1. Forum
  2. Usenet
  3. COMP.LANG.FORTH

  • reverse engineering a 64 bit Forth

    From none) (albert@21:1/5 to All on Tue Jan 24 14:20:31 2023
    I have taken an old version of ciforth 'lina530' : a 64 bit
    linux Forth, an elf executable. Nothing special, a stable production
    version of ciforth.

    Using my tool ciasdis (that has been upgraded to understand 64
    bits code) I scripted a crawler: lina530crawl.cul
    It contains information such a
    0040,2BA0 EQU docol
    and Forth scripting to analyse a Forth header.
    Because a Forth header contains the name of a Forth word, this
    allows to generate sensible names for labels.
    All this information could be found by a person who suspect that the
    program is a Forth. (Of course it was advantageous that I was exposed.
    Not clean room, okay.)

    The test goes :

    ciasdis -d testcmp/lina530 lina530crawl.cul >lina530.asm
    ciasdis -a lina530.asm lina530
    diff -bBw testcmp lina530
    diff -bBw testcmp lina530.asm

    So with the script lina530crawl.cul , ciasdis was able to disassemble
    lina530. (ciasdis -d )
    Then it was able to assemble it (ciasdis -a) to the exact same executable.

    Now this is nothing new.
    ciasdis has completed to do this feat for the original colorforth,
    i.e. recovering a complete source, arcane strings and character
    definitions and all. (Having this colorforth analysed to death didn't
    help me to run it on my computers. And Jeff Fox hated me for doing it.)
    Forth compilers rf51 and lina405 has been reverse engineered the same way. https://github.com/albertvanderhorst/ciasdis

    What I want to brag about that it can be relocated by simply
    moving the ORG up by say 2000.
    That means that all labels are defined by their place in the source
    and automatically upgraded.
    [ They are doubly defined up front in the source, these have to be
    removed, because they are fixed EQU's. ciasdis don't care if a label
    is redefined, as long as it the same value. ]

    Groetjes Albert
    --
    Don't praise the day before the evening. One swallow doesn't make spring.
    You must not say "hey" before you have crossed the bridge. Don't sell the
    hide of the bear until you shot it. Better one bird in the hand than ten in
    the air. First gain is a cat spinning. - the Wise from Antrim -

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)