{"id":2644,"date":"2010-08-05T23:13:02","date_gmt":"2010-08-06T06:13:02","guid":{"rendered":"http:\/\/multimedia.cx\/eggs\/?p=2644"},"modified":"2020-07-25T23:55:08","modified_gmt":"2020-07-26T06:55:08","slug":"resurrecting-scd","status":"publish","type":"post","link":"https:\/\/multimedia.cx\/eggs\/resurrecting-scd\/","title":{"rendered":"Resurrecting SCD"},"content":{"rendered":"

When I became interested in reverse engineering all the way back in 2000, the first Win32 disassembler I stumbled across was simply called “Win32 Program Disassembler” authored by one Sang Cho. I took to calling it ‘scd’ for Sang Cho’s Disassembler. The original program versions and source code are still available for download<\/a>. I remember being able to compile v0.23 of the source code with gcc under Unix; 0.25 is no go due to extensive reliance on the Win32 development environment.<\/p>\n

I recently wanted to use scd again but had some trouble compiling. As was the case the first time I tried compiling the source code a decade ago, it’s necessary to transform line endings from DOS -> Unix using ‘dos2unix’ (I see that this has been renamed to\/replaced by ‘fromdos’ on Ubuntu). <\/p>\n

Beyond this, it seems that there are some C constructs that used to be valid but are now rejected by gcc. The first looks like this:<\/p>\n

\r\nreturn  (int) c = *(PBYTE)((int)lpFile + vCodeOffset);\r\n<\/pre>\n
 Ahem, “error: lvalue required as left operand of assignment”. Removing the “(int)” before the ‘c’ makes the problem go away. It’s a strange way to write a return statement in general. However, ‘c’ is a global variable that is apparently part of some YACC\/BISON-type output.<\/p>\n
The second issue is when a case-switch block has a default label but with no code inside. Current gcc doesn’t like that. It’s necessary to at least provide a break statement after the default label.<\/p>\n
Finally, the program turns out to not be 64-bit safe. It is necessary to compile it in 32-bit mode (compile and link with the ‘-m32’ flag or build on a 32-bit system). The static 32-bit binary should run fine under a 64-bit kernel.<\/p>\n
Alternatively:<\/strong> What are some other Win32 disassemblers that work under Linux?<\/p>\n","protected":false},"excerpt":{"rendered":"
Old C programs need a little repair after a decade<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2644","post","type-post","status-publish","format-standard","hentry","category-reverse-engineering"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/2644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/comments?post=2644"}],"version-history":[{"count":6,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/2644\/revisions"}],"predecessor-version":[{"id":4648,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/posts\/2644\/revisions\/4648"}],"wp:attachment":[{"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/media?parent=2644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/categories?post=2644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multimedia.cx\/eggs\/wp-json\/wp\/v2\/tags?post=2644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}