// Easy-to-use disassembler // Author: Ripper (Fuckup5Group) // Website: www.fuckup5group.de.vu // Begining: 01/21/01 // Used compiler: Borland C++ 4.02 // // Known bugs: // - The second stage of reference scanning is slows scrolling EXTREMELY down // (outcoming 10/12/03) // - Reference scanner thread hangs while scanning the dos programm STEUERN.EXE // (outcoming 10/11/03) // - Disabled buttons look ugly, pressed buttons don't come out very good and // the background color doesn't fit too good to the normal background // (if not using "my" standard windows colors...) // (outcoming 10/11/03) // - There's a transparent pixel row between the menu- and controlbar (WinXP) // (outcoming 10/11/03) // - Jumps to places more than 128 bytes before the next command aren't // assembled correctly // (outcoming 10/10/03) // - "push dword ptr [ebp+8]", "push 004011d6" and stuff like this won't become // assembled correct // (outcoming 10/10/03) // - Jumps at section ends point to wrong places // (outcoming 09/15/03) // - Still problems with 16 bit programm references // (outcoming 09/29/02) // - In 16 bit mode programm references in programm offset mode refer to the // wrong address in their dump windows // (outcoming 09/28/02) // - The dump window appears and disappears again at once // (when the dump window is much too long at the reference's address) // (TestDLLProject.exe @00000903 (ref @0000093a)) // (outcoming 09/17/02, update 10/11/03) // - Programm refs to strings (ptbsync.exe i.e. @000343d (in its dumpview,too)) // (outcoming 02/22/02, thought killed 02/24/02, moved back to bugs 03/23/02) // - Missing memory refs at JMPs (ptbsync.exe i.e. @0000e8ce) // (outcoming 02/22/02) // - Doesn't look very well: mov dword ptr [bla] -> blub, blii // (dasmv100.exe@000325f5) // (outcoming 02/16/02) // - TDStatusBar::PaintGadgets may be only working for my system... // (outcoming 07/19/01) // - When moving the dialogs the caption is painted wrong.....!?!?!? // (outcoming 07/19/01) // - When you give the focus to the dump window and then to another programm // it's not that easy to get back to the disassembler and the dump window // (outcoming 07/16/01) // - Some "argh!"s that theoretically could make it able for trojans to hack // the system by being disassembled (COOL ;D if this program would try to // write there! But just in time this isn't possible! Oh, I think it wouldn't // work then, too! Sorry guys;( // But still there are some ways a disassembled programm can crash the system // This should REALLY be fixed soon.... // (outcoming 02/01/01, update 10/03/01)) // // History of killed bugs: // - The programm icon isn't displayed in the title bar (WinXP) // (outcoming 10/11/03, killed 10/12/03) // - Crashes when a reference has been shown and the scrollbar is moved down // (it will try to display things far off the file memory) (WinXP) // (use a 32-bit thumb position now using the GetScrollInfo function) // (outcoming 10/11/03, killed 10/12/03) // - Undo can produce some grafical artifacts // (outcoming 10/10/03, killed 10/12/03) // - Again problems with cursor and possible refs entries.... // (outcoming+killed 10/12/03) // - Programm dump windows don't adjust their size to references to imported // functions // (outcoming 10/11/03, killed 10/12/03) // - The text alignment is totally screwed with some fonts which also leads to // wrong ref places // (outcoming+killed 10/11/03) // - The link in the about box has a wrong background color // (if not using "my" standart windows colors...) // (outcoming+killed 10/11/03) // - The text alignment is totally screwed with some fonts sizes which also // leads to wrong ref places (Win98) // (outcoming+killed 10/11/03) // - Some jmps have a "#" at their tails (TestDLLProject.exe @0000060d) // -> doesn't appear anymore... // (outcoming 09/27/02, removed from bug list 10/11/03) // - Fixed register replacing routine has problems with adding two registers // -> already fixed, date unknown // (outcoming 09/08/03, removed from bug list 10/11/03) // - You can scroll the code popup at 0422e5d in DASMV201B.EXE only 2 times // down before it disappears // -> doesn't happen anymore... // (outcoming 09/08/03, removed from bug list 10/11/03) // - ETU doesn't find ANY references in very small programms (ALLINONE8.EXE) // -> ETU only checks CODE sections and that proggie didn't have any section // marked as one... but perhaps other sections should be checked, too... // (outcoming 09/08/03, removed from bug list 10/11/03) // - Possible reference addresses don't become displayed in the last row // (outcoming+killed 10/11/03) // - Programm crashed while closing it... where does it come from??? // It crashed due to a buffer overflow in Paint // (outcoming 10/03/03, killed 10/11/03) // - Buffer overflow in GetNextInstr caused in CheckFixedRegs // (outcoming 09/30/03, killed 10/03/03) // - Some memory addresses ([xxxxxxxx]) become displayed without a leading // size descriptor (i.e. FF 25 xxxxxxxx, FF 14 25 xxxxxxxx, a1 xxxxxxxx, // 8d 1d xxxxxxxx) // (outcoming 09/29/03, killed 09/30/03) // - Screen flickers when holding down unused keys // (outcoming 09/14/03, killed 09/15/03) // - Code references may not show the address their pointing at because of // wrong alignment (i.e. data bytes before that address) // (wndcmd32.exe @0008d407) // (outcoming+killed 09/14/03) // - ChaosCreator: Cursor movement has problems with possible reference lines // (outcoming 04/28/03, killed 09/13/03) // - ETU crashes when import references are to be displayed in the import // dialog when there aren't such references for that imported function // (outcoming+killed 09/14/03) // - Buffer overflow, when opening a dump window while still scanning // (outcoming 10/01/02, killed 09/09/03) // - Menu and toolbar get disabled when the programm is minimized // and maximized again // (outcoming some time ago, killed 09/07/03) // - Crashes when addresses inside a non-pe-file are checked // (outcoming 08/28/03, killed 09/07/03) // - You can open the assembler edit dialog when no file // is opened (ChaosCreator) // (outcoming 09/30/02, killed 11/05/03) // - The dump view disappears if you want to change the dump view to a ref // next to the active one (seems to be able to cause a programm crash) // (outcoming 03/23/02, killed 10/01/02) // - Strange import references (TestDLLProjekt.exe @00002944) // (=module names don't show up with ordinals) // (outcoming 03/27/02, killed 09/17/02) // - Windows flicker when mouse is over a reference // (outcoming+killed 05/14/02) // - The display of far calls and jumps to registers was wrong // (outcoming+killed 04/10/02) // - The scrollbar doesn't show up if ETU is opened without a file and then // given a PE file via drag&drop // (outcoming+killed 03/29/02) // - Dump windows aren't placed correctly when near screen edges // (outcoming+killed 03/22/02) // - The programm won't start if it's started in a directory containing spaces // (outcoming 02/16/02, killed 03/22/02) // - Export addresses aren't extracted correctly for dynamic link libraries // (outcoming 03/15/02, killed 03/22/02) // - Same with non-existing imported functions // (outcoming 01/09/02, workaround 02/15/02, killed 03/22/02) // - The programm frags when it's told to display exports of a file which // doesn't have any exports // (outcoming 12/08/01, workaround 12/09/01, killed 03/22/02) // - It crashes at shutdown after reducing the font size while viewing a non MZ // and non PE file if ychar gets changed (TDWin::Paint : PaintDasm loop with // i>=counter-2)(exact condition unknown) (lineptrs wasn't enlarged after // choosing a smaller font...) // (outcoming 03/20/02, killed 03/21/02) // - Memory dump scrolling doesn't work right // (outcoming+killed 03/19/02) // - In the assembly dump view there are call references leading to strings // (outcoming 10/02/01, killed ??/??/??) // - Sometimes when moving the mouse cursor very fast over jxxx and memory // references one jxxx stays highlighted // (outcoming 07/19/01, killed 03/17/02) // - Jumps to 16-bit far JMPs don't work // (outcoming 03/16/02, killed 03/17/02) // - REPNZ and REPZ appear with non string commands // (outcoming 03/15/02, killed 03/16/02) // - The return adresses aren't cleared after loading a new file // (outcoming+killed 03/16/02) // - MOVSX and MOVZX aren't displayed correctly (i.e. movsw edx,edx) // (outcoming 02/16/02, killed 03/16/02) // - Far calls and jumps are displayed as near ones // (outcoming+killed 03/16/02) // - Double, triple, ... REPs were all displayed in one line instead of not // allowing multiple REPs after another // (outcoming+killed 03/15/02) // - Probably the disassembly of FPU instructions is all the way wrong cause // I don't know shit about the FPU... // (outcoming a long, long time ago, killed 03/15/02) // - In hexview the undo function doesn't work in ascii when pressing backspace // (outcoming+killed 03/14/02) // - The DF XX command (FPU) is displayed wrong (a db DF is appended) // (outcoming 03/13/02, killed 03/14/02) // - Undo doesn't leave the menu after saving // (outcoming 03/11/02, killed 03/14/02) // - Deactivated buttons aren't painted alright in 24-bit video mode // (outcoming+killed 03/10/02) // - 32-bit programm offset isn't fully implemented yet!! (-> hex view) // (outcoming 02/16/02, killed 02/23/02) // - Wrong set segment overrides are left in the hex code of a asm line // (outcoming+killed 02/23/02) // - 16-bit CALLs show their destination only after moving the mouse over it // (outcoming+killed 02/22/02) // - Some PUSHs (i.e. push 00418a90) don't become memory refs (@0ae91 ptbcrkt2) // (outcoming 02/19/02, killed 02/22/02) // - Makes a small mess when disassembling AAM or AAD // (outcoming+killed 02/19/02) // - It frags if you do a pageup at 0000eb9a in file ptbcrkt2.exe // (outcoming+killed 02/19/02) // - The file endings are displayed wrong, especially in ASS-mode // (outcoming+killed 02/16/02) // - If a string with a following null is found in the code, the null isn't // shown in the hex code of that line // (outcoming+killed 02/16/02) // - The "enter" command isn't interpretated correct // (outcoming 02/03/02, killed 02/15/02) // - Reference hints don't get removed at calls and jumps to places above the // image base // (outcoming 23/01/02, killed 25/01/02) // - It finds string references in a disassembly AFTER the disassembly string;) // (outcoming+killed 25/01/02) // - When jumping to jmp [xxxxxxxx] -> yyyyyyyy then the return function // doesn't work // OOPS, it doesn't work at all anymore... // (outcoming+killed 10/03/01) // - In 16-bit negative 8-bit values were displayed as 32-bit values // (outcoming+killed 10/02/01) // - Again the >Extreme far reference<-bug had to be killed... // (outcoming+killed 10/02/01) // - There are some strange calls i.e. in explorer.exe @ 0000f80d which are // looked up as string references! Don't know what they are pointing at right // now but because of the >call< a string reference is impossible ;) // This one was fixed (it's a reference to a by ordinal imported function), // but there are still call references "leading" to strings like // explorer.exe @ 00003bea // Now this is fixed, too. Time to close this bug entry and open a new one ;) // (outcoming 07/08/01, update 07/19/01, killed 10/02/01) // - In 32-bit color video mode the disabled buttons a painted in a wrong way // (outcoming 07/19/01, killed 07/26/01) // - A mov eax,[00457af8 -> 0043068c] appeared for the first time! // DAMN, thought it wouldn't come up... // OH DAMN!!!!!! I FORGOT WHERE I FOUND IT!!! // Ahhhhhh, GOTCHA!!! // (outcoming 07/19/01, killed 07/20/01) // - >Extreme far calls/jxxx< (segment:32-bit-offset) are displayed fully wrong // (outcoming+killed 07/19/01) // - In big 16bit programms negative near calls (i.e. call $-1a) in areas // over :0000ffff lead to things like call 1fe45 instead of call fe45 // (outcoming+killed 07/18/01) // - In big 16bit programms with code in areas over :0000ffff relative // references (i.e. jnb 24e07) are recognized wrong cause it's NOT 16bit // (outcoming 07/17/01, killed 07/18/01) // - The dialog memory isn't freed after closing them => MEMORY LEAKS!!! // (outcoming 07/12/01, killed 07/16/01) // - The programm generates a page fault when there are still some dialogs open // while exiting // (outcoming+killed 07/12/01) // - Disabling of menu item "Show image properties" doesn't work // I killed it by deleting the menu items and not trying to disable them // anymore ;) THIS is effective and it looks much better :p // Comment: Now (18/07/01) I know why it didn't work: it's because of this // automatic command enabling! But now that I know I used it for the GotoEP // and the ViewOffsProg button;) // (outcoming 01/27/01, killed 07/08/01) // - references to imported functions aren't shown if the function address list // doesn't point to the function names (i.e. the windows explorer does it) // (outcoming + killed 07/07/01) // - Import, export and goto dialogs aren't closed after loading another file! // This leads to a page access fault when trying to view imports from another // module imported by the former opened file! // (outcoming 06/24/01, killed 06/24/01) // - Imported dialog sometimes shows "
" (DSOUND.DLL and // COMCTL32.DLL being imported by my modem driver) // (outcoming 02/05/01, killed 06/24/01) // - Can't go to a relative or memory address of the last section // (outcoming 0?/??/01, killed 06/09/01) // - Again a small outbut bug when hex dumping the end of file (the same???) // (outcoming + killed 06/09/01) // - Can't open image property dialog when closed once // (outcoming 01/27/01, killed 02/01/01) // - Added some missing GlobalUnlocks // (outcoming + killed 02/01/01) // - A small output bug when hex dumping the end of file // (outcoming + killed 02/01/01) // - Killed some arghs (how boring ;) // (outcoming 02/01/01, killed 02/08/01) // - Removed bug related to invalid ESC-instructions output // (outcoming + killed 02/08/01) // - Wheel granularity doesn't work in disassembler view // (outcoming 02/05/01, killed 13/05/01) // // Changes: // v2.04 ALPHA (released 10/12/03) // - WinXP scrollbar thumb bug removed (10/12/03) // - Small icon provided for WinXP (10/12/03) // v2.03 ALPHA (released 10/12/03) // - Minor bug fixes for WinXP (10/11/03) // v2.02 ALPHA (released 10/11/03) // - Added a reference rescan menuitem (10/11/03) // - Changed missing OPCODE.DLL messagebox (10/11/03) // - Added empty lines after jmp-commands (10/11/03) // v2.01 ALPHA (released 10/04/03) // - Show entry point label // (09/15/03) // - ChaosCreator's label support readded // (09/08/03) // - Added support for fixed register values including adding // and subtracting adjacent values // (09/01/03) // - Endlines behind ret-commands (ChaosCreator) // (05/11/03) // - Completly rewritten routine to colorate the programcode... (ChaosCreator) // (05/11/03) // v2.00 ALPHA (not released) // - Goto sectiondata button added to the image properties dialog // (11/11/02) // - Dump windows only start a above the dumped address, if a possible // reference becomes shown // (10/02/02) // - Dump windows start a few lines above the referenced address, which // gets highlighted // (10/01/02) // - Replaced the function name combobox with a listbox for an easier view // (10/01/02) // - Import dialog enhanced for import refs support // (09/30/02) // - Scanning for references to imported functions // (09/29/02 - 09/30/02) // - Maximal references per page increased to 400 // (09/29/02) // - Multiple possible programm references are shown in one line // (09/29/02) // - Programm references in dump windows are now shown in the same offset mode // as in the main disassembly window // (09/28/02) // - Put reference checking into a seperate thread // (09/27/02 - 09/28/02) // - Checking status control added // (09/25/02 - 09/26/02) // - Jump/call reference lookup added // (09/19/02 - 09/20/02) // - Undo now moves the view to the changed position // (09/19/02) // - Dump windows cannot overlap their own line anymore // (09/19/02) // v1.44 ALPHA (not released) // - References to imported functions now come along with their module names // (09/17/02) // - Enlarged the export and import dialog to display longer function names // (05/22/02) // - Cursor becomes grayed if window looses the focus // (05/10/02) // - The hint cursor now is two bytes wide when pointing into the ascii view // (04/10/02) // - The cursor and cursor hint colors can be set now in the prefs dialog // (03/23/02) // - In hexview a hint where's the cursor in the other editmode is displayed // (03/23/02) // v1.43 ALPHA (released 03/22/02) // - Changed the programm parameter interpretation so there shouldn't be a // problem with spaces in the etu's path name anymore (03/22/02) // - The addresses of exported functions now belong to the right names ;D // (03/22/02) // - Import and export tables are checked for legality to en- or disable the // according menu commands (03/22/02) // - Killed a bug causing a programm (not system) crash after setting up a // smaller font size (03/21/02) // - Clicking on our logo or on our url in the about box will open the // programm linked to "htmlfile" (03/19/02) // - Memory dump scrolling has been corrected (03/19/02) // - The number of rows in a dump view is now adjustable in the preferences // dialog (03/19/02) // - Added an option to disable the file open dialog at startup (03/17/02) // - Drag & Drop implemented (03/17/02) // - It's possible now to have no file opened (03/17/02) // - Far jump references corrected (03/17/02) // - Added a welcome message for first startups of new versions (03/16/02) // - Return after opening a new file isn't possible anymore (03/16/02) // - Some disassembler bugs have been killed and some commands added // (03/16/02) // v1.42 ALPHA (released 03/15/02) // - The "read only" checkbox isn't shown in the open file dialog anymore // (03/15/02) // - FPU commands have been fixed and enhanced (03/15/02) // - Undo function corrected (03/14/02) // - Section properties can be edited now (03/11/02) // - Deactivated control bar buttons are shown correctly in 24-bit now, too // (03/10/02) // - Added save button for the control bar (03/10/02) // - Changing the MZ- or the PE-header now gets noticed without crashes ;) // (03/10/02) // v1.41 ALPHA (released 03/08/02) // - Cursor finished ;D (03/08/02) // - Save only becomes enabled when the file's been changed (03/07/02) // - Improved cursor functions (03/07/02) // - Undo function implemented (03/06/02) // - ChaosCreator's OPCODE.DLL implemented (03/05/02) // - Cursor functions rewritten (03/04/02-03/05/02) // v1.40 ALPHA (not released) // - Added hex editor function (02/28/02 - 03/04/02) // v1.30 ALPHA (released 02/25/02) // - Programm references don't point to strings anymore (02/24/02) // - A search function has been implemented for hex/dec values, byte lists and // strings (02/23/02) // - A little bug of illegal instructions has been killed (02/23/02) // v1.22 ALPHA (released 02/22/02) // - 16-bit calls are shown correctly now again (02/22/02) // - References to too long strings weren't shown at all (02/22/02) // - Killed a bug that caused ETU to frag after pressing PAGEUP (02/19/02) // - Minor bug fixes // v1.21 ALPHA (released 02/16/02) // - Added the CMOVXXX commands (02/16/02) // - Strings in code found by ASS are displayed in the text reference color // and the ending null is shown in the hexcode of the line too (02/16/02) // - The ASS-function now doesn't looses the beginings of strings in commands // anymore (02/16/02) // - The line up and down functions now work better on strings (02/16/02) // - Some minor bugfixes // v1.20 ALPHA (released 02/16/02) // - The address offsets can now be displayed as programm memory offsets // in 32-bit mode, too (02/15/02) // - LOOP became a IP-changer ;D (programm references) (02/12/02) // - Some bugs got killed (until 02/15/02) // v1.12 ALPHA (not released) // - Preferences dialog added for customizing the visuals (12/11/01) // - Colors have been changed and added for imported functions and string // references (12/09/01) // v1.10 ALPHA (not released) // - Changed the dialog design to make it look less flat ;) @ ChaosCreator // Even the comboboxes look alright now! But there's something strange with // the captions when you move them... (07/19/01) // - Splitted the main file to make handling easier *ggg* // (07/19/01 - 07/26/01) // - I used a workaround to fix the "disasbled-button-in-32bit-color-mode-bug" // by checking which colormode the user is using and depending on the result // use different bitmaps for the buttons ;) (07/26/01) // - Took paint functions out of the Paint function, so that I'm able to use // them in other places, too (07/26/01 + 09/14/01 - 09/16/01) // - Added call/jxxx reference assembly dump on mouse passing // (10/01/01 - 10/02/01) // - Now page up/down really moves ONE PAGE up/down and not a silly number of // bytes in some direction (10/03/01) // - This programm got a REAL name ;D from now on it's called >>>ETU-Dasm<<< // which stands for *surprise* *surprise* "Easy-To-Use-Disassembler" *ggg* // (10/03/01) // - The size of assembly dump gets changed now depending on how much more // space is needed to show everything of the assembly // (10/03/01) // v1.0 ALPHA (released 07/19/01) // - References into programm memory (only for 32bit PEs) can now be viewed in // a hex dump by moving the mouse over its position (marked with blue). // You can scroll this dump view by using the mouse wheel while holding the // mouse still over the reference. There are also the same wheel scroll // functions as in the main window. // By clicking on the reference the popup becomes a window so that you can // move it where you want and have a look at it while looking at other // places with the main window (it won't vanish if you move the mouse off // the reference). (07/12/01) // - Calls into the programm are now highlighted green and can be jumped to // by clicking on it. When you want to return to the call you came from you // can press the "Return" menuitem. You can step up to 20 levels into the // programm on this way. Don't know if this is enough. It can be easily // made bigger so... (07/12/01) // - Killed a very >>BAAAAD<< bug causing the programm to generate a page // fault when it was closed while a dialog was still open (07/12/01) // - The prior feature has been implemented for JXXX instructions too // (Friday, 07/13/01 !) // - Added first item of the new control bar ;) (07/13/01) // - Added more items (07/16/01) // - Added call/jxxx follow support for 16bit (even far calls/jxxxs work!) // (07/16/01) // - Added option to view file offsets or programm memory offsets for 16bit // (07/18/01) // - Added status bar with help strings for the menu items // (07/18/01) // - Added a text gadget for the status bar to show the filesize // (07/18/01) // - Some less important things like centering the about dialog on screen ;D // (07/18/01) // - Recursive reference lookup has been implemented // (say 00420030 -> 0042130c -> "Hello world!" can be shown now) // (07/19/01) // - Heavy reference testing resulting in many bug fixes, but as you can see // there are still enough! But because I want to release it they will be // fixed in the next release ;) // (07/19/01) // - WOW, this file grew by 1225 lines(incl. comments) since the last version! // OK, somewhere all the new features have to come from... :D // (07/19/01) // - Legal section added to this file (boooooooooooooring) // (07/19/01) // v.8 ALPHA (released 07/08/01) // - The function to show references to imported functions inside the // assembler code has been improved so that it SHOULD work for all programms // now (windows explorer's references are shown correct now) (07/07/01) // - The exports/imports dialogs aren't shown anymore when there are no // exported/imported(!?!) functions (07/07/01) // - 16-bit disassembling feature has been added though it's not tested enough // so that it may (will;) contain many bugs (07/08/01) // - References to imported functions being imported only by ordinal are now // shown correctly (07/08/01) // - Menu bug has been killed (07/08/01) // v.76 ALPHA (released 06/24/01) // - The functions to view the imported functions were greatly improved so // that it >SHOULD< work for all PEs now. // IF YOU SHOULD DISCOVER PROGRAMMS WHERE IT DOESN'T WORK >PLEEEEEEASE< // TELL ME BY WRITING IT INTO GUESTBOOK OR FORUM!!! (06/24/01) // - Removed other bugs which were able to frag the programm (06/24/01) // - Changed minor things (06/24/01) // v.75 ALPHA (released 06/09/01) // - At last I added the long awaited *LOL* about box (06/09/01) // - Removed some minor bugs (06/09/01) // v.74 ALPHA (released 05/17/01) // - Added showing references to imported functions (05/12/01) // - Added wheel features (05/13/01): // wheel+ left mouse button = one line // wheel+right mouse button = one byte // - Added showing references to strings (by address NOT resid) (05/17/01) // - Some minor things // v.7 ALPHA (released 02/08/01): // - Added a first (bad) implementation of the optional "auto string search" // feature in disassembler view (strings need at least 3 chars) // - Added the ultimative GOTO dialog with three types of addresses: // file offset (hmm, what could this be;), RVA (relative virtual address) // and memory address (it's the RVA plus the imagebase) // - changed the structure of the source and some minor things // v.6 ALPHA (released 02/05/01): // - Added dialog to view exported functions and go to them // - Added mouse wheel support (including a bug) // - Changed dialog sizes to make them be displayable all at the same time // on the right side of the screen left to the scroll bar when using a // screen resolution of 800x600 (still not the best way) // v.5 ALPHA (released 02/04/01): // - it's the first release, so no changes to any prior releases;) // // TODO: // - Speed up reference scanning (especially for bigger files) // - Show resources // - Show infos correct in statusbar // - Show offset in statusbar // - Print function // - Lookup for hidden code references (mov eax call eax, push x call pop ret) // - Horizontal scrollbar // - Copy & paste features // - Export disassembled text // - Reduce flickering (perhaps by using TextOut's background color/InvRec(0)) // - Implement MMX commands // - Highlight modified data // - Search functions (string/memory refs) // - Optimize font options (looks VERY ugly with some sizes...) // - Adjust size of export dialog depending on the function name lengths // - Add the possibility to give programm functions names AND/OR use debug // information that may be stored in it // - Option to delele corresponding jxxx returns after call return // - Optimize controlbar style (looks ugly :( ) // - Add support for resource section // - In assembler view a horizontal scroll bar may be needed // - Allow to follow jmp [00414024] -> 00401060 -> "UrM" (jump to 00401060) // - Find a way to display references in the middle of an instruction // (i.e. mov dword ptr [00412348], eax) Don't just throw the ref-info away;) // - Improve auto string search function (look in front and after a non ascii // byte to decide whether it's a string or not) // - Add feature to select a part and copy it into the clipboard // - Check 16 or 32 bit disassembly by looking at the file extension // - Add interrupt 21h function lookup feature // - Completly redesign the disassembler itself (DASTVxxx.CPP) // (it looks soooooo ugly and it's much too complicated, so it could be even // faster ;) I didn't test on slower computers yet, so I don't know if it's // as fast as I hope there...) // // Keys: // look at TDWin::EvKeyDown() ;) // hmmmmm, it doesn't belong to this release anymore... hmmmmm // then try the keys or download version 1.0 where the source code is still // included ;D // I know I could write something useful here, but right now I don't want to ;) // // Comments to legality: // BEFORE you use this programm to disassemble all (or only some) of your // programms MAKE SURE THAT YOU ARE ALLOWED TO DISASSEMBLE THEM! Many (if not // most) programms you use tell you in their license agreement you agreed that // you are NOT ALLOWED to disassemble them! So if you do it anyways and you're // caught (what is very improbable, but...) it's NOT MY PROBLEM! You have been // warned to use this programm only on your own programms or ones that you are // allowed to disassemble!