(Optimization) DisASM - Tools and How To

Started by Theo Gottwald, May 23, 2007, 11:48:35 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Theo Gottwald

Using Visual Studio, its normal to be able to see the Disassembly of the code in the Debugger.

In Powerbasic we can see the Registers in the Debugger, actually the ASM-code is not shown.

This post is a step-by-step-HOW TO, how you can see it.

If you want to make high-speed subroutines for time-critical use (for example  picture processing),
optimization on the ASM Level may be one of the tools to use, before writing the code in pure ASM.
And after all algorhytmic optimization has been done.

To get the ASM-Code out of the compiled Powerbasic-Program is not much more difficult then - for example - to set a breakpoint and take a look into the code in Visual Studio.

First download the two ZIP-Archives, attached to this post.

Archive 1 is DisASM.zip. Its a public Domain Program originally by Tony Burcham.
The original download is here: BinEditPlus.

For now, please take the version attached to this post, as the version to download is not compatible with my post, and may not compile with Powerbasic 8.

And thats the first step to do:
Compile then DisASM.bas to get the DisASM.exe

This is the Tool, to get a ASM.txt out of our compiled Powerbasic-Program.

Take a look on the picture attached to this post. This is the "ready-to-run" DisASM.exe.

-> Just put the complete path of your compiles EXE-File into the box,
-> press the button

and you get a ASM.txt which contains the complete Disassembly.
You get it in the folder, where the DisASM.exe is.
This part is easy.

Now, HOW do we find our subroutine in the Disassembly?

Take the second zip-file, attached to this post. The name is "Speed-Test.zip".

Unzip it to a folder.
This small program can be used to test competing subroutines one against the other.
But thats another topic.

In this case we just want to know how one of the subroutines look after the compilation.
For this we add a

! NOP

before the place of interest.

Example:
' Before
FUNCTION A_AY_D(BYVAL a AS LONG,BYVAL b AS LONG) AS DWORD
FUNCTION = (a\b+1)*b
END FUNCTION   
   


Now we add the ! NOP


'Example
' After preparation for DisASM:
FUNCTION A_AY_D(BYVAL a AS LONG,BYVAL b AS LONG) AS DWORD
' Here comes the NOP
! NOP
FUNCTION = (a\b+1)*b
END FUNCTION   
   


Thats all.

Steps:
1. compile the program as always
2. put the full path to the compiled exe into the DisASM-textbox
3. click the "DisAssemble" button
4. in the Folder where DisASM is, is now a "ASM.txt"
5. Load it into the Editor
6. Use the Editor "Search" to find the string "NOP"
7. The Editor will jump at the right place.

Here is the result from our example, we see the NOP and that is where the Procedure starts:


402417 56                     PUSH ESI
402418 90                     NOP
402419 DB450C                 FILD LONG PTR [EBP+0C]
40241C DB450C                 FILD LONG PTR [EBP+0C]
40241F DB4508                 FILD LONG PTR [EBP+08]
402422 E840230000             CALL L404767
402427 DE0520674000           FIADD INTEGER PTR [00406720]
40242D DEC9                   FMULP ST(1), ST
40242F E8F4100000             CALL L403528
402434 898578FFFFFF           MOV DWORD PTR [EBP+FFFFFF78], EAX
40243A 8B8578FFFFFF           MOV EAX, DWORD PTR [EBP+FFFFFF78]
402440 8D65F4                 LEA ESP, DWORD PTR [EBP-0C]
402443 5F                     POP EDI


Now you can
- change the code in the PB-Editor (or SED-Editor for Powerbasic - whatever you use).
- Compile,
- just press "DisAssemble"
- reload the ASM.txt in the Editor
and see the changes.

Donald Darden

I Downloaded the DisASM.ZIP file as instructed, then unzipped it to a folder and
used PB/WIN 8,1 to compile DisASM.BAS.  The compile ran without error, but when
I tried to compile and execute, I could not observe anything happening.  However, the Task Manager showed that it was running, but I could not observe any dialoge nor control it.  I forced it to end, and tried to run the DisASM.EXE file directly, but it also showed it was running, but not dialogue window, and it had to be terminated by killing the process with the Task Manager.

Theo Gottwald

Hallo Donald,

in the DisASM.ini are locations for the window and a default path.
If your screen resolution is rather small, it may be that the windows position
where i had it last) is out of your screen (I prefer to use 1920x1440 or higher :-).

Just delete this ".ini"-file then start the exe.
It shall pop up in the middle of your screen.
If it doesn't report it here, please.

I am using PB 8.03.0040 and it compiles and runs perfect.


Donald Darden

Yep, getting rid of DisASM.ini took care of the problem.  I have to run my screen at 800x600 because of poor eyesight, and nothing showed up to let me know what was wrong.

I posted a link I found to PEBrowser Pro under Unedited Contributions.  The screen shots and tutorial there may be of some help to readers.  Your method of finding your code of interest with NOP works very well, but you could put one at the top and bottom of your code area to help bracket the area of interest.

Theo Gottwald

#4
Interesting tool, Donald. I have just downloaded it.

Also I have moved the topic to your board, so that it is in the right context.
Now its an "edited contribution" .-).

I have tried it. It was not posibly to easily get an dissambly from a PB-program.
Better use DisASM where possible.
In case you need the PEBrowser (because DisASM may not be able to Dissassemble everything) then you may need to use both to find out the right adress for the Disassembler from the PE browser.

As said, that tool may be interesting outside PB, with PB DisASM looks right now to me the easiest way. Did you succeed in getting some code disassembled?

Donald Darden

The DisASM files that I have seem to date from 2004.  I thought they were the same as the ones you had posted, but the way I read your last post, you got a different result when you tried the version I compiled.

I know for sure that the mnemonics available with DisASM are not 100% Complete.  I can see code in the include files designed to print ??? in some cases.  The problem with having an incomplete code translator and a variable length instruction architecture is that if you do not correctly recognize and translate the present instruction, then you also do not know the byte length of the current instruction, and that means you cannot determine the exact start of the next instrcution.

If you fail to correctly pick the first byte as the start of the next instruction, then the next instruction will be translated incorrectly, and the next, and the next, until you find a point where you manage to accidently encounter a first byte for an instruction again.  As long as you know the exact start of where to begin translating, and all instructions encountered are correctly recognized and translated, no problem.  And every Call or branch instruction encountered will give you another valid point to begin translating another path from.  But the first instruction encountered that is not handled properly, then all bets are off.

It's not that DisASM has no value, it just means it can only be relied on up to a certain point, and best suited to recognizing short translations, which is what we were striving for anyway.  It WOULD be nice if its shortcomings were overcome,
meaning a more complete breakdown of translations codes was available.

I might do some more looking online, and see if I can find something more up to date.  Otherwise, we go with what we've got, or we get lucky and somebody else contributes a better tool or more precise information to help us. 

Donald Darden

I stand corrected.  The DisASM project has been posted to SourceForge under the name BinEditPlusm not BinEditPro.  Unfortunately, trying to find it there returns a 404 error right now.  The files I have for DisAsm have dates in them from 2004 and 2005, and the SourceForge code, that I managed to get earlier, was 2006.  But the DisASM code will compile, and the SourceCode stuff is a work in progress, and does not compile.  It might take awhile to sort that out.

Anyway, I did some more checking, and PE Browser is a full featured debugger, but the download is free for 30 days, and limited, and the full version is $129.  At least you could try it out.  The one real bargan I found was IDA Pro, freeware version 4.3, which I downloaded from Simtel.  Given the differences between PEBrowser and IDA Pro, I tend to favor the latter, and being free is an added bonus.

The thing about both these products is that they are interactive, meaning you can walk the code or possibly edit/modify a program, which involves some risk,
and they have so many features that it is a bit daunting to sit with either and try and figure it out.  Neither comes with source code, so you have to work through the interface provided.  PEBrowser does not let you produce an ASM output, unless you get the pay version, but IDA Pro allows you to output several different file types.

Looking at a PowerBasic program produced by PB/CC or PV/Win is not as simple or as straightforward as you might expect.  But Theo's previous suggestion of using a !NOP code in your source to mark where the code you want to inspect should start, and another if you want to mark the end as I suggested.  If you take the ASM or LST file that you can produce with IDA Pro and run it through a simple little program to turn your output on and off each time it hits a NOP statement, you will just see the part you are interested in.  That code could look something like this:

  'Use IDA Pro to create test.asm after processing any designated EXE file
  FUNCTION PBMAIN
    LOCAL aa, bb AS STRING, flip, flop AS LONG
#IF %DEF(%PB_CC32)
    COLOR 15,1
    CLS
#ENDIF
    OPEN "test.asm" FOR INPUT AS #1
    DO UNTIL EOF(1)
        LINE INPUT#1, aa
        flop = INSTR(aa, " NOP")
        IF flip and NOT flop THEN bb = bb + aa + $CRLF
        IF flop THEN flip = NOT flip
    LOOP
    CLOSE 1
    ? bb    'print under PB/CC, or MsgBox under PB/Win
#IF %DEF (%PB_CC32)
    WAITKEY$
#ENDIF
  END FUNCTION
 

Theo Gottwald

I got the download from "IDA Pro" here:
http://www.datarescue.com/idabase/idadowndemo.htm

After downloading those 23 MB, I'll take a look if it will find my !NOP.

Theo Gottwald

IDA Pro is an interesting Tool for his tasks.

A picture says more then 1000 words.

I have attached a picture with a screenshot. The picture shows:

1. The IDA-Pro and results
2. The DisASM Results
3. The Powerbasic source.

Besides the impressive quality of IDA Pro, the version I could download is not free, but timelimited.