Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DisAsm - show the beginning and end of subroutines #3099

Open
the-Arioch opened this issue Feb 2, 2023 · 0 comments
Open

DisAsm - show the beginning and end of subroutines #3099

the-Arioch opened this issue Feb 2, 2023 · 0 comments
Labels
rizin Needs changes into rizin codebase.

Comments

@the-Arioch
Copy link

2.1.2 as told in #3090

See this.

2023-02-02 05_50_16

Question: which function does the 0x77c5c0e1 48 89 5c 24 48 mov qword [var_10h], rbx line belong to?

Well, obviously it belons to the SHORT VkKeyScanA (CHAR ch); function, right?

Wrong! See https://user-images.githubusercontent.com/937774/216217374-e98c9449-a392-4c03-86ed-a2068c55d09a.png

But how should functions be declared, at least in the Microsoft Assembler mode?

https://www.pcjs.org/documents/books/mspl13/masm/mpguide/

7.3.1  Defining Procedures

Procedures require a label at the start of the procedure and a return at the
end. Procedures are normally defined by using the PROC directive at the
start of the procedure and the ENDP directive at the end. The RET
instruction is normally placed immediately before the ENDP directive. The
assembler makes sure that the distance of the RET instruction matches the
distance defined by the PROC directive. The basic syntax for PROC is

    label PROC [[NEAR|FAR]]
        .
        .
        .
    RET [[constant]]
    label ENDP

The CALL instruction pushes the address of the next instruction in your code
onto the stack and passes control to a specified address. The syntax is

    CALL {label | register | memory}

The operand contains

I think other Assembler dialects have similar constructs.

Even if not, the vurrently emitted SHORT VkKeyScanA (CHAR ch); line already breaks any assembler syntax, so emitting somethign like !!end of!! SHORT VkKeyScanA (CHAR ch); would not make things worse for re-assembling and would help human readers.

Maybe the very beginning could be modified to look like

0x77c5c08f      90                                nop
|
VkKeyScanA  PROC NEAR
; function:  SHORT VkKeyScanA (CHAR ch);  
; Address range: 0x77c5c090 to 0x77c5c0d9
; arg CHAR ch @ rcx
; var int64_t var_18h @ stack - 0x18
; var int64_t var_8h @ stack + 0x8
; var int64_t var_10h @ stack + 0x10
0x77c5c090      88 4c 24 08                       mov     byte [var_8h], cl
0x77c5c094      48 83 ec 38                       sub     rsp, 38h

.....

0x77c5c0d5      48 83 c4 38                       add     rsp, 38h
0x77c5c0d9      c3                                ret
VkKeyScanA  ENDP
|
0x77c5c0da      48 8d 0d 3f a5 08 00              lea     rcx, data.77ce6620 ; 0x77ce6620
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
rizin Needs changes into rizin codebase.
Projects
User Experience
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XVilka @the-Arioch