2

I wrote simple Hello word program with masm32. But then when I try to disassemble it with IDA and I am getting much bigger output (I won't write it there because it would take to much space). And I don't get it why it's different. How to run the disasembled code?

JJJ
  • 32,902
  • 20
  • 89
  • 102
LTnewbie
  • 143
  • 2
  • 11
  • I might be wrong but the bigger output should be a consequence to the fact the disassembly contains more info like the address of each instruction. – Nadir Sampaoli May 26 '12 at 09:39

1 Answers1

2

This is normal. Compilation is a "lossy" process, which means that if you compile code and then decompile it, you're not guaranteed to get exactly the same thing out that you originally put in. The same thing applies to assembly language. When you assemble and link the code, it's a one-way process.

This is why programmers save the original source code, rather than just trying to decompile their binaries when they want to fix bugs.

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
  • You don't compile assembly, you assemble and link it. Consider that for each opcode there's a corresponding binary value, so you don't have optimization typical of compiled (a.k.a. high level) languages. – Nadir Sampaoli May 26 '12 at 09:40
  • You see I have a task to disaseble a example .exe and then run run it with the output code – LTnewbie May 26 '12 at 09:42
  • Didn't mean to suggest there was any optimization occurring. I updated the answer to address terminology pedantry. – Cody Gray - on strike May 26 '12 at 09:43
  • Not to be annoying, but it's not just pedantry. Compiling and assembling are two rather different operations: a compiler modifies the structure of the code you write; instead, assembly has a 1:1 ratio to machine code (binary). It's a relevant difference, because when you disassemble ASM code you'll get exactly what you wrote (except for addresses and offset values, but their size doesn't change anyway). – Nadir Sampaoli May 26 '12 at 09:48
  • No, you don't. That's not guaranteed. It's more likely than with a compiler, sure, but you are not guaranteed to get the same thing from your disassembler that you passed to your assembler. That's the whole point. Not all assembly instructions are translated 1:1 to machine instructions. – Cody Gray - on strike May 26 '12 at 09:50
  • @nadirs Use the "Ask Question" button or post an answer of your own. The comment space is not for arguments. – Cody Gray - on strike May 26 '12 at 09:54
  • ok, [here](http://stackoverflow.com/questions/10765317/can-assembled-asm-code-result-in-more-than-a-single-possible-way-except-for-off) it is. Thanks for the heads-up. – Nadir Sampaoli May 26 '12 at 10:09
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/11769/discussion-between-nadirs-and-cody-gray) – Nadir Sampaoli May 26 '12 at 11:02
  • I am not sure of the Assemblers you all use, but any code I write in MASM or FASM is exactly what I see when I run it though Olly. @OP are you using the MASM Macros to write your hello world? If so all those macros expand to code you don't see hence more code when you disassemble – Gunner May 26 '12 at 18:42
  • This is correct in the general case (e.g., [Superoptimization](https://en.wikipedia.org/wiki/Superoptimization) and [Object code optimizers](https://en.wikipedia.org/wiki/Object_code_optimizer)), but it is unclear if this is what the user encountered. Gunner's explanation is probably more reasonable, but the asker has not really provided enough information. – jxh Mar 14 '17 at 19:46