-
Notifications
You must be signed in to change notification settings - Fork 2
/
ciasdis.1
213 lines (190 loc) · 6.08 KB
/
ciasdis.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
.\" $Id: ciasdis.1,v 1.11 2016/05/13 15:49:23 albert Exp $
.TH cias "1" "Jan 2015" "cias 1.1.0" DFW
.SH "NAME"
cias \- computer_intelligence_assembler_386
.br
cidis \- computer_intelligence_disassembler_386
.SH "SYNOPSIS"
.\" \fBcias \fR [\ \fB\-HV\fR\ ]
.\" .br
.\" \fBcidis \fR [\ \fB\-HV\fR\ ]
.\" .br
\fBcias\fR \ [ [<source-file>] <bin-file> ]
.br
\fBcidis\fR \ [ [<bin-file>] <consult> ]
.\".br
.\"\ficias/cidis\fR \ \fB\-I\fR\ <binary-path> <library-path>
.\".br
.\"\ficias/cidis\fR \ \fB\-L\fR\ <library> [ params ]
.\".br
.\"\ficias/cidis\fR \ \fB\-S\fR\ <script> [ params ]
.SH "DESCRIPTION"
The \fB
computer intelligence assembler and disassembler
\fR is a reverse engineering
system that is able to
disassemble an executable to
source code and assemble it to
the exact same binary code.
You can specify towards
the disassembler
which sections are what sort of
data and which are code, provide annotations, etc.
in order to make the source comprehensible.
These specifications can be stored, reused and combined,
and require no ordering.
All source generated by the disassembler is
by definition valid input for the assembler.
\fI cias cidis \fR
is based on an interactive Forth system,
resulting in unlimited flexibility.
You can use its simple basic commands,
expand it with macro's,
or resort to the underlying
language in order to partially or totally rewrite
it.
Information about the executable
is accumulated in a
so called \fIconsult\fR file
with extension \fBcul\fR.
In typical Forth fashion a \fBcul\fR file can be used as
a script.
After loading a script it can be burned into a new executable,
spawning a customized disassembler.
.SH "COMMAND"
\fIcias\fR has no options but there is a wealth of commands
in interactive mode.
If called with two parameters,
\fIcias\fR assembles the \fI<source-file>\fR to \fI<bin-file>\fR .
This is a two-pass assembler, so forward references to labels are
alllowed.
If \fB<bin-file>\fR is missing,
the extension \fB.frt\fR removed from \fI<source-file>\fR ,
for other extensions
the output is in \fIa.out\fR .
Having one source file is no restriction.
By using \fBINCLUDE\fR \fI<source2>\fR another source file
can be included verbatim.
Ihe interactive mode is started if there is no parameter.
All \fBASSEMBLER\fR commands can now we tried
out interactively (see lina(1)).
A \fBBYE\fR command ends an interactive session.
After the command \fBFORTH\fR
you have a full Forth environment available (see lina(1))
\fIcidis\fR has no options but there is a wealth of commands
in interactive mode.
If there is a \fibin-files\fR parameter,
it is loaded into the code-buffer.
If there is a \ficonsult\fR parameter,
it is consulted.
Then the interactive mode is entered,
unless the \ficonsult\fR ends in a \fiBYE\fR command.
A disassembly is always generated on standard output
and must be captured by redirection.
All commands acceptable in a
consult file (see cul(5))
may be used interactively.
After the command \fBASSEMBLER\fR
proposed modification for the
assembler source can be tried out interactively (see lina(1))
After the command \fBFORTH\fR
you have a full Forth environment available (see lina(1))
.\"\ficias/cidis\fR without options starts an interactive system.
.\"If used as a filter, \ficias/cidis\fR doesn't reflect its input and exits
.\"at end of input.
.\"Options are implemented by a simple mechanism through
.\"the source library, and hence are configurable.
.\"The first letter after the \- (or DEC-style /)
.\"determines the option.
.\"It is case insensitive and further letters are ignored.
.\"Usually one option only is processed.
.\"If the interactive interpreter is started, that is indicated.
.\"
.\".TP
.\"\fB\-A\fR, \fB\-R\fR
.\"
.\"Make the word \fIREQUIRE\fR available.
.\"Then start the interpreter.
.\".TP
.\"\fB\-C\fR \fIfile.frt\fR
.\"Compile \fIfile.frt\fR to the binary \fIfile\fR.
.\".TP
.TP
\fB\-H\fR
Print help, i.e. the option summary.
.\".TP
.\"\fB\-M\fR, \fB\--\fR, \fB\-\-help\fR, \fB\-\-version\fR
.\"print help, version and copyright information.
.\".TP
.TP
\fB\-V\fR
Print version and copyright information.
.SH "AVAILABILITY"
\ficias/cidis\fR is based on \fBciforth\fR.
.br
The generic system can be fetched from
.IP
\fI http://home.hccnet.nl/a.w.m.van.der.horst/ciforth.html\fR
.PP
MS-DOS, "windows" , stand alone and Alpha Linux
versions are available.
.SH "EXAMPLE"
A typical consult file to disassemble
a c-program could contain:
.br
\ \ \ 0 148 -DB: header
.br
\ \ \ 148 2008 -DB : data
.br
\ \ \ 2008 4804 -DC: text
.br
\ \ \ DISASSEMBLE-ALL
.br
\ \ \ BYE
.br
The actual command to disassemble is:
.br
\ \ \ cidis freecell.exe freecell.cul > freecell.asm
If the consult file covers the whole binary, the command
.br
\ \ \ cias freecell.exe freecell.asm
.br
will regenerate into \fBfreecell\fR a byte for byte replica
of \fBfreecell.exe\fR
irrespective whether the
interpretation as code or data in the .cul is correct.
.SH "ENVIRONMENT"
Configuration is done fully internal.
.SH "FILES"
\fIforth.lab\fR contains a Forth source library.
This provides additional facilities for advanced use.
If it is absent,
assembler errors result in numeric error messages without mnemonics.
.SH "SEE ALSO"
lina(1) Linux Native version of ciforth, release 5.
.br
cul(5) format of consult file.
.SH "DIAGNOSTICS"
Uncaught exceptions will show the error number.
Positive error numbers are \fBciforth\fR-specific and
explained in the documentation.
Negative error numbers are OS-specific.
A mnemonic message is fetched from the library file and displayed,
if possible.
.SH "CAVEAT"
Mistakes in Forth mode can easily crash \ficias/cidis\fR.
\ficias/cidis\fR is case sensitive.
.SH DISCLAIMER
The name of these programs is
\fRcomputer_intelligence_assembler_386\fR
\fRcomputer_intelligence_disassembler_386\fR
For convenience you can make a link to "cias" and "cidis".
This is your own responsibility,
all three, four and five letter words are registered trademarks
or will be in the foreseeable future.
\fIcias/cidis\fR
are made available under the GNU Public License:
quality, but NO warranty.
.SH "AUTHOR"
Copyright \(co 2004-2015
Albert van der Horst \fI albert@spenarnc.xs4all.nl\fR.