The Assembly Programming Master Book
| | ||
| | ||
| | ||
In concluding this chapter, I provide a brief overview of other programs often used when programming in Assembly language. Later, I will describe some of these programs in more detail; others will never be mentioned.
Editors
Although I never use specialized editors for writing Assembly programs myself , for completeness I'll briefly describe two of them. I'll start with the QEDITOR.EXE program supplied with MASM32. The editor, as well as all companion utilities, is written in Assembly language. After analyzing their size and functional capabilities, you'll be impressed. For example, the editor is only 27 KB, and the utility used for viewing reports on the results of translation is only 6 KB long. This editor is suitable for working with small, single-module applications. However, it isn't convenient for working with several modules. The operation of this editor is based on interaction with various utilities using batch files. For example, program translation is carried out by the ASSMBL.BAT batch file, which uses the ML.EXE assembler and directs the result into the ASMBL.TXT text file. To view this file, it is necessary to use the THEGUN.EXE utility. Linking is carried out in a similar way.
The DUMPPE.EXE utility is used for disassembling executable modules, and the results of its operation are sent to the DISASM.TXT file. Other operations are carried out in the same way. You can easily customize these operations by editing the appropriate batch file. When necessary, it is possible to replace the utilities being used (e.g., it is possible to replace ML.EXE by TASM32.EXE).
The second editor, to which I'd like to draw your attention, is the Easy Assembler Shell (EAS.EXE). This editor, or shell, as its name implies, allows you to create, compile, and link sophisticated projects, which comprise ASM, OBJ, RC, RES, and DEF files. This program can work with TASM and MASM, as well as with other utilities ( debuggers , resource editors, etc.). Compilers and linkers can be customized for a specific operating mode directly from the shell by specifying the required command-line options for these utilities.
Debuggers
Debuggers allow programs to be executed in a step-by-step mode. In Part IV of this book, I cover debuggers and disassemblers in more detail. The list of the most popular debuggers [i] includes CodeView (Microsoft), Turbo Debugger (Borland), and Ice.
Disassemblers
Disassemblers convert the executable module into Assembly language code. An example of the simplest disassembler is the DUMPPE.EXE program, which operates in the command-line mode. Listing 1.10 provides an example of the results produced by DUMPPE.EXE. This example illustrates the result produced by disassembling the program provided in Listing 1.4. Can you recognize the program?
Listing 1.10: The results of disassembling a program using DUMPPE.EXE
| |
knla.exe (hex) (dec) .EXE size (bytes) 490 1168 Minimum load size (bytes) 450 1104 Overlay number 0 0 Initial CS:IP 0000:0000 Initial SS.SP 0000:00B8 184 Minimum allocation (para) 0 0 Maximum allocation (para) FFFF 65535 Header size (para) 4 4 Relocation table offset 40 64 Relocation entries 0 0 Portable executable starts at a8 Signature 00004550 (PE) Machine 014C (Intel 386) Sections 0001 Time date stamp 3AE6D1B1 Wed Apr 25 19:31:29 2001 Symbol table 00000000 Number of symbols 00000000 Optional header size 00E0 Characteristics 010F Relocation information stripped Executable image Line numbers stripped Local symbols stripped 32-bit word machine Magic 010B Linker version 5.12 Size of code 00000200 Size of initialized data 00000000 Size of uninitialized data 00000000 Address of entry point 00001000 Base of code 00001000 Base of data 00002000 Image base 00400000 Section alignment 00001000 File alignment 00000200 Operating system version 4.00 Image version 0.00 Subsystem version 4.00 Reserved 00000000 Image size 00002000 Header size 00000200 Checksum 00000000 Subsystem 0002 (Windows) DLL characteristics 0000 Size of stack reserve 00100000 Size of stack commit 00001000 Size of heap reserve 00100000 Size of heap commit 00001000 Loader flags 00000000 Number of directories 00000010 Directory name VirtAddr VirtSize ---------------------------- -------- -------- Export 00000000 00000000 Import 00000000 00000000 Resource 00000000 00000000 Exception 00000000 00000000 Security 00000000 00000000 Base relocation 00000000 00000000 Debug 00000000 00000000 Description/architecture 00000000 00000000 Machine value (MIPS GP) 00000000 00000000 Thread storage 00000000 00000000 Load configuration 00000000 00000000 Bound import 00000000 00000000 Import address table 00000000 00000000 Delay import 00000000 00000000 COM runtime descriptor 00000000 00000000 (reserved) 00000000 00000000 Section table ----------- Virtual address 0001000 Virtual size 00000E Raw data offset 000200 Raw data size 0000200 Relocation offset 000000 Relocation count 000 Line number offset 0000000 Line number count 000 Characteristics 0000020 Code Executable Readable Disassembly 00401000 start: 00401000 E803000000 call fn_00401008 00401005 C3 ret 00401006 CC int 3 00401007 CC int 3 00401008fn_00401008: 00401008 B8E8030000 mov eax, 3E8h 0040100D C3 ret
| |
I'd also like to mention the W32Dasm disassembler, which will be covered in detail in the last part of this book, and the well-known Ida Pro disassembler. In Part IV, I will consider both disassemblers in detail, as well as the techniques of efficiently using them.
Hex Editors
Hex editors allow you to view and edit executable modules in hex format. There are lots of programs of this type available. Furthermore, the most popular debuggers and disassemblers have built-in hex editors. Here, I'll only mention the HIEW.EXE program, which is popular with hackers. This program allows executable modules to be loaded both in hex format and in the form of Assembly code. Besides simply viewing these modules, HIEW.EXE allows you to edit them.
Resource Compilers
Both the MASM32 and the TASM32 assembler have a built-in resource compiler, which will be described in Chapter 9. These are the RC.EXE and BRC32.EXE programs, respectively.
Resource Editors
As a rule, I use the resource editor supplied as part of Borland C++ 5.0 or the one supplied along with Visual Studio.NET. Simple resources can be created using practically any text editor. The resource language will be covered in more detail in Chapters 9 and 10.
[i] The DEBUG.EXE program is still supplied with the Windows operating system; however, this debugger does not support the new format of executable files.
| | ||
| | ||
| | ||