Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!world!esegue!compilers-sender From: Chuck.Phillips@FtCollins.NCR.COM (Chuck.Phillips) Newsgroups: comp.compilers Subject: Re: Disassembly Keywords: assembler, design Message-ID: Date: 14 Sep 90 16:05:58 GMT References: <9009091032.1.139@cup.portal.com> Sender: compilers-sender@esegue.segue.boston.ma.us Reply-To: Chuck.Phillips@FtCollins.NCR.COM (Chuck.Phillips) Organization: NCR Microelectronics, Ft. Collins, CO Lines: 40 Approved: compilers@esegue.segue.boston.ma.us In-Reply-To: phorgan@cup.portal.com's message of 9 Sep 90 17:32:55 GMT >>>>> On 9 Sep 90 17:32:55 GMT, phorgan@cup.portal.com said: > The problem with disassembling arbitrary object code is that data > bears a disturbing resemblance to code at times:) Even when > running through code disassembling starting at known code, it's > not always possible to determine when code stops and data begins. > It is possible to reduce the problem with an algorithm that looks > ahead starting byte-by-byte and sees which one generates a most > successful string of instructions. Suggestion: Use a program that starts with the first executable instruction, marking and decoding as it goes every instruction except for conditional branches. Upon encountering a conditional branch, follow _both_ branches. If implemented recursively, the stop conditions are, 1) a branch to an already marked instruction and b) an end-of-program. Even this can fail if there is a conditional branch to garbage, which never happens in practice due to the underlying algorithm. > Even this fails in many cases of self modifying code... Ouch! Now you're stuck. > If you're familiar with coding practices for the processor though, > heuristic methods can be applied with some success. ...and no guarantees. Cheers, Chuck Phillips MS440 NCR Microelectronics Chuck.Phillips%FtCollins.NCR.com 2001 Danfield Ct. Ft. Collins, CO. 80525 uunet!ncrlnk!ncr-mpd!bach!chuckp -- Send compilers articles to compilers@esegue.segue.boston.ma.us {ima | spdcc | world}!esegue. Meta-mail to compilers-request@esegue.