I used DISA for over 10 years and is a tremenous piece of software, it disassemles most assembley programs with no problems. Although QPTR programs need a little work, but once the window structures are found, DISA recognises this as well.
I have QMAKE as well, but never really used it much. Other essential assembley software is QD that can be configured to use an assembler either QMAC or GWASS, makes assembley programming a joy to do. One question that I often ponder if I disassemble a program like Perfection then correct all the errors or program features, am I breaking a software licence. I see many Visual Basic Decompiler, which maybe could be breaking copyrights. Derek ----- Original Message ----- From: "Marcel Kilgus" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 13, 2006 3:48 PM Subject: Re: [ql-users] Reverse engineering > Fabrizio Diversi wrote: >> I will be delighted to read, maybe in QLT an article about how to >> perform "reverse engineering" in old program, especially how you do >> such thinks, what I mean is what program you use to monitor or >> trace, or how to add more code to a program without having sources >> etc etc. > > Hm, this is not exactly easy to tell, much of it is just over a decade > of experience in binary hacking. But my main tool for QL applications > is definitely Jochen Hassler's interactive DISA disassembler. It's > excellent to trace code paths and has some superb search functionality > built-in. Additionally I sometimes use JMON to view the code live once > I know what location I want to monitor. That and a good editor (in my > case usually QD) to load a disassembly (for more complicated text > searches) or to take notes is really all I need. > > The thing is, you usually don't need to understand all of the code of > the application to patch, not even halve of it. You just need to find > a lever for getting to the location that really interests you. In this > case it was the SMS_COMM trap that I could use to put a foot in the > door with. This can easily be found by several ways. DISA already > traces code paths somewhat to recognize trap calls and if you're lucky > a search for "SMS_COMM" in the disassembly is already enough. Other > searches would be for "moveq #$12,d0" or, if all those fail (because > there are more than one way to load d0 with $12), "trap #$01" and > manually inspect all occurrences (because that is the ONLY WAY to > alter the baud rate, so it HAS to be there). Once you know where it's > located you can search for all code calling this routine, either by > searching for the label in DISA or setting a break-point in JMON and > live tracing after the RTS to see where you end up. Then you can see > where the baud rate value came from. Now you look in what other places > this value is accessed and so on. > > For actually patching the binaries I use QMAKE, QMAC and QLINK. QLINK, > unlike Tony's linker, has the excellent facility that it can overlay > _rel files over one another. So one _asm file just includes the whole > original binary using INCBIN and one or several other _asm files > include the code that I want to patch over it, at locations specified > using the ORG directive. This way I can use all the amenities of using > a normal assembler, including labels and stuff, and a new patched > binary to try is ready within a second by a single QMAKE run. E.g. > > org $1234 ; location I want to patch something into > bra.l my_new_code > return_here: > > org $1288 ; some other location > skip_function: > > org $8888 ; free space in binary or space after it > my_new_code: > moveq #$00,d0 ; this could be the code that was > trap #1 ; overwritten by the bra.l, so do it here > cmp.l #sysid.sq,sys_idnt(a0) ; now this is some additional code > beq.l skip_function ; return to different location > [blah] > bra.l return_here ; return to original code flow > > This makes everything VERY comfortable. I did devise that method > during development of the Text87 patch, because that was a HUGE patch > with lots of necessary turnarounds and without it the patch might > never have happened. > > Marcel > > _______________________________________________ > QL-Users Mailing List > http://www.q-v-d.demon.co.uk/smsqe.htm > _______________________________________________ QL-Users Mailing List http://www.q-v-d.demon.co.uk/smsqe.htm
