There is a war on. It is about whether the knowledge
humanity is accumulating at an unprecedented pace, remains in the
hands of a few, or is available to us all.
An important role in this war is played by reverse engineering tools.
My
computer_intelligence_assembler_disassembler_386
is such a tool.
For convenience it is abbreviated ciasdis or cias/cidis 1) .
Continuous pressure is applied to outlaw such tools, or give the
impression that they are illegal. They are already outlawed to an extent,
even in a traditionally liberal country like the Netherlands. Download
before it is too late.
http://home.hccnet.nl/a.w.m.van.der.horst/forthassembler.html
This is version 0.1.0: an Alpha release. Draw no conclusions from that
about reliability! Alpha only means that the specification can change
depending on user reports. Large parts of this code base have been
stable for years, in particular the PostIt-FixUp Intel assembler.
(Once in Beta upwards compatibility will be maintained.)
Needless to say, it is open source, and protected by the GNU Public
License to stay that way. (``Open Source'' is not really open source.)
This tool is like a sword, seemingly low-tech. It requires skill, but
in close-combat it is as deadly as a machine-gun. All you need is a
single 130 kbyte executable 2). It doesn't require anything particular
to be installed, and runs probably on old kernels (1.2) and BSD's.
Applications of reverse engineering are (not exhaustive):
1. Analyzing viruses
2. Plug vulnerabilities in closed source programs
3 Removing bugs from same
4. Finding copyright infringement and competition-exclusion in same
5. Adapting drivers to run on an Operating System of Your Own Choice
6. Recovering the lost source of a program
7. Analyzing a BIOS to allow Full Use of Your Hardware
8. (Requires above-average skill) Incorporating a DSP assembler, then
analyze codec's.
9. Removing copy-protection or dongle-inspection and changing expiration
dates.
Of those only 9 is presently possibly illegal. If you want to provoke
a trial process, please publish and distribute a .cul file separately
from ciasdis, and don't implicate me. Because of the other facilities
possession of this tool itself is legal (as yet, to my best knowledge,
in most countries).
Distinguishing features of ciasdis are:
1. Analysis is primarily interactive and cumulative, building a database.
2. Scripting is of the essential. Large programs are too
time-consuming to analyze fully by hand. ciasdis allows to automate
extracting names from undisclosed formats. (Traditional tools like
gdb, GNU objdump, extract information from well organized, fully
documented formats.)
3. It handles binaries where different types of information (code, data,
tables)
are interspersed.
4. A disassembly can be reassembled to byte-for-byte same code.
Note: my assembler format has been called "it's hell". However,
there is no way point 4 can be attained using the official Intel
assembler language.
The archive contains:
1. the source for cias/cidis
2. assemblers for 80386, 8086, DEC Alpha, 6809, 8080 compatible with
cias/cidis
3. an executable for GNU-Linux to analyze Intel x86 16/32 bits code,
4. Man pages for this executable(at 3).
Man page for the script language. format of the scripts.
5. consult scripts for EXE and ELF, the headers of programs in Windows
and GNU-Linux respectively.
6. an example of simple use
7. a large example generated with a dedicated script showing interspersed
code, data and text areas
8. documentation for the principle of operation and the Intel assembler
code.
Ad 1 and 2 : you can use the sources supplied to build e.g. an executable
to
run on windows to analyze DEC Alpha programs.
The bulk of the information in the large example was generated by a
plug in script, extracting name information from the binary. This
script is itself a result of the reverse engineering effort, tailored
to the the binary. It serves to document its format too.
Below you see a fragment of an analysis of lina (the underlying Forth
compiler of cias/cidis), automatically generated, showing labels,
pieces of text, a piece of threaded code and a piece of Intel
assembler. (Forth compilers are notoriously difficult to analyze,
traditional code crawling breaks down for threaded code.)
....
( 0804,AF18 ) :N_ALIGN d$ 5 0 0 0 "ALIGN" 90 90 90
( 0804,AF24 ) :X_ALIGN dl docol H_ALIGN H_U0 X_CHARS
( 0804,AF34 ) dl N_ALIGN 0000,0000
( 0804,AF3C ) :H_ALIGN dl X_DP X_@
( 0804,AF44 ) dl X_ALIGNED X_DP X_! semis
( 0804,AF54 ) :N_ALIGNED d$ 7 0 0 0 "ALIGNED" 90
( 0804,AF60 ) :X_ALIGNED dl H_ALIGNED H_ALIGNED 0000,0000 X_ALIGN
( 0804,AF70 ) dl N_ALIGNED 0000,0000
( 0804,AF78 ) :H_ALIGNED POP|X, AX|
( 0804,AF79 ) DEC|X, AX|
( 0804,AF7A ) ORI|A, B'| 0000,0003 IB,
( 0804,AF7C ) INC|X, AX|
( 0804,AF7D ) PUSH|X, AX|
( 0804,AF7E ) LODS, X'|
( 0804,AF7F ) JMPO, ZO| [AX]
( 0804,AF81 )
....
If you are not impressed, this tool is not for you.
1)
DISCLAIMER: for convenience you may use names like cias and cidis to
link to computer_intelligence_assembler_disassembler_386 . Do this at
your own risk. cias and cidis are trademarks owned by their respective
owners, or will be so in the near future (like all 3,4 and 5 letter
words.)
2) Plus Petabytes of information. I suggest the Internet.
--
Albert van der Horst,Oranjestr 8,3511 RA UTRECHT,THE NETHERLANDS
To suffer is the prerogative of the strong. The weak -- perish.
ahnospam@spenarnc.xs4all.nl http://home.hccnet.nl/a.w.m.van.der.horst
Do *not* remove nospam!
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:27:11 EDT