ciasdis

computer_intelligence_assembler_disassembler

This page is about how the Post-It Fix-Up principle works out in practical program code in Forth in order to make an assembler where the elements opcode, operands and modifiers are all objects, that are reusable for disassembly. This is important for artificial intelligence and optimising compilers. More about the details and problems of this in forthassembler.html

DESCRIPTION

The 80386 ISO assembler has been enhanced to a reverse engineering system. It can regenerate source from a binary and a consult file with information about that binary. Then it use a classical two-pass assembler to regenerate the binary. There is a difference with the forthassembler package that contains all assemblers in source form and can run on all implementations of ciforth you can download from this site. (Obvious restrictions apply, the 64 bit DEC alpha assembler cannot be handled in a 16 bits Forth.)
However ciasdis is a turnkey system, with a built-in Pentium assembler and disassembler, where the user may no longer be aware that it is loaded on top of a Forth system.

APPLICATION

As a test this reverse engineering system has been used to recover a source for colorforth. colorforth features a number of hurdles for reverse engineering, much more than the average software does. It is however not made intentionally difficult to disassemble.
As usual in Forth, data and code are interspersed.
Names are in a non-standard format, several characters are compressed in 32-bit word. Still a dedicated plug-in allows to use these names for labels.
Source screens are an essential part of colorforth, because they are loaded on start-up. They too contain characters in compressed form, and colors that had to be rendered somehow in the disassembly, and recovered upon re-assembly.
You may find this example on my FTP site

ARRAYFORTH

An other application is the handling of arrayforth, in particular the colorforth (pseudo floppy image) with code for the GA144 chips. This provides a means to work with ascii files in a colorful way on a linux system. Download the tool from here. The tutorial explains how to use it.

DOWNLOADS BEFORE VERSION 1.0.0

You can still download an early version with all testsets, but not organized as reverse engineering system.
Newer version are reverse engineering systems with matching assemblers and disassemblers. All versions of ciasdis before 2.0.0 are based on the stable lina version 4 (4.0.6 or 4.0.7). In particular the first version with Debian packaging: ciasdis version 0.3.0 . For the documentation you're referred partly to the lina documentation.
This can be seen as a first step in realizing The Ultimate Debugger.
If you want to compile the sources on other forth's, even ciforth version 5, there may be a few hitches. Files are in Unix format (no CR/LF DOS line endings), but for wina that is no problem. This distribution contains the very demanding regression tests, that require sections and two passes from the assembler, and you may detect errors. On the other hand they don't contain the testsets for the assemblers proper, although 8080, Dec Alpha and 6809 assemblers are present.

VERSION 1.0.0 AND LATER

After version 0.4 I've done a lot of cleanup, in particular the disassembler is more object-oriented. The PIFU's (postit-fixup's) have methods for assembling and disassembling, instead of cumbersome words that find out what type they are. Furthermore the language used to specify the disassembly has been documented in a man page. At the point that ciasdis had been stable for 5 years, passing all regression tests with each improvement, I released version 1.0. I make this available as a debian package that you can download. It is also available via github.

VERSION 2.0.0 AND LATER

The ciasdis version 2.0.0 is compiled with ciforth version 5 be it 32 or 64 bit version of the compiler, with small differences in testing. You are well advised to run the latest stable beta version, especially if you want to exercise the harder tests. It is available as a source and binary distribution. The label REL-2-0-0 at github marks a complete source release of all files pertinent to version 2.0.0 and then some.

Go to the home page of Albert van der Horst