VXDasm
last updated June
28, 1997
VXDasm is a kind of cross between a interactive browser
and a visual disassembler for Windows95's VXDs devices drivers
:
It is a "relocatable" disassembler because it deeply use
the relocations informations presents into VXDs executables;
Why ? : because only somes VXDs have a preferred load address and are
pre-relocated for this load address, and generally, most VXDs do not have
a preferred address and in this case, the use of relocations informations
highly improve the quality and the usefulness of the produced assembly
listing.
Others infos about this disassembler :
- create labels at background time (one second for a 32Ko segment size);
- scan the ControlDispatchProc to find dispatched messages entries (generally
successfully);
- scan for DDB, V86_API_Proc, PM_API_Proc, RealModeEntryProc and services
table;
- of course it decode and display VXDCall/VXDJmp to all known services
names;
- double click on a direct call/jump instruction allow to jump automatically
at the target address, then an integrated historic allow to comeback (and
after goto forward...);
- double click on a instruction using a relocated address show the relocation(s)
at this starting address (useful for instructions using subroutines tables
like "jmp [offset+EAX*4]");
- properly disassemble 32 AND 16 bits codes segments;
- drag/drop : for jump to a target service entry or target address, drag
it to an choosen disassembly view;
- full MMX support;
- colorize labels and services names;
- FREE LIMITED DEMONSTRATION VERSION
AVAILABLE (266Ko)
Example of disassembly listing
VXDasm by pictures :
Tips and Tricks
- when the active frame window is for an executable, all possibles targets
will be into the main sub menu item "Goto". When the active frame
window is for a segment, only targets falling into this segment will be
enabled or present into the main sub menu item "Goto";
- Librairy archived VXDs :
somes *.VXD files are not true VXD devices drivers, but rather archived
libraries of several VXDs. Main examples are Windows95's VMM32.VXD, and
Windows 3.1 's WIN386.EXE;
To extract VXDs contained into these archives, you can use the DEVLIB tool
supplied by the Win95 DDK, or the VXDLIB freeware tool (http://www.tbcnet.com/~clive);
- somes specials MSDOS executables use this formats : smartdrv.exe, emm386.exe;
- DOS4GW (32 bits dos-extender) executables can be disassembled by this
tool because they use the same executable format;
More Infos
