Dec 122017
A simple disassembler for exe com and dll files.
File RESORC93.ZIP from The Programmer’s Corner in
Category Assembly Language
A simple disassembler for exe com and dll files.
File Name File Size Zip Size Zip Type
RE-SOURC.2DO 4597 2495 deflated
RE-SOURC.ASM 136980 41023 deflated
RE-SOURC.COM 18399 12415 deflated
RE-SOURC.DOC 7769 3659 deflated
TPCREAD.ME 199 165 deflated

Download File RESORC93.ZIP Here

Contents of the RE-SOURC.DOC file

RE-SOURCE V5.0interactive disassembler for 8088 thru 80386
Alpha still-not-quite-finished test version Dec '93

Just run it and hit F1 for crude instructions.

An 'interactive' disassembler lets you change whether code is instructions,
ASCII strings, data words, etc. and displays your changes immediately.
You add labels and comments where you want, and they are saved in separate
files. These .CTL, .SMB, and .REM files can be changed with an ASCII editor.

It works on any file or from RAM (so you can disassemble DOS, or your BIOS);
it's great for rewriting short utilities or device drivers. You do not have
to dissassemble the whole program. Programs longer than 64K will load, but
for now you must use 'R' to change segments above 64K.
Some disassemblies will assemble correctly with no changes at all.

For now, there is no .EXE or Device Driver support, so you have to interpret
headers and segments manually; see enclosed .EXE stuff.

Use it when DASM won't work and ASMGEN is too cumbersome.

It writes a .RSM file that you can copy as an .ASM file (use a different name
so you don't overwrite your original), perhaps edit a little, and run through
MASM or TASM. RE-SOURCE inserts the minimum boilerplate, such as the END
statement, 'Start' label, etc.

The 32-bit option (enter '3') assumes the code is default 32-bit and the 66h and
67h size overrides mean 16-bit. Use it if you see 32-bit registers. Be sure
to turn 32-bit on BEFORE you A(ttempt to find DB's) and B(uild symbol table), or
the instructions will start at the wrong locations.

MASM refuses to assemble JMP 0123h:4567h to an address outside the program, so
RE-SOURCE generates SEGMENT AT and EQU $ lines when you W(rite) the .RSM file.

Compatible assemblers:
The generated source code works with MASM 5.0 and 5.1, and Turbo Assembler 1.0
and 2.0 (which are over twice as fast and recommended as long as you NEVER,
NEVER use Ideal mode, which is Ideal only for Borland, since it tempts you
to write code that will NEVER run through someone else's MASM).
Assemblers do not all generate identical code. For example, A86 and TASM
replace some 16-bit LEA instructions with MOV in the code. While LEA is
useless, slow and confusing, this makes it tough to tell when your disassembly
is correct.

Loading files:
Run RE-SOURC [d:][\path\][filename] or just RE-SOURC and use the L command.
The command line loads any .COM, .EXE, or .SYS file with the name you supply,
and also the .REM, .SMB and .CTL files. It ignores any .extension.
The L command, if you supply a name with an .EXT, will load only the specified
file as the target program.
CAUTION: if you work on ABC.EXE and then L(oad)ABC.OVL, saving will wipe out
your ABC.CTL, ABC.SMB and ABC.REM files.

A tutorial session:
You have downloaded CLOSEBUT.COM, which is almost what you were looking for.
The author has included massive detailed instructions, but not his precious
source code. You have hours to kill, and you know assembly language.
You look at the code with your byte editor (like FileMod or Norton) and do NOT
see the ominous 'BORLAND' trademark (disassembling Pascal is very difficult).
You guess the program was written in C or Assembler, and it is shorter than,
say, 8K long for your first try.

You run RE-SOURC CLOSEBUT and hit PGDN to look at the disassembly. If you see
a string of MOV AX,1234 INT 78, etc, give up, it's compiled BASIC. If it's
mostly PUSH AX, CALL 0123h:4567h, give up, it's QuickBasic.
Luckily, you see JMP 0123 followed by gibberish. So you enter A100,200 and now
you see the JMP 0123 followed by some ASCII strings, which you recognize from
having run the program. This is followed by more of what looks like actual
code, so you enter just A to 'Attempt to Find DBs' for the whole program.

U100 or CTRL-PGUP gets you back to the top of the file. You look thru the
disassembly and see a DB '(*&^%$#@' line at 0ABC. These are
likely instructions that have ASCII equivalents, so kill the Bytes Control
at the address by entering CABC,K. When you looked at the code with FileMod,
you saw a string of 5-letter messages each followed by a few bytes of hex at
0BCD, but they do not show up (RE-SOURCE requires 8 ASCII bytes in a row to
show as ASCII). So you enter CBCD,B and CAFF,I at the end of the string to
switch back to Instructions, and now UBCD shows them.
You hit F9 to save your work.

You think you've found all the correct DB's, so it's time to build a Symbol
table by entering B100,FFFF. Now when you look thru the file, there are labels
like H00123 for the jumps, calls, and data areas. You quickly hit F9.

The major work is deciding whether each operand word is data or an address.
The B command just makes guesses. If you want to freely change the code,
you have to understand the program well enough to correctly identify the
Try to label the short routines first. One at H00567 calls DOS function
30h, which your Programmer's PC Sourcebook or Norton's Programmer's Guide
tells you returns the DOS version. You change the H00567 label by
entering E567,.GetVersion and when you then U550, GetVersion has replaced
every occurance of H00567. You hit F9 again.

Then you look for command vector tables (strings of words that are addresses
within the program), or places where the command line or keyboard are read
(a string of CMP AL,'x' followed by JZ H00456 stuff). Finally, eyelids
drooping, you are ready to try to re-assemble the program. You hit F9.

You enter W and then U100 to write the .RSM file and see the 'RSM is
closed' message. To exit, you enter Q (like DEBUG) or hit ESC Q (like
PMS's editor).
But you see a message telling you to hit U(pdate) or E(xit), because you
have changed something since you last hit F9. Hit U unless you made a boo-boo.

You gulp 2 cups of black coffee and copy CLOSEBUT.RSM as C.ASM.
Running MASM on C.ASM gives 47 Severe Errors. All of them, however,
are references to H00789. You run RE-SOURC CLOSEBUT again and U780. There
IS no label at 0789, but an instruction at 0787 extends past 0789.
Probably that previous line was data. You simply C787,H to change the offending
instruction to hex bytes, and now U780 shows the label. Obviously, you still
have more work to do, but for now you hit F9, hit W and U again to write
a new .RSM file, exit RE-SOURC, copy it to C.ASM again, and try to assemble it

Finally you get the .ASM file to run thru MASM and produce a program that
COMPares correctly with the original. You can now make changes as you like.
When you make your changes, you may discover that you still have some
address/number decisions to make.

POP CS (0Fh) was valid for the 8088 & 8086 only. The '286+ use 0Fh as
a prefix for protected mode and extended '386 instructions.
RE-SOURCE does not disassemble POP CS and no current assembler will allow it,
but old code may use it.

MASM 5.0 on some '286 protected mode instructions, requires QWORD PTR where 5.1
requires the correct FWORD PTR (that means 6 words !).
RE-SOURCE generates FWORD, you'll have to change it for 5.0.

Both MASM 5.0 & 5.1 do not catch, and generate incorrect code:
ARPL word,mem (must be word,reg)
IMUL mem,reg,immed (must be reg,reg,immed).
(TASM is OK).

TASM does not warn if DB line has extra comma
(MASM is OK)

Anyone want to:
Write a slick mouse/menu interface ?
Do the 80x87 Fxxxx instructions ?

If you improve RE-SOURCE, please send us the .ASM code.

Converted to MS-DOS by C.Derouen 3/85Latest hacking by J. Rebold 12/88-12/93

Bugs, suggestions, and gripes, write to:
IDEPO Box 9747Baltimore, MD 21204

 December 12, 2017  Add comments

Leave a Reply