line of hex dump */
static const char *help =
-"usage: ndisasm [-a] [-i] [-h] [-r] [-u] [-b bits] [-o origin] [-s
sync...]\n"
+"usage: ndisasm [-a] [-i] [-j] [-h] [-r] [-u] [-b bits] [-o origin] [-s
sync...]\n"
" [-e bytes] [-k start,bytes] [-p vendor] file\n"
" -a or -i activates auto (intelligent) sync\n"
+" -j just emit instructions -- no offsets or encodings\n"
" -u sets USE32 (32-bit mode)\n"
" -b 16 or -b 32 sets number of bits too\n"
" -h displays this text\n"
@@ -32,7 +33,7 @@
" -k avoids disassembling <bytes> bytes from position <start>\n"
" -p selects the preferred vendor instruction set (intel, amd, cyrix,
idt)\n";
-static void output_ins (unsigned long, unsigned char *, int, char *);
+static void output_ins (unsigned long, unsigned char *, int, char *,
int);
static void skip (unsigned long dist, FILE *fp);
int main(int argc, char **argv)
@@ -45,6 +46,7 @@
int lenread;
long lendis;
int autosync = FALSE;
+ int just_insn = FALSE;
int bits = 16;
int eof = FALSE;
unsigned long prefer = 0;
@@ -65,6 +67,10 @@
autosync = TRUE;
p++;
break;
+ case 'j':
+ just_insn = TRUE;
+ p++;
+ break;
case 'h':
fprintf(stderr, help);
return 0;
@@ -247,7 +253,7 @@
if (!lendis || lendis > (p - q) ||
(unsigned long)lendis > nextsync-offset)
lendis = eatbyte (q, outbuf);
- output_ins (offset, q, lendis, outbuf);
+ output_ins (offset, q, lendis, outbuf, just_insn);
q += lendis;
offset += lendis;
}
@@ -268,9 +274,15 @@
}
static void output_ins (unsigned long offset, unsigned char *data,
- int datalen, char *insn)
+ int datalen, char *insn, int just_insn)
{
int bytes;
+
+ if (just_insn) {
+ fprintf(stdout, "%s\n", insn);
+ return;
+ }
+
fprintf(stdout, "%08lX ", offset);
bytes = 0;
...
Best,
Frank