[Nasm-bugs] [Bug 3392579] New: Disasssembler leaves out useful size information

noreply-nasm at gorcunov.org noreply-nasm at gorcunov.org
Tue Jul 2 23:20:35 PDT 2019 

https://bugzilla.nasm.us/show_bug.cgi?id=3392579

            Bug ID: 3392579
           Summary: Disasssembler leaves out useful size information
           Product: NASM
           Version: 2.15 (development)
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Disassembler
          Assignee: nobody at nasm.us
          Reporter: toni.spets at iki.fi
                CC: chang.seok.bae at intel.com, gorcunov at gmail.com,
                    hpa at zytor.com, nasm-bugs at nasm.us
     Obtained from: Built from git using configure

Created attachment 411722
  --> https://bugzilla.nasm.us/attachment.cgi?id=411722&action=edit
Disassembler changes for keeping segment offset size

I'm using ndisasm and NASM together for some reverse engineering and binary
reconstruction and for what it's worth the combination can in some ideal
circumstances generate an exact copy of the original binary functionality wise
when all of the reassembled opcodes are of the same size as the originals
ignoring some subtle differences where the same assembly source can be compiled
in multiple ways while keeping the size.

One thing I've stumbled upon is that the disassembler could include proper size
information for jumps and segment offsets where they would be optimized out or
compressed by the assembler being a no-op.

Examples of instructions that are disassembled properly but reassembled (even
with -O0) in a more compact way:

"lea esp,[esp+0x0]" where 0x0 is a dword would be reassembled as "lea
esp,[esp]".

With these changes the disassembler will output "lea esp,[dword esp+0x0]" which
keeps the dword in place.

Additionally rel8 jumps now have the short flag set so the disassembler adds it
whenever a short jump is disassembled.

I couldn't run the test suite for some reason and these changes haven't been
properly tested outside what I've been doing and I'm not intimately familiar
with the NASM code so I fully understand if these will be rejected.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list