Utilities for Working with Assembler

Editors

Although I never use specialized editors for writing Assembly programs myself , for completeness I'll briefly describe two of them. I'll start with the QEDITOR.EXE program supplied with MASM32. The editor, as well as all companion utilities, is written in Assembly language. After analyzing their size and functional capabilities, you'll be impressed. For example, the editor is only 27 KB, and the utility used for viewing reports on the results of translation is only 6 KB long. This editor is suitable for working with small, single-module applications. However, it isn't convenient for working with several modules. The operation of this editor is based on interaction with various utilities using batch files. For example, program translation is carried out by the ASSMBL.BAT batch file, which uses the ML.EXE assembler and directs the result into the ASMBL.TXT text file. To view this file, it is necessary to use the THEGUN.EXE utility. Linking is carried out in a similar way.

The DUMPPE.EXE utility is used for disassembling executable modules, and the results of its operation are sent to the DISASM.TXT file. Other operations are carried out in the same way. You can easily customize these operations by editing the appropriate batch file. When necessary, it is possible to replace the utilities being used (e.g., it is possible to replace ML.EXE by TASM32.EXE).

The second editor, to which I'd like to draw your attention, is the Easy Assembler Shell (EAS.EXE). This editor, or shell, as its name implies, allows you to create, compile, and link sophisticated projects, which comprise ASM, OBJ, RC, RES, and DEF files. This program can work with TASM and MASM, as well as with other utilities ( debuggers , resource editors, etc.). Compilers and linkers can be customized for a specific operating mode directly from the shell by specifying the required command-line options for these utilities.

Debuggers

Debuggers allow programs to be executed in a step-by-step mode. In Part IV of this book, I cover debuggers and disassemblers in more detail. The list of the most popular debuggers ^[i] includes CodeView (Microsoft), Turbo Debugger (Borland), and Ice.

Disassemblers

Disassemblers convert the executable module into Assembly language code. An example of the simplest disassembler is the DUMPPE.EXE program, which operates in the command-line mode. Listing 1.10 provides an example of the results produced by DUMPPE.EXE. This example illustrates the result produced by disassembling the program provided in Listing 1.4. Can you recognize the program?

Listing 1.10: The results of disassembling a program using DUMPPE.EXE

 knla.exe                      (hex)          (dec) .EXE size (bytes)             490            1168 Minimum load size (bytes)     450            1104 Overlay number                0              0 Initial CS:IP                 0000:0000 Initial SS.SP                 0000:00B8      184 Minimum allocation (para)     0              0 Maximum allocation (para)     FFFF           65535 Header size (para)            4              4 Relocation table offset       40             64 Relocation entries            0              0 Portable executable starts at a8 Signature                     00004550 (PE) Machine                       014C (Intel 386) Sections                      0001 Time date stamp               3AE6D1B1 Wed Apr 25 19:31:29 2001 Symbol table                  00000000 Number of symbols             00000000 Optional header size          00E0 Characteristics               010F Relocation information stripped Executable image Line numbers stripped Local symbols stripped 32-bit word machine Magic                         010B Linker version                5.12 Size of code                  00000200 Size of initialized data      00000000 Size of uninitialized data    00000000 Address of entry point        00001000 Base of code                  00001000 Base of data                  00002000 Image base                    00400000 Section alignment             00001000 File alignment                00000200 Operating system version      4.00 Image version                 0.00 Subsystem version             4.00 Reserved                      00000000 Image size                    00002000 Header size                   00000200 Checksum                      00000000 Subsystem                     0002 (Windows) DLL characteristics           0000 Size of stack reserve         00100000 Size of stack commit          00001000 Size of heap reserve          00100000 Size of heap commit           00001000 Loader flags                  00000000 Number of directories         00000010 Directory name                VirtAddr       VirtSize ----------------------------  --------       -------- Export                        00000000       00000000 Import                        00000000       00000000 Resource                      00000000       00000000 Exception                     00000000       00000000 Security                      00000000       00000000 Base relocation               00000000       00000000 Debug                         00000000       00000000 Description/architecture      00000000       00000000 Machine value (MIPS GP)       00000000       00000000 Thread storage                00000000       00000000 Load configuration            00000000       00000000 Bound import                  00000000       00000000 Import address table          00000000       00000000 Delay import                  00000000       00000000 COM runtime descriptor        00000000       00000000 (reserved)                    00000000       00000000 Section table ----------- Virtual address               0001000 Virtual size                  00000E Raw data offset               000200 Raw data size                 0000200 Relocation offset             000000 Relocation count              000 Line number offset            0000000 Line number count             000 Characteristics               0000020 Code Executable Readable Disassembly 00401000 start: 00401000 E803000000 call fn_00401008 00401005 C3          ret 00401006 CC          int 3 00401007 CC          int 3 00401008fn_00401008: 00401008 B8E8030000 mov eax, 3E8h 0040100D C3          ret 

 

I'd also like to mention the W32Dasm disassembler, which will be covered in detail in the last part of this book, and the well-known Ida Pro disassembler. In Part IV, I will consider both disassemblers in detail, as well as the techniques of efficiently using them.

Hex Editors

Hex editors allow you to view and edit executable modules in hex format. There are lots of programs of this type available. Furthermore, the most popular debuggers and disassemblers have built-in hex editors. Here, I'll only mention the HIEW.EXE program, which is popular with hackers. This program allows executable modules to be loaded both in hex format and in the form of Assembly code. Besides simply viewing these modules, HIEW.EXE allows you to edit them.

Resource Compilers

Both the MASM32 and the TASM32 assembler have a built-in resource compiler, which will be described in Chapter 9. These are the RC.EXE and BRC32.EXE programs, respectively.

Resource Editors

As a rule, I use the resource editor supplied as part of Borland C++ 5.0 or the one supplied along with Visual Studio.NET. Simple resources can be created using practically any text editor. The resource language will be covered in more detail in Chapters 9 and 10.

^[i] The DEBUG.EXE program is still supplied with the Windows operating system; however, this debugger does not support the new format of executable files.