Forgotten WIN Utility (was Re: M6811...)

Dave Zug dzug at delanet.com
Mon Jul 19 15:47:02 GMT 1999 

> To:            gmecm at efi332.eng.ohio-state.edu
> Subject:       Re: Forgotten WIN Utility (was Re: M6811...) 
> From:          jgwynne at mrcday.com
> Date:          Fri, 09 Jul 1999 16:42:42 -0400
> Reply-to:      gmecm at efi332.eng.ohio-state.edu

> 
> 
>    In message <199907091904.PAA23002 at esl.eng.ohio-state.edu>, you write:
>  
> | 
> | > with large segments of common code in different ecm's, I'm thinking about a
> | > auto-commenting package that could correlate code segments and copy
> | > comments from a commented source code to one that is not. It may only
> | > be appropriate for 80% of the code, but I think it would be easier to
> | > fix 20% than to start from scratch. any thoughts?
> 
> <delete>
> 
> | One of the features in the package I wrote (win32) allows you to 
> | search for these "chunks" simply by searching for a set of 5 or 6 
> | consecutive bytes that exist in the common chunk. nothing 
> | fancy like disassembly, but it gives you a list of locations for 
> 
> Will there be a good enough correspondence in the binaries since table
> and jump addresses within the code will be different? A binary
> correlation would give a ROM answer, but I don't believe accurate
> enough to transfer comments. comments must align to within an
> opcode. Are you proposing to modify your code to try this?
> 

Oh yes, the way I figger, I can search for byte patterns that do not 
contain location specific pointers etc. there has to be 5 or 6 bytes 
in a row that are unique to each routine.. if not, just look for the 
existance of 2 or 3 sets of 2 or 3 byte signature sections. without 
actually doing it I can see your point.. there may be many common 
code chunks like certain math functions or 3d lookup preambles but 
not many where the 3d lookup is immediately followed by that math 
function. Imagine an "overlay" pattern of "A9 41 20 xx xx A9 42 20 xx 
xx" where the "xx" are "don't care's". Identify these as possible 
targets and (my way is to manually do the pasting in the commented 
text version) have it place the routine for you.  you could draw on a 
library of subroutines that are commonly (or uncommonly) out there.

My problem is once I figure out it's possible, I never follow thru.

> I'm proposing a correlation that would not include addresses, of any
> type, that would be position dependent. The correlation must be
> accurate enough to transfer comments.

you could produce an exception report (dating myself) listing 
variances between the library code and the unknown code. your program 
might even be intellegent enough to pick up "similar" code that 
contains a bunch of inserted NOP's or some other inserted 
enhancemant code.  sounds fun as a programming exercise but lots of 
work for what it saves you in time maybe.... unless you make a living 
at it.  My long term goals do not include this level of 
automation..or "volume decyphering".  If you DID make such a tool I'd 
bet that after using it a few times you would be good enough at 
visually recognizing the common routines that you wouldnt need a 
tool anymore.. theres a wierd thought.

sorry to babble.



Dave Z. www.delanet.com/~tgp

More information about the Gmecm mailing list