| Author |
Message |
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Nov 22, 2002 3:55 pm
Post subject: Argument String Explaination
|
|
Ok each byte of the argstring is read one at a time. Here is a definition list of the functions of each byte:
Informative:
Takes no bytes tells how to process data
| Code: | '>' put the following hex in subsegments up to next
offset following ArgStr char should be "p" for
procedure address
'h' return hex output of following typechars. possible(°,%,&);
'}' End Procedure
|
Arguments
Will usually take bytes from the datastream
| Code: | '.' name Of Object at the Address specified
by a Long off the datastream
'b' a byte off the datastream - formerly '°'
'%' an integer off the datastream
'&' a long off the datastream
'!' a single off the datastream
'a' an argument reference. Followed by an Int and a type char.
Takes variable out of the ConstantPool
'c' return the control index,uses one int from the datastream
'l' return Local variable reference(uses int off datastream)
'L' take (Value of Int off DataStream) local variable references
'm' return Local Variable reference followed by typechar
'n' return hex Integer
'o' return item off the stack(Pop)
'p' return (value of Integer off datastream) + Procedure Base Address
't' followed by typechar('o' return ObjectName;'c' return control name)
'u' push...not used anymore
'v' vTable this is slightly complicated ;)
'z' return Null-Termed Unicode String From File(not used?)
|
Type Characters
| Code: |
'b' Byte
'?' Boolean
'%' Integer
'!' Single
'&' Long
'~' Variant
'z' String
|
Hmm... it think thats all at least for now....you will notice a couple duplicates.....yea....sorry....
btw i got this idea from JosephCo....but i modified it alot
_________________
-MrU
Last edited by MrUnleaded on Sat Aug 07, 2004 4:40 pm; edited 5 times in total
|
|
| Back to top |
|
 |
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Fri Nov 22, 2002 5:53 pm
Post subject:
|
|
Even more clear. Thanks yet again. Now all I have to do is apply it to a few examples to make sure I understand it. (Is that a hint?)
sarge
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Nov 22, 2002 5:58 pm
Post subject:
|
|
[="sarge":30beocrk]Even more clear. Thanks yet again. Now all I have to do is apply it to a few examples to make sure I understand it. (Is that a hint?)
sarge[/:30beocrk]
i will be making a ArgStr decoder soon....so you can click on the argstr in the table and it will say ...
the first argument is a long
2nd arg is....
3rd arg....
etc
_________________
-MrU
Last edited by MrUnleaded on Sat Aug 07, 2004 4:42 pm; edited 1 time in total
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Nov 22, 2002 6:10 pm
Post subject: Heres an Example
|
|
Opcode: <a href="./viewtopic.php?t=223">LitVarStr</a>
ArgStr: luaz
'l'---Take integer off of datastream
'u'---push the following:
'a'---get an int off datastream use it to return a variable from the constant
------pool using the following type:
'z'---nul termd string
i will improve this example later with actual data....
_________________
-MrU
Last edited by MrUnleaded on Sat Aug 07, 2004 4:43 pm; edited 1 time in total
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Nov 22, 2002 6:28 pm
Post subject: Example 2
|
|
OpCode: 1C
Name: BranchF
ArgStr: '>p'
SrcStr: 'If (%p1) Then||End If'
| Code: |
'>' put the following hex in subsegments up to next
offset following ArgStr char should be "p" for
procedure address
'p' procedure offset
|
so what would happen is it would put all of the following pcode into a subsegment.....this is very effective for making 'pretty' code...
| Code: |
If x=1 Then
x=2
Else
x=3
End If
|
in the above...."x=2" and "x=3" would be cnsidered sub-code-segments
and for the SrcStr....
when you have a '>' in the argStr we look for a '||' in the SrcStr
the '||' splits up the srcStr into "If (%p1) Then" and "End If"
"If (%p1) Then" is put before the sub-code-segment and "End If" is put after the sub-code-segment.
I Hope this is clear enough
oh and of course you have to fill the %pX's (sub-code-segments)[/code]
_________________
-MrU
Last edited by MrUnleaded on Sat Aug 07, 2004 4:47 pm; edited 1 time in total
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Nov 22, 2002 9:38 pm
Post subject: ArgStr Decoder
|
|
[="MrUnleaded":kq7qeeit]
i will be making a ArgStr decoder soon....so you can click on the argstr in the table and it will say ...[/:kq7qeeit]
ok well the argStr decoder is done....not perfect but close..
go to:
./pcode/opcodes.php?t=1
to see it
_________________
-MrU
Last edited by MrUnleaded on Sat Aug 07, 2004 4:47 pm; edited 1 time in total
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Sun Dec 08, 2002 10:50 pm
Post subject:
|
|
Great! This is a big step forward.
It seem quite obvious that some of the OpCodes will need a more detailed explanation, maybe with examples, than just a definition of the argument string. Do we put our questions/discussions/examples for a given OpCode in each specific forum for that opcode, or in some general forum?
Sarge
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Mon Dec 09, 2002 4:24 pm
Post subject:
|
|
[="sarge":jmmvgt4d]Great! This is a big step forward.
It seem quite obvious that some of the OpCodes will need a more detailed explanation, maybe with examples, than just a definition of the argument string. Do we put our questions/discussions/examples for a given OpCode in each specific forum for that opcode, or in some general forum?
Sarge[/:jmmvgt4d]
a discussion about a specific opcode....can be put in the particular opcode's topic...
./pcode/opcodes.php?t=1
The above will give you direct links to topics for each opcode
_________________
-MrU
Last edited by MrUnleaded on Sat Aug 07, 2004 4:49 pm; edited 1 time in total
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Mon Dec 09, 2002 4:28 pm
Post subject:
|
|
Thanks. May the rose petals of heaven lighten your path.
Sarge
|
|
| Back to top |
|
|
|
sarge
Moderator
Joined: 24 Sep 2002
Posts: 194
|
|
Posted: Sat Dec 14, 2002 3:20 pm
Post subject: Request
|
|
Could the link listed above please be moved/copied to a new location (thread? forum?) that is more easily accessable from the first page index, so I don't keep having to drill-down to here?
Thanks
Sarge
|
|
| Back to top |
|
|
|
Anonymous
New User
Joined: 10 Feb 2008
Posts: 0
|
|
Posted: Fri Dec 20, 2002 2:52 am
Post subject:
|
|
Ick. Sorry to be blatant MrU, but I dont like a lot of this :/ Take the "code" part for example. I dont like the way that this has been lumped onto the side of the source code string. In my implementation, I have a seperate enum with oToOutput, oToStack and oIgnore (self-explanatory).
I also dont like a lot of the characters. These should be typeable at least. Well, infact its only byte that I dont like - all the rest are DefType standards
I cant understand the meaning of "return". In my opinion, there should be no "return" value. All the data needed either comes from the paramters (datastream as you call it) or from the stack. No data needs to be popped off the stack for these functions (well, ok, besides the example you'll see in a moment), and all data will either be pushed onto the stack (oToStack), ignored (oIgnore) or outputted to the screen or whatver (oToOutput).
% for example will take two bytes off the "datastream" and push onto the stack. Same with & etc etc.
d - we can delete, so please do
a - ok fine, but again is pushed onto the stack
o - is not used, but is useful to say that something should be deleted from the stack
u - not used, so we can delete
z - I'vent needed to use it yet :/
v - Now, interesting In my definition of "v", I initially pop off two values - the parameter size, the offset. Then I pop off the control name and finally the parent object name. These would have been configured prior to "v" if you get what im saying. eg:
"VCallHresult", "%%v", oToOutput
The first two %'s are for the offset and size and (hopefully), the other information will be already on the stack
At the moment, im using a subset of what you've defined:
%, &, a, c, l, o, t, v. (Oh, and that stupid o char for byte for the time being ). I cant see a use for the rest at present, although as soon as it becomes apparent, i'll chuck them in.
Note, again, that oToOutput/oToStack are the directives for the final source output. All the characters are, by definition, pushed regardless. oToStack would be useful, for example, for LitVarMissing or CByte() etc.
Hope this helps
PS. For your example on ImpAdCallFPR4, i'd have something like:
"ImpAdCallFPR4", "%%v", oToOutput, "Call ?()"
I'vent quite done it correctly at present. I was going to make "v" push everything onto the stack so the last thing would just be "%p1" or something, but you get the gist...
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Dec 20, 2002 4:05 pm
Post subject:
|
|
yea i guess the way i do things is somewhat confusing.....if you saw my code youd probably understand....
datastream: they are basically a string class that i can take stuff off the front of....ie it i had "the world" in my string class.... i could do PopString(Length:=3) and i would get "the"....." world" would still be left in the "datastream"....
one datastream contains the code string...
one datastream contains the argStr string...
and the source string is a standard string
all of my classes are multilevel.....meaning that each opcode can have adjacent[before and after] and also sub-opcodes....ie when you do branches this helps in formatting output...
the "Stack" is also multilevel....each opcode has its own stack but the stacks are all connected in such a way that it works as one stack...
the reason i use the word "return" is because i have a function called ArgumentHandler() and it will return one argument at a time...
if it needs to be pushed on the stack[which almost everything is..] then the argstring will specify that... by having "uX" X being something that needs to be pUshed to the stack...i have made this list case sensitive....
using this technique i havent had any problems.....i can decompile CommonApp1 with one exception...i never bothered to finish the IAT[import address table via the PE header]....so i havet been able to get the name "MsgBox" where it should go....
besides that....commonApp1 is fully decompiled
_________________
-MrU
|
|
| Back to top |
|
|
|
MrUnleaded
Site Admin
Joined: 21 Sep 2002
Posts: 385
Location: California
|
|
Posted: Fri Dec 20, 2002 6:50 pm
Post subject: Further Explanation
|
|
i just wanted to note that "m" is the same as "l" but "m" requires a type char....dependant on this typechar....you can lets your compiler know the type of variable....
m% would return a "l" but of type integer
also I deleted "d" since it is the same as Long("&")
also....the Byte type char.....yea its hard to type....so lets change it?
any suggestions? "b"?
_________________
-MrU
|
|
| Back to top |
|
|
|
|
|
Memberlist