Re: [Biew-general] biew

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello, X-Fixer!

On Wed, 13 Nov 2002 18:56:29 +0600 you wrote:

> Hi there-
> 
> I was using biew for quite some time and have just collected most issues, that I
> had with it (I write them in compact form, sorry if anything is not clear)
> 
> - I've found a file that crashes BIEW (attached)
Which version of rar do you use?
I've got: 

RAR 2.71     Copyright (c) 1993-2000 Eugene Roshal     20 June 2000
Shareware version         Type RAR -? for help

Extracting from crahser.rar

Unknown method in crahser
Skipping    crahser                                                      57% 99%
No files to extract

> - find string ("search for hex")
>   - why delete key does not work ?
Because BkSpace key deletes 3 characters simultaneously
and such behaviour was not implemented for delete key
which simply doesn't work.
>   - case-insensetive search applies ?!
Should work!
> - disasm
>   - "C4 C4" is interpreted as "les ax, sp", which is impossible, of course.
>   in fact, this invalid opcode, used by win2k in DOS emulation. more info is
>   in 2000ddk (I can send what's needed).
The main idea of biew's disassembler is displaying of every opcode which can
have translation even if it's illegal opcode for the current moment of the time.
Simply because map of insns in x86 system has predictive structure and
believe me, many opcodes which were added during living of biew were
predicted by biew a long ago of their implementation.
> - would be cool if biew can undecorate C++ names (in exports, imports etc)
>   you can use imagehlp.dll for MS compilers and some internal code for gcc and
>   watcom (I hope)
Biew is portable project and can not be depended on MS only stuff!
From other side mangling of C++ names depends on type of C++ compiler
(means - gcc for example will generate other names of C++ functions
than MSVC and so on)
> - pe
>   - imports
>     - sort does nothing! (usually entries are sorted initially, but not always)
Works for me!
>     - would be great to merge all import entries for same DLLs (e.g. in biew.exe)
>       (may be it's better to make an option)
In current model biew shows real structure of binary files (AS IS).
> - pe/ne (/le ?)
>   - would be great to have some simple resource viewer. at least I want to see
>     version info (this is the only thing I have to use Explorer for)
The resources are too application depended features and many types of resources
are application specific. From other side - for GUI based OS'es like Windows
almost all resources exist in graphics form so representing them in text mode
is a bit silly at least. From other side there are many nice GUI based resource
EDITORS like Borland's workshop.
What about VERSION_INFO only - it would be possible to implement such feature
so if you have some patches then I'll be glad to apply them ;)
> - le
>   - would be great if biew recongized VMM calls and showed their names
>     (like HIEW)
Probably you are right by I have too poor documentation of LE format.
> - arch
>   - when viewing arch files it would be great to get info about every obj in it
>   (may be in cooperation with obj viewers)
Probably yes but it requires redesigning of every pluging to make it ready
to work with non NULL based files. From other side - it would be better to
implement something like file viewers for arch format (for example plugin for
FAR which will call biew as context viewer).
> - a.out
>   - address decoding is wrong, since it treats VA adresses as file offsets, but
>     indeed very few aouts have header in image, so you should add image offset
>     (0x400 typically). For example, most aouts have entry point at 0.
Probably you are right here but I'm mainly using ELF format thus a.out wasn't
hacked well by me.
> 
> (I use BIEW 5.3.2)
> 
> I can code some of this, but I do not have time at the moment :(
;)
> 
> Peace,
> X-Fixer

WBR! Nick