Author Topic: BinEditPlus  (Read 3225 times)

0 Members and 1 Guest are viewing this topic.

JRS

  • Guest
BinEditPlus
« on: March 13, 2017, 10:13:12 PM »
Charles,

I'm curious if the output of this utility can be used with OxygenBasic?

Quote from: Tony Burcham
BinEditPlus-v1.0

New feature:
Now adds equates to (49) decoded API parameters:
  • Memory allocation (global & heap)
  • GetWindowLong / SetWindowLong
  • GetClassLong / SetClassLong
  • CreateFile (access, share and attributes)
  • Open file flags (for OpenFile)
  • Raster Operations (for BitBlt, MaskBlt, PatBlt, StretchBlt, StretchDIBits & SetROP2)
  • Window styles (normal & extended)
  • Menus (append, delete, hilite & insert)
  • Windows messages
  • Message box styles
  • Registry (key, access, notify & restore)
  • Language codes
  • Virtual key codes
  • System colors (for GetSysColor & GetSysColorBrush)
  • Back Mode (for SetBkMode)
  • Stock objects (for GetStockObject: pens, brushes, fonts,...)
  • Object type (for GetCurrentObject: pen, brush, font, bitmap,...)
  • Set window position (for SetWindowPos: insert after, and flags)
  • Device caps (for GetDeviceCaps)
  • Code page (also for DDE)
  • Wide-to-multi-byte character conversion (for WideCharToMultiByte)
  • Multi-byte to wide-character conversion (for MultiByteToWideChar)
  • Error mode (for SetErrorMode)
  • CreateFont (six parameters)
  • Clipboard formats (for EnumClipboardFormats, GetClipboardData, GetClipboardFormatName, IsClipboardFormatAvailable & SetClipboardData)
  • System parameters (for SystemParametersInfo)
  • Show window flags (for ShowWindow & ShowWindowAsync)
  • Windows hook types (for SetWindowsHookEx)
  • System metrics (for GetSystemMetrics)
  • Verify version (for VerifyVersionInfo & VerSetConditionMask)

BUG FIX:
Sometimes got names of exports wrong and their ordinals off by one.



To use:
Drag-and-drop a main source file or a binary file on the window,
or type its path in the upper textbox.

NOTE:
If you want to save the generated files, you should copy or move
the output folders to another folder, because BinEditPlus cleans
these folders before each disassembly.

Currently, BinEditPlus can:

* Generate a project summary. This is placed in ".\tmp".

* Disassemble code sections into source which is mostly compilable
by Fasm. Many Win32API calls are shown by name, when CALL DWORD is
used. This is placed in ".\tmp\src.asm".

* Create listings for PowerBASIC projects when the source code is
available. The results are placed in ".\tmp\mrg". "gen.asm" contains
the disassemblies of code outside of user-created procedures.
You will probably get some erroneous error messages, during this
process. Just ignore them.

* Generate nearly perfect resource scripts from a resource section,
and recreate the original resource files (icons, BMPs, and so on...).
These are all placed in ".\rsrc".

* Generate hex dumps of all sections. These are placed in ".\tmp".



Folder structure:

BinEditPlus\
rsrc\
src\
tmp\
tmp\mrg\
tmp\mrk\


Folder contents:

.\rsrc\
Equates.txt
Rsrc.rc
Resource files: (bitmaps, icons, cursors, TypeLib data, VCL data)

.\src\
Java Class file disassemblies

.\tmp\
Project.txt (general project information)
Index.txt (index of file when using line-by-line disassembly)
Crude.asm (unprocessed, raw disassembly (you probably don't what to see this one))
Src.asm (processed disassembly (the asm file you want))
Asm.txt (hex dump of the code section (often called ".TEXT" internally))
Data.txt (hex dump of the data section)
Exports.txt (exports, from DLLs only)
Imports.txt (imports)
Rloc.txt (relocations)
TarAddr.txt (target addresses of jumps and calls)
<FileName>.tld (for ".tlb" files (dump of typelib data))

.\tmp\mrg\
PowerBASIC files merged with disassembly

.\tmp\mrk\
PowerBASIC files marked for merging with disassembly


Note !
As part of a PowerBASIC feature to create binaries which are resistant
to decompilation, the contents of their data sections are shifted around
by their start-up code. It's unclear at the moment how complex this pro-
tection feature is. It makes it difficult to study the decompiled code,
since references to the data section are often incorrect. Also, recomp-
iling modified source code might cause problems.
Various solutions to this are being considered, such as compiling a ver-
sion with a procedure added which dumps its data section in its run-time
state to a binary file.


(All previous versions should be deleted from the forum)


.
« Last Edit: March 13, 2017, 10:49:15 PM by John »

Charles Pegge

  • Guest
Re: BinEditPlus
« Reply #1 on: March 14, 2017, 04:40:38 AM »
Looks interesting John,

OxygenBasic has no obfuscation mechanism to deliberately frustrate the decomposition of its binaries, so they should be okay for this tool.

o2 has its own tools for exposing opcodes and assembler. The most useful is #show which will display the intermediate and assembly codings of a single line of Basic.

Code: [Select]
dim int a,b,c,d
#show print a*b+c*d
>>>>

|va 7 8 _tmp1
|va 7 8 _tmp2
|op 1 4 [ebx+0x1000]
|op 2A 4 [ebx+0x1004]
|op 2 4 [ebx+0x1010]
|op 1 4 [ebx+0x1008]
|op 2A 4 [ebx+0x100C]
|op 2 4 [ebx+0x1018]
|op 1 4 [ebx+0x1010]
|op 2B 4 [ebx+0x1018]
|cv 4 A1
|go 0 [ebx+0x8B0]

|op 4 A1
|ch 1
|go 0 [ebx+2496]
|go 0 [ebx+0x838]
>>>>

mov eax,[ebx+0x1000]
imul dword [ebx+0x1004]
mov [ebx+0x1010],eax
mov eax,[ebx+0x1008]
imul dword [ebx+0x100C]
mov [ebx+0x1018],eax
mov eax,[ebx+0x1010]
add eax,[ebx+0x1018]
push eax
fild dword [esp]
add esp,4
call [ebx+0x9D8]
call [ebx+0x8B0]

push eax
mov dl,1
call [ebx+2496]
call [ebx+0x838]

In the next o2 update, it will be possible to store the #show code into a text-file like this:

#show "s.txt"  print a*b+c*d


JRS

  • Guest
Re: BinEditPlus
« Reply #2 on: March 14, 2017, 09:41:47 AM »
I thought the utility might be a good way to learn ASM or fix DLLs where source isn't available.

Will #show have the option of generating both 32 & 64 bit ASM code?


« Last Edit: March 14, 2017, 10:45:19 AM by John »