Author Topic: MASM to NASM  (Read 17332 times)

Offline brunoffreire

  • Jr. Member
  • *
  • Posts: 6
MASM to NASM
« on: July 30, 2012, 02:38:39 AM »
Hello friends.

I got an win obj file, reverse engineering it with IDA and now I am trying to convert it to Linux so file using NASM programming. So basically I am converting from MASM to NASM.
I am no expert in assembler programming but I did make some progress. However, there are a piece of code tha is taking my sleep hours. Can some one help me with that?
What I want is that some one could explain me the following code, so I understand what is going on, besides teaching me who to translate it to NASM.

The code piece:

_MyProc:
...

loc_77C:
xor   eax, eax
mov   al, cl
and   eax, 1Fh
cmp   eax, ebx
jg   loc_8B8
and   ecx, 0E0h
add   ecx, 0FFFFFF80h
cmp   ecx, 60h ; '`'
ja   short $L2520
movzx   ecx, ds:$L2973[ecx]   ;;HERE!!!!!  (Note the "ds:$L2973[ecx] ")
jmp   ds:$L2979[ecx*4]              ;;AND HERE!!!!!  (The movzx instruction is clear to me. The operands are my problem. I dont understand the syntax..)

_MyProc endp
....
Little further I have:

...
align 10h
$L2979 dd offset $L2501  ;; (THE SAME $L2979)
dd offset $L2506
dd offset $L2498
dd offset $L2495
dd offset $L2520
$L2973 db 0
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 1
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 2
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 4
add   al, 3
_text ends

Thanks in advance.

Bruno

Offline Gunner

  • Jr. Member
  • *
  • Posts: 74
  • Country: us
    • Gunners Software
Re: MASM to NASM
« Reply #1 on: July 30, 2012, 04:03:08 AM »
Your not trying to convert from MASM, you are trying to convert a disassembled file to usable Assembly. 
ds:$L2979  ds is the data segment, so this is a variable in the .data or .bss section.

Sorry, but I don't help reverse.  Maybe someone else.

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: MASM to NASM
« Reply #2 on: July 30, 2012, 07:47:27 AM »
As Gunner says, "reversing" isn't that welcome here. Having said that, "true Intel syntax" uses "[]" as an alias for "+'. Nasm does not - it's strictly "[contents]" of memory. So...

Code: [Select]
movzx   ecx, [$L2973 + ecx]
jmp   [$L2979 + ecx * 4]

I'm a little confused about the "movzx". We're not actually zero-extending anything here (are we?). Nasm may expect a size specifier here (byte?). Depends on what's at $L2973, I guess.

You might want to take a look at Agner Fog's "objconv" - http://www.agner.org - with the "-fnasm" switch, it'll disassemble to something more like Nasm's syntax.

Best,
Frank


Offline brunoffreire

  • Jr. Member
  • *
  • Posts: 6
Re: MASM to NASM
« Reply #3 on: July 30, 2012, 12:49:37 PM »
Your not trying to convert from MASM, you are trying to convert a disassembled file to usable Assembly. 
ds:$L2979  ds is the data segment, so this is a variable in the .data or .bss section.

Sorry, but I don't help reverse.  Maybe someone else.

Hi Gunner.

Thanks for the explanation, and sorry for reversing. It is a very old lib I used for my windows programs for long time and I do not have the source code anymore. Now I want to have it in linux. That's all.

Offline brunoffreire

  • Jr. Member
  • *
  • Posts: 6
Re: MASM to NASM
« Reply #4 on: July 30, 2012, 12:53:21 PM »
As Gunner says, "reversing" isn't that welcome here. Having said that, "true Intel syntax" uses "[]" as an alias for "+'. Nasm does not - it's strictly "[contents]" of memory. So...

Code: [Select]
movzx   ecx, [$L2973 + ecx]
jmp   [$L2979 + ecx * 4]

I'm a little confused about the "movzx". We're not actually zero-extending anything here (are we?). Nasm may expect a size specifier here (byte?). Depends on what's at $L2973, I guess.

You might want to take a look at Agner Fog's "objconv" - http://www.agner.org - with the "-fnasm" switch, it'll disassemble to something more like Nasm's syntax.

Best,
Frank

Thanks Frank! I will try out!

Offline yangbowen1

  • Jr. Member
  • *
  • Posts: 4
Re: MASM to NASM
« Reply #5 on: August 21, 2012, 10:02:52 AM »
Why not disassemble DIRECTLY by NASM?
Also, you can try to assemble it to binary by MASM, and then disassemble by NASM.