Pelles C forum

C language => Tips & tricks => Topic started by: TimoVJL on October 03, 2017, 07:14:12 PM

Title: Zydis
Post by: TimoVJL on October 03, 2017, 07:14:12 PM

Another disassembler engine:
Zyan Disassembler Engine (Zydis) (https://github.com/zyantific/zydis)

Code size about 300 kb.

EDIT: PEObjDisAsm, an example for an object file asm dump.

EDIT 2017-10-25: PEObjDisAsm_WS_a3.zip with modified line lengths src\Generated\DecoderTables.inc.
                           additional files FormatHelperMasm.c FormatterMasm.c

EDIT 2017-11-22: PEObjDisAsm_WS_a7.zip code bytes and funtion names.
EDIT 2018-02-14: PEObjDisAsm_WS_a8.zip some fixes for symbols.

Title: Re: Zydis
Post by: Jokaste on October 04, 2017, 01:50:38 AM

Very interesting. I download it immediatly. :D

Title: Re: Zydis
Post by: TimoVJL on October 25, 2017, 12:20:37 PM

A tool to modify line lengths of src\Generated\DecoderTables.inc.
In C source file line length limit is 4096, at least in pocc.

Title: Re: Zydis
Post by: Jokaste on October 25, 2017, 01:57:29 PM

For me that's good
Having a simple listing is nice for me
I would like to have an other with the addresses for seeing aligment
And an other that indicates if the source/destination operand(s) is/are register or memory operand.
That for later giving a name to the address.
I me problems with 2 files, I join into the zip the obj and the source file.
Good work... continue. :( :( :( :( :( :) :) :) :) :) :)

Title: Re: Zydis
Post by: Vortex on October 26, 2017, 10:26:39 PM

Hi Timo,

Once again, impressive work. Let me study your project.

Title: Re: Zydis
Post by: Jokaste on November 21, 2017, 08:56:27 PM

Is this project finished?

Title: Re: Zydis
Post by: TimoVJL on November 21, 2017, 09:14:50 PM

Is something missing from that example?

Title: Re: Zydis
Post by: Jokaste on November 21, 2017, 11:05:43 PM

Data segments and Resources.
Or a dump of the datas.
It there was an option for getting bytes code this would be great.
I made a program to optimize source code from podump, strages addresses computed, no possibility to know datas aligment.
PoDump gives the byes code and the source code the two were precious.
With your program i like taht you give the window's functions.
Knowing it we can built (or suppose) the function arguments.
With that we can identify the datas.

Title: Re: Zydis
Post by: TimoVJL on November 22, 2017, 09:03:08 AM

Last version prints code bytes.

EDIT: 2018-02-13: Updated example using Zydis.dll.

Title: Re: Zydis
Post by: Jokaste on November 23, 2017, 10:57:33 AM

 ;D

Title: Re: Zydis
Post by: TimoVJL on March 15, 2019, 06:53:50 PM

Zydis 3 testing.

Title: Re: Zydis
Post by: bitcoin on September 05, 2020, 02:14:04 PM

Sample  test_zydis1.zip not working.
I need to download zydis from github? Or what?

Title: Re: Zydis
Post by: TimoVJL on September 05, 2020, 02:31:54 PM

You need a proper Zydis dll too.
https://forum.pellesc.de/index.php?topic=7206.msg29081#msg29081

Busy right now, but if it doesn't work, just tell me.

Title: Re: Zydis
Post by: bitcoin on September 05, 2020, 03:18:00 PM

This sample (with DLL ) works. but I delete msvcrt_main.c, because if fails in "#pragma comment(lib, "msvcrt.lib")" (not found).
Works good without this.

Title: Re: Zydis
Post by: TimoVJL on September 05, 2020, 03:27:25 PM

msvcrt.lib isn't included in Pelles C, have to find one

Title: Re: Zydis
Post by: TimoVJL on October 28, 2022, 10:19:21 AM

Time to test Zydis 3.21 / 4

I haven't updated minimal headers yet  :(

Title: Re: Zydis
Post by: John Z on October 31, 2022, 12:36:22 PM

Grabbed it, but I don't do much assembly these days.

I wonder if there is a disassembler/converter for old 8/16 bit intel that can up-convert into 32/64 bit intel for re-assembling.
That could allow recovery old programs where no sources are available.

John Z