NASM - The Netwide Assembler
NASM Forum => Programming with NASM => Topic started by: brunoffreire on July 30, 2012, 02:38:39 AM
-
Hello friends.
I got an win obj file, reverse engineering it with IDA and now I am trying to convert it to Linux so file using NASM programming. So basically I am converting from MASM to NASM.
I am no expert in assembler programming but I did make some progress. However, there are a piece of code tha is taking my sleep hours. Can some one help me with that?
What I want is that some one could explain me the following code, so I understand what is going on, besides teaching me who to translate it to NASM.
The code piece:
_MyProc:
...
loc_77C:
xor eax, eax
mov al, cl
and eax, 1Fh
cmp eax, ebx
jg loc_8B8
and ecx, 0E0h
add ecx, 0FFFFFF80h
cmp ecx, 60h ; '`'
ja short $L2520
movzx ecx, ds:$L2973[ecx] ;;HERE!!!!! (Note the "ds:$L2973[ecx] ")
jmp ds:$L2979[ecx*4] ;;AND HERE!!!!! (The movzx instruction is clear to me. The operands are my problem. I dont understand the syntax..)
_MyProc endp
....
Little further I have:
...
align 10h
$L2979 dd offset $L2501 ;; (THE SAME $L2979)
dd offset $L2506
dd offset $L2498
dd offset $L2495
dd offset $L2520
$L2973 db 0
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 1
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 2
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 4
add al, 3
_text ends
Thanks in advance.
Bruno
-
Your not trying to convert from MASM, you are trying to convert a disassembled file to usable Assembly.
ds:$L2979 ds is the data segment, so this is a variable in the .data or .bss section.
Sorry, but I don't help reverse. Maybe someone else.
-
As Gunner says, "reversing" isn't that welcome here. Having said that, "true Intel syntax" uses "[]" as an alias for "+'. Nasm does not - it's strictly "[contents]" of memory. So...
movzx ecx, [$L2973 + ecx]
jmp [$L2979 + ecx * 4]
I'm a little confused about the "movzx". We're not actually zero-extending anything here (are we?). Nasm may expect a size specifier here (byte?). Depends on what's at $L2973, I guess.
You might want to take a look at Agner Fog's "objconv" - http://www.agner.org - with the "-fnasm" switch, it'll disassemble to something more like Nasm's syntax.
Best,
Frank
-
Your not trying to convert from MASM, you are trying to convert a disassembled file to usable Assembly.
ds:$L2979 ds is the data segment, so this is a variable in the .data or .bss section.
Sorry, but I don't help reverse. Maybe someone else.
Hi Gunner.
Thanks for the explanation, and sorry for reversing. It is a very old lib I used for my windows programs for long time and I do not have the source code anymore. Now I want to have it in linux. That's all.
-
As Gunner says, "reversing" isn't that welcome here. Having said that, "true Intel syntax" uses "[]" as an alias for "+'. Nasm does not - it's strictly "[contents]" of memory. So...
movzx ecx, [$L2973 + ecx]
jmp [$L2979 + ecx * 4]
I'm a little confused about the "movzx". We're not actually zero-extending anything here (are we?). Nasm may expect a size specifier here (byte?). Depends on what's at $L2973, I guess.
You might want to take a look at Agner Fog's "objconv" - http://www.agner.org - with the "-fnasm" switch, it'll disassemble to something more like Nasm's syntax.
Best,
Frank
Thanks Frank! I will try out!
-
Why not disassemble DIRECTLY by NASM?
Also, you can try to assemble it to binary by MASM, and then disassemble by NASM.