dissassembled code. 
Author Message
 dissassembled code.

I was given a dissassembled program to work with and told the source
code
was missing. I wrote a linker in PDP macro 11 back in college, but
that was a very long time ago on a different instruction set.
They want me to figure out what this thing does. It's an encryption
program of some sort. I deleted some lines of code here and there
in the unlikely event they may not want me to post this here.
All I have for doc at the momement is stuff of www.simotime.com

Basicaly I see the first statement is a branch with a mask.
What does mask of 16 mean here ? In most places where there
is some sort of branch it uses R12, how can I tell what is in R12 ?
It doesn't appear that R12 is based on my CSECT base. It looks
like the offsets to branch to are decimal rather than hex.
There appears to be one main section of code, followed by
several subroutines or case statement parts followed by data
at the end where all the DC statements are. There appears to be
some load statements in the middle of the data blocks which
don't make sense as how could you branch out of them ?

 Anyone who thinks they can solve it in a snap and wants to
try, email me and I may be tempted to email you the full
source code as this may be a time consuming project.

 Is there any way to tell what language produced this ?
I was told assembly, but I don't know if they really know that.

                              RPSU001  CSECT
000000  04    47F0F010                 B     16(,R15)
000004  02    0BD9                     BSM   R13,R9
000006  08    D7E2E4F0F0F14040         DC    C'PSU001  '
00000E  02    4040                     DC    C'  '
000010  04    90ECD00C                 STM   R14,R12,12(R13)          
  SAVE REGS
000014  02    05C0                     BALR  R12,R0                  
  ADDRESS SET
000016  04    58A01000                 L     R10,0(,R1)
00001A  04    58901004                 L     R9,4(,R1)
00001E  04    92F0A00F                 MVI   15(R10),C'0'
000022  04    45E0C038                 BAL   R14,56(,R12)            
  PERFORM
000026  04    45E0C0D8                 BAL   R14,216(,R12)            
  PERFORM
00002A  04    95C5A00E                 CLI   14(R10),C'E'
00002E  04    4770C024                 BNE   36(,R12)
000032  04    45E0C112                 BAL   R14,274(,R12)            
  PERFORM
000036  04    47F0C02C                 B     44(,R12)
00003A  04    45E0C13E                 BAL   R14,318(,R12)            
  PERFORM
00003E  04    47F0C02C                 B     44(,R12)
000042  04    900FA010                 STM   R0,R15,16(R10)          
  SAVE REGS
000046  04    98ECD00C                 LM    R14,R12,12(R13)          
  RESTORE REGS
00004A  04    47FE0000                 B     0(R14)
00004E  04    50E0A05C                 ST    R14,92(,R10)

...
... <lines deleted>
...

0000E4  04    4770C0D2                 BNE   210(,R12)
0000E8  04    58E0A05C                 L     R14,92(,R10)
0000EC  02    07FE                     BR    R14                      
  EXIT
0000EE  04    50E0A05C                 ST    R14,92(,R10)
0000F2  06    D203A066A00A             MVC   102(4,R10),10(R10)
0000F8  06    D603A066C3C2             OC    102(4,R10),962(R12)
0000FE  06    F273A050A066             PACK  80(8,R10),102(4,R10)
000104  04    4F10A050                 CVB   R1,80(,R10)
000108  04    4210A06A                 STC   R1,106(,R10)
00010C  02    1711                     XR    R1,R1
00010E  02    1722                     XR    R2,R2
000110  04    4310A06A                 IC    R1,106(,R10)
000114  04    4320C1A6                 IC    R2,422(,R12)
000118  02    1A12                     AR    R1,R2
00011A  04    4210A06A                 STC   R1,106(,R10)
00011E  04    47F0C10C                 B     268(,R12)
000122  04    58E0A05C                 L     R14,92(,R10)
000126  02    07FE                     BR    R14                      
  EXIT
000128  04    50E0A05C                 ST    R14,92(,R10)
00012C  04    41109000                 LA    R1,0(,R9)
000130  04    4820A064                 LH    R2,100(,R10)
000134  04    4130C1BA                 LA    R3,442(,R12)
000138  02    1744                     XR    R4,R4
00013A  04    4340A06A                 IC    R4,106(,R10)
00013E  02    1A34                     AR    R3,R4
...
... lines deleted
...

00014E  04    58E0A05C                 L     R14,92(,R10)
000152  02    07FE                     BR    R14                      
  EXIT
000154  04    50E0A05C                 ST    R14,92(,R10)
000158  04    45E0C166                 BAL   R14,358(,R12)            
  PERFORM
00015C  04    41109000                 LA    R1,0(,R9)
...
....
...

000172  04    4620C152                 BCT   R2,338(,R12)
000176  04    58E0A05C                 L     R14,92(,R10)
00017A  02    07FE                     BR    R14                      
  EXIT
00017C  04    50E0A060                 ST    R14,96(,R10)
000180  04    4110A06B                 LA    R1,107(,R10)
000184  04    41200100                 LA    R2,256
000188  04    4130C1BA                 LA    R3,442(,R12)
00018C  02    1744                     XR    R4,R4
00018E  04    4340A06A                 IC    R4,106(,R10)
000192  02    1A34                     AR    R3,R4
000194  04    41500000                 LA    R5,0
000198  02    1744                     XR    R4,R4
00019A  04    43403000                 IC    R4,0(,R3)
00019E  04    42541000                 STC   R5,0(R4,R1)
0001A2  04    41303001                 LA    R3,1(,R3)
0001A6  04    41505001                 LA    R5,1(,R5)
0001AA  04    4620C184                 BCT   R2,388(,R12)
0001AE  04    58E0A060                 L     R14,96(,R10)
0001B2  02    07FE                     BR    R14                      
  EXIT
0001B4  01    A9                       DC    X'A9'
0001B5  01    F8                       DC    C'8'
0001B6  02    DD1B                     DC    X'DD1B'
0001B8  04    018897AF                 DC    X'018897AF'
0001BC  04    880CA9EE                 DC    X'880CA9EE'
0001C0  02    3299                     DC    X'3299'
0001C2  08    4040404040404040         DC    C'        '
0001CA  02    4040                     DC    C'  '
0001CC  04    00000000                 DC    F'0'
0001D0  02    1012                     LPR   R1,R2
0001D2  02    1416                     NR    R1,R6
0001D4  02    181A                     LR    R1,R10
0001D6  02    1C1E                     DC    H'7198'
0001D8  02    1F1D                     SLR   R1,R13
0001DA  02    1B19                     SR    R1,R9
0001DC  04    17151311                 DC    X'17151311'
0001E0  04    30323436                 DC    X'30323436'
0001E4  04    383A3C3E                 DC    X'383A3C3E'
0001E8  04    3F3D3B39                 DC    X'3F3D3B39'
0001EC  04    37353331                 DC    X'37353331'
0001F0  04    50525456                 ST    R5,1110(R2,R5)
0001F4  04    585A5C5E                 L     R5,3166(R10,R5)
0001F8  02    5F5D                     DC    X'5F5D'
...
...
...

00020B  01    79                       DC    X'79'
00020C  04    77757371                 DC    X'77757371'
000210  04    90929496                 STM   R9,R2,1174(R9)          
  SAVE REGS
000214  04    989A9C9E                 LM    R9,R10,3230(R9)          
  RESTORE REGS
000218  04    9F9D9B99                 DC    X'9F9D9B99'
00021C  04    97959391                 DC    X'97959391'
000220  04    B0B2B4B6                 DC    X'B0B2B4B6'
000224  04    B8BABCBE                 DC    X'B8BABCBE'
000228  04    BFBDBBB9                 DC    X'BFBDBBB9'
00022C  04    B7B5B3B1                 DC    X'B7B5B3B1'
000230  01    D0                       DC    X'D0'
000231  04    D2D4D6D8                 DC    C'KMOQ'
000235  01    DA                       DC    X'DA'
000236  02    DCDE                     DC    X'DCDE'
000238  06    DFDDDBD9D7D5             EDMK  3033(222,R13),2005(R13)
00023E  07    D3D1F0F2F4F6F8           DC    C'LJ02468'
000245  01    FA                       DC    X'FA'
000246  02    FCFE                     DC    X'FCFE'
000248  03    FFFDFB                   DC    X'FFFDFB'
00024B  05    F9F7F1F3                 DC    C'97531'
000250  01    E0                       DC    X'E0'
000251  04    E2E4E6E8                 DC    C'SUWY'
000255  01    EA                       DC    X'EA'
000256  02    ECEE                     DC    X'ECEE'
000258  03    EFEDEB                   DC    X'EFEDEB'

...
...
...

000268  03    CFCDCB                   DC    X'CFCDCB'
00026B  05    C9C7C1C3                 DC    C'IGECA'
000270  04    A0A2A4A6                 DC    X'A0A2A4A6'
000274  04    A8AAACAE                 DC    X'A8AAACAE'
000278  04    AFADABA9                 DC    X'AFADABA9'
00027C  04    A7A5A3A1                 DC    X'A7A5A3A1'
000280  04    80828486                 DC    X'80828486'
000284  04    888A8C8E                 DC    X'888A8C8E'
000288  04    8F8D8B89                 DC    X'8F8D8B89'
00028C  04    87858381                 DC    X'87858381'
000290  01    60                       DC    C'-'
000291  01    62                       DC    X'62'
000292  02    6466                     DC    X'6466'
000294  04    686A6C6E                 DC    X'686A6C6E'
000298  01    6F                       DC    X'6F'
000299  01    6D                       DC    C'_'
00029A  02    6B69                     DC    X'6B69'
00029C  03    676563                   DC    X'676563'
00029F  02    6140                     DC    C'/ '
0002A1  01    42                       DC    X'42'
0002A2  04    4446484A                 EX    R4,2122(R6,R4)
0002A6  04    4C4E4F4D                 MH    R4,3917(R14,R4)
0002AA  01    4B                       DC    C'.'
0002AB  01    49                       DC    X'49'
0002AC  04    47454341                 DC    X'47454341'
0002B0  04    20222426                 DC    X'20222426'
0002B4  04    282A2C2E                 DC    X'282A2C2E'
0002B8  04    2F2D2B29                 DC  
...

read more »



Sun, 22 Jan 2006 04:59:23 GMT  
 dissassembled code.
"bhagavad_guitar"  wrote

Quote:
> I was given a dissassembled program to work with and told the source
> code
> was missing. I wrote a linker in PDP macro 11 back in college, but
> that was a very long time ago on a different instruction set.
> They want me to figure out what this thing does. It's an encryption
> program of some sort. I deleted some lines of code here and there
> in the unlikely event they may not want me to post this here.
> All I have for doc at the momement is stuff of www.simotime.com

> Basicaly I see the first statement is a branch with a mask.
> What does mask of 16 mean here ? In most places where there
> is some sort of branch it uses R12, how can I tell what is in R12 ?
> It doesn't appear that R12 is based on my CSECT base. It looks
> like the offsets to branch to are decimal rather than hex.
> There appears to be one main section of code, followed by
> several subroutines or case statement parts followed by data
> at the end where all the DC statements are. There appears to be
> some load statements in the middle of the data blocks which
> don't make sense as how could you branch out of them ?

>  Anyone who thinks they can solve it in a snap and wants to
> try, email me and I may be tempted to email you the full
> source code as this may be a time consuming project.

>  Is there any way to tell what language produced this ?
> I was told assembly, but I don't know if they really know that.

This source appears to be of a subprogram that is to be called
from a (main) program which provides two arguments.

I must add that the code itself looks rather "dangerous" as it depends
upon the calling program to provide some of the addresses used
internally in the subprogram. Unless there is a "safe" initialisation
from the subprogram and unless the calling program is reliable in
protecting the first argument (holding these addresses) such code
is definitely to be avoided.

I have taken the liberty to modify your code on the assumption that
the language used is really IBM Assembly, but if someone has
written this in assembly language it is very surprising how many
places he has coded a branch to the immediately following
statement. However, I know of no high-level language compiler
that produces this kind of code. In particular the lacking local
savearea is a strong indication that the source was indeed written
directly in assembly language.

You will find that I have replaced most addresses relative to R12
with symbolic labels Lxxx where "xxx" is the offset into the module.

hope this helps

regards Sven

Quote:

>                               RPSU001  CSECT
  USING *,R15
> 000000  04    47F0F010                 B     L010
> 000004  01    0B                     DC AL1(L'L005)
> 000005  0B    D9D7E2E4F0F0F14040    L005     DC    CL11'RPSU001'
> 000010  04    90ECD00C        L010         STM   R14,R12,12(R13)
> 000014  02    05C0                     BALR  R12,R0        Establish base

register for the module
  DROP R15
  USING *,R12

- Show quoted text -

Quote:
> 000016  04    58A01000                 L     R10,0(,R1)   Load address of
first parameter
> 00001A  04    58901004                 L     R9,4(,R1)   Load address of
second parameter
> 00001E  04    92F0A00F                 MVI   15(R10),C'0'
> 000022  04    45E0C038                 BAL   R14,L04E
> 000026  04    45E0C0D8                 BAL   R14,L0EE
> 00002A  04    95C5A00E                 CLI   14(R10),C'E'
> 00002E  04    4770C024                 BNE   L03A
> 000032  04    45E0C112                 BAL   R14,L128
> 000036  04    47F0C02C                 B     L042
> 00003A  04    45E0C13E        L03A         BAL   R14,L154
> 00003E  04    47F0C02C                 B     L042
> 000042  04    900FA010         L042        STM   R0,R15,16(R10)
> 000046  04    98ECD00C                 LM    R14,R12,12(R13)
> 00004A  04    47FE0000                 B      0(R14)
> 00004E  04    50E0A05C       L04E          ST    R14,92(,R10)

> ...
> ... <lines deleted>
> ...

> 0000E4  04    4770C0D2                 BNE   L0E8
> 0000E8  04    58E0A05C         L0E8        L     R14,92(,R10)
> 0000EC  02    07FE                     BR    R14
> 0000EE  04    50E0A05C              L0EE   ST    R14,92(,R10)
> 0000F2  06    D203A066A00A             MVC   102(4,R10),10(R10)
> 0000F8  06    D603A066C3C2             OC    102(4,R10),L3D8
> 0000FE  06    F273A050A066             PACK  80(8,R10),102(4,R10)
> 000104  04    4F10A050                 CVB   R1,80(,R10)
> 000108  04    4210A06A                 STC   R1,106(,R10)
> 00010C  02    1711                     XR    R1,R1
> 00010E  02    1722                     XR    R2,R2
> 000110  04    4310A06A                 IC    R1,106(,R10)
> 000114  04    4320C1A6                 IC    R2,L1BC
> 000118  02    1A12                     AR    R1,R2
> 00011A  04    4210A06A                 STC   R1,106(,R10)
> 00011E  04    47F0C10C                 B     L122
> 000122  04    58E0A05C           L122      L     R14,92(,R10)
> 000126  02    07FE                     BR    R14
>   EXIT
> 000128  04    50E0A05C           L128      ST    R14,92(,R10)
> 00012C  04    41109000                 LA    R1,0(,R9)
> 000130  04    4820A064                 LH    R2,100(,R10)
> 000134  04    4130C1BA                 LA    R3,L1D0
> 000138  02    1744                     XR    R4,R4
> 00013A  04    4340A06A                 IC    R4,106(,R10)
> 00013E  02    1A34                     AR    R3,R4
> ...
> ... lines deleted
> ...

> 00014E  04    58E0A05C                 L     R14,92(,R10)
> 000152  02    07FE                     BR    R14
>   EXIT
> 000154  04    50E0A05C            L154     ST    R14,92(,R10)
> 000158  04    45E0C166                 BAL   R14,L17C
>   PERFORM
> 00015C  04    41109000                 LA    R1,0(,R9)
> ...
> ....
> ...
> 000168                                        L168 EQU *

> 000172  04    4620C152                 BCT   R2,L168
> 000176  04    58E0A05C                 L     R14,92(,R10)
> 00017A  02    07FE                     BR    R14
>   EXIT
> 00017C  04    50E0A060                L17C   ST    R14,96(,R10)
> 000180  04    4110A06B                 LA    R1,107(,R10)
> 000184  04    41200100                 LA    R2,256
> 000188  04    4130C1BA                 LA    R3,L1D0
> 00018C  02    1744                     XR    R4,R4
> 00018E  04    4340A06A                 IC    R4,106(,R10)
> 000192  02    1A34                     AR    R3,R4
> 000194  04    41500000                 LA    R5,0
> 000198  02    1744                     XR    R4,R4
> 00019A  04    43403000            L19A     IC    R4,0(,R3)
> 00019E  04    42541000                 STC   R5,0(R4,R1)
> 0001A2  04    41303001                 LA    R3,1(,R3)
> 0001A6  04    41505001                 LA    R5,1(,R5)
> 0001AA  04    4620C184                 BCT   R2,L19A
> 0001AE  04    58E0A060                 L     R14,96(,R10)
> 0001B2  02    07FE                     BR    R14
>   EXIT
> 0001B4  01    A9                       DC    X'A9'
> 0001B5  01    F8                       DC    C'8'
> 0001B6  02    DD1B                     DC    X'DD1B'
> 0001B8  04    018897AF                 DC    X'018897AF'
> 0001BC  04    880CA9EE          L1BC       DC    X'880CA9EE'
> 0001C0  02    3299                     DC    X'3299'
> 0001C2  08    4040404040404040         DC    C'        '
> 0001CA  02    4040                     DC    C'  '
> 0001CC  04    00000000                 DC    F'0'
> 0001D0  08    1012                    L1D0  DC X'10121416181A1C1E'
> 0001D8  08    1F1D                         DC X'1F1D1B1917151311'
> 0001E0  08    30323436                 DC    X'30323436383A3C3E'
> 0001E8  08    3F3D3B39                 DC    X'3F3D3B3937353331'
> 0001F0  08    50525456                 DC    X'50525456585A5C5E'
> 0001F8  08    585A5C5E                 DC    X'5F5D5B5957555351'
> ...
> ...
> ...

more data-areas built according to a system similar as for the fields above

- Show quoted text -

Quote:

> 0003D0  08    F0F0F0F1F4F0F0F0         DC    C'00014000'
> 0003D8  04    F0F0F0F0              L3D8   DC    C'0000'
>                                        REQU
>                                        END



Sun, 22 Jan 2006 06:00:50 GMT  
 dissassembled code.
On 5 Aug 2003 13:59:23 -0700, bhagavad_guitar hath writ:

Quote:
> I was given a dissassembled program to work with and told the source
> code was missing. I wrote a linker in PDP macro 11 back in college,
> but that was a very long time ago on a different instruction set.
>...
> Basicaly I see the first statement is a branch with a mask.
> What does mask of 16 mean here ?

>                               RPSU001  CSECT
> 000000  04    47F0F010                 B     16(,R15)

You're in WAY over your head.
That is NOT a "..mask of 16."  That is a DISPlacement of 16 beyond
the address contained in the specified BASE register -- here R15.

Get some qualified help.
I'm probably available.

Jonesy -- IBM Assembler since 1966
--
  | Marvin L Jones       | jonz         |  W3DHJ   |  OS/2

  |   7,703' -- 2,345m   |   config.com |  DM68mn             SK



Sun, 22 Jan 2006 06:43:22 GMT  
 dissassembled code.

Quote:

>I was given a dissassembled program to work with and told the source code
>was missing.

If the listing is *all* you have to work with, you've got _real_ problems.

The typical work-cycle involves _repeated_ dissasembly of the module,
utilizing a growing "hints" file -- that allows you to assign USING pseudo-
ops, symbolic _names_ to addresses, and to -force- specified areas of data
to be interpreted in the desired form/format -- e.g. 'instruction', 'data',
etc.

Quote:
>             I wrote a linker in PDP macro 11 back in college, but
>that was a very long time ago on a different instruction set.
>They want me to figure out what this thing does. It's an encryption
>program of some sort. I deleted some lines of code here and there
>in the unlikely event they may not want me to post this here.
>All I have for doc at the momement is stuff of www.simotime.com

>Basicaly I see the first statement is a branch with a mask.
>What does mask of 16 mean here ?

Consult your green/yellow card.  or the POPS book.   <grin>

A hazard of using a 'dumb' disassembler -- that doesn't back-code to
"extended" mmemonics for conditional branch instructions.   :)

Quote:
>                                 In most places where there
>is some sort of branch it uses R12, how can I tell what is in R12 ?
>It doesn't appear that R12 is based on my CSECT base. It looks
>like the offsets to branch to are decimal rather than hex.

yes, that's how -that- disassembler is showing them, it appears.

Quote:
>There appears to be one main section of code, followed by
>several subroutines or case statement parts followed by data
>at the end where all the DC statements are. There appears to be
>some load statements in the middle of the data blocks which
>don't make sense as how could you branch out of them ?

What you see is "artifact" of the dis-assembly process.

*lots* of stuff gets 'mis-identified' by dissasemblers.  Starting at the
very -beginning- of the listing, for example.

This is what the dis-assembler 'hints' file is used to 'fix'.

The second instruction is virtually certain *not* to be an instruction.
Byte 4 looks to be the -length- of the string starting at byte 5
The 'D9' at byte 5 is almost certianly the start of the char string constant
"RPSU001    "

Given that, then, at offset 0, you have an 'unconditional jump' around the
module name.   This 'preamble' -could- be high-level-language generated, or
a 'convention' in the originating shop.  For no good reason, I favor the latter
interpretation.  <grin>

address 10 is traditional 'entry point' code
at address 16, you've got "fetch passed parameter (addresses)" for 2 parameters,
and set a character '0' at  offset 15 (decimal) in the 1st passed param.

Quote:
> Anyone who thinks they can solve it in a snap

No chance.  the discipline is 'reverse engineering', is inevitably time-
consuming, requiring a trained eyeball, _and_ a particular kind of 'warped'
mind-set.  (it's actually a cousin of intergral calculus)

The data blocks at the end of the listing are reminiscent of a table-lookup
CRC-16 calculation.  *VERY* reminiscent.  

Quote:
>                                               and wants to
>try, email me and I may be tempted to email you the full
>source code as this may be a time consuming project.

not 'may be', *will*.

Quote:

> Is there any way to tell what language produced this ?

*NOT* with any reasonable degree of certainty.  an 'educated' guess is
sometimes possible.

Quote:
>I was told assembly, but I don't know if they really know that.

I don't see anything that _looks_ like high-level language constructs.
This could be because:
   1) I havn't looked very hard
   2) not enough data to examine
   3) It is from a high-level language that had a _very_good_ optimizer stage
   4) It _was_ written in assembler

my guess is 'structured assembler'.

Quote:
>                              RPSU001  CSECT
>000000  04    47F0F010                 B     16(,R15)
>000004  02    0BD9                     BSM   R13,R9
>000006  08    D7E2E4F0F0F14040         DC    C'PSU001  '
>00000E  02    4040                     DC    C'  '
>000010  04    90ECD00C                 STM   R14,R12,12(R13)          
>  SAVE REGS
>000014  02    05C0                     BALR  R12,R0                  
>  ADDRESS SET
>000016  04    58A01000                 L     R10,0(,R1)
>00001A  04    58901004                 L     R9,4(,R1)
>00001E  04    92F0A00F                 MVI   15(R10),C'0'
>000022  04    45E0C038                 BAL   R14,56(,R12)            
>  PERFORM
>000026  04    45E0C0D8                 BAL   R14,216(,R12)            
>  PERFORM
>00002A  04    95C5A00E                 CLI   14(R10),C'E'
>00002E  04    4770C024                 BNE   36(,R12)
>000032  04    45E0C112                 BAL   R14,274(,R12)            
>  PERFORM
>000036  04    47F0C02C                 B     44(,R12)
>00003A  04    45E0C13E                 BAL   R14,318(,R12)            
>  PERFORM
>00003E  04    47F0C02C                 B     44(,R12)
>000042  04    900FA010                 STM   R0,R15,16(R10)          
>  SAVE REGS
>000046  04    98ECD00C                 LM    R14,R12,12(R13)          
>  RESTORE REGS
>00004A  04    47FE0000                 B     0(R14)
>00004E  04    50E0A05C                 ST    R14,92(,R10)

>...
>... <lines deleted>
>...

>0000E4  04    4770C0D2                 BNE   210(,R12)
>0000E8  04    58E0A05C                 L     R14,92(,R10)
>0000EC  02    07FE                     BR    R14                      
>  EXIT
>0000EE  04    50E0A05C                 ST    R14,92(,R10)
>0000F2  06    D203A066A00A             MVC   102(4,R10),10(R10)
>0000F8  06    D603A066C3C2             OC    102(4,R10),962(R12)
>0000FE  06    F273A050A066             PACK  80(8,R10),102(4,R10)
>000104  04    4F10A050                 CVB   R1,80(,R10)
>000108  04    4210A06A                 STC   R1,106(,R10)
>00010C  02    1711                     XR    R1,R1
>00010E  02    1722                     XR    R2,R2
>000110  04    4310A06A                 IC    R1,106(,R10)
>000114  04    4320C1A6                 IC    R2,422(,R12)
>000118  02    1A12                     AR    R1,R2
>00011A  04    4210A06A                 STC   R1,106(,R10)
>00011E  04    47F0C10C                 B     268(,R12)
>000122  04    58E0A05C                 L     R14,92(,R10)
>000126  02    07FE                     BR    R14                      
>  EXIT
>000128  04    50E0A05C                 ST    R14,92(,R10)
>00012C  04    41109000                 LA    R1,0(,R9)
>000130  04    4820A064                 LH    R2,100(,R10)
>000134  04    4130C1BA                 LA    R3,442(,R12)
>000138  02    1744                     XR    R4,R4
>00013A  04    4340A06A                 IC    R4,106(,R10)
>00013E  02    1A34                     AR    R3,R4
>...
>... lines deleted
>...

>00014E  04    58E0A05C                 L     R14,92(,R10)
>000152  02    07FE                     BR    R14                      
>  EXIT
>000154  04    50E0A05C                 ST    R14,92(,R10)
>000158  04    45E0C166                 BAL   R14,358(,R12)            
>  PERFORM
>00015C  04    41109000                 LA    R1,0(,R9)
>...
>....
>...

>000172  04    4620C152                 BCT   R2,338(,R12)
>000176  04    58E0A05C                 L     R14,92(,R10)
>00017A  02    07FE                     BR    R14                      
>  EXIT
>00017C  04    50E0A060                 ST    R14,96(,R10)
>000180  04    4110A06B                 LA    R1,107(,R10)
>000184  04    41200100                 LA    R2,256
>000188  04    4130C1BA                 LA    R3,442(,R12)
>00018C  02    1744                     XR    R4,R4
>00018E  04    4340A06A                 IC    R4,106(,R10)
>000192  02    1A34                     AR    R3,R4
>000194  04    41500000                 LA    R5,0
>000198  02    1744                     XR    R4,R4
>00019A  04    43403000                 IC    R4,0(,R3)
>00019E  04    42541000                 STC   R5,0(R4,R1)
>0001A2  04    41303001                 LA    R3,1(,R3)
>0001A6  04    41505001                 LA    R5,1(,R5)
>0001AA  04    4620C184                 BCT   R2,388(,R12)
>0001AE  04    58E0A060                 L     R14,96(,R10)
>0001B2  02    07FE                     BR    R14                      
>  EXIT
>0001B4  01    A9                       DC    X'A9'
>0001B5  01    F8                       DC    C'8'
>0001B6  02    DD1B                     DC    X'DD1B'
>0001B8  04    018897AF                 DC    X'018897AF'
>0001BC  04    880CA9EE                 DC    X'880CA9EE'
>0001C0  02    3299                     DC    X'3299'
>0001C2  08    4040404040404040         DC    C'        '
>0001CA  02    4040                     DC    C'  '
>0001CC  04    00000000                 DC    F'0'
>0001D0  02    1012                     LPR   R1,R2
>0001D2  02    1416                     NR    R1,R6
>0001D4  02    181A                     LR    R1,R10
>0001D6  02    1C1E                     DC    H'7198'
>0001D8  02    1F1D                     SLR   R1,R13
>0001DA  02    1B19                     SR    R1,R9
>0001DC  04    17151311                 DC    X'17151311'
>0001E0  04    30323436                 DC    X'30323436'
>0001E4  04    383A3C3E                 DC    X'383A3C3E'
>0001E8  04    3F3D3B39                 DC    X'3F3D3B39'
>0001EC  04    37353331                 DC    X'37353331'
>0001F0  04    50525456                 ST    R5,1110(R2,R5)
>0001F4  04    585A5C5E                 L     R5,3166(R10,R5)
>0001F8  02    5F5D                     DC    X'5F5D'
>...
>...
>...

>00020B  01    79                       DC    X'79'
>00020C  04    77757371                 DC    X'77757371'
>000210  04    90929496                 STM   R9,R2,1174(R9)          
>  SAVE REGS
>000214  04    989A9C9E                 LM    R9,R10,3230(R9)          
>  RESTORE REGS

...

read more »



Sun, 22 Jan 2006 08:00:49 GMT  
 dissassembled code.
Sven,

 Thanks alot. I think I see what you did, you added
0x16 to the literals that where in there because
R12 became the base register at offset 0x16 it looks
like. With the addresses now making sense hopefull
that's a big step. I'll try to work it out tommorow
to see if it all makes sense and the addresses look right.
Does R12 stay as the base register throughout ? I wonder why it
started with R15 ? Me and my big mouth, they asked if anyone has ever
done assembly language and I volunteered I did some PDP macro 11 back
in the late 80's. Any Ideas on what I should figure out next ? Is
there a good
online instruction set doc I can work it out with ? What's a cheaper
book that might help ? One that is easy to follow but complete enough
?
Will 370 assembly language experience help my resume much ?

Quote:

> "bhagavad_guitar"  wrote

> > I was given a dissassembled program to work with and told the source
> > code
> > was missing. I wrote a linker in PDP macro 11 back in college, but
> > that was a very long time ago on a different instruction set.
> > They want me to figure out what this thing does. It's an encryption
> > program of some sort. I deleted some lines of code here and there
> > in the unlikely event they may not want me to post this here.
> > All I have for doc at the momement is stuff of www.simotime.com

> > Basicaly I see the first statement is a branch with a mask.
> > What does mask of 16 mean here ? In most places where there
> > is some sort of branch it uses R12, how can I tell what is in R12 ?
> > It doesn't appear that R12 is based on my CSECT base. It looks
> > like the offsets to branch to are decimal rather than hex.
> > There appears to be one main section of code, followed by
> > several subroutines or case statement parts followed by data
> > at the end where all the DC statements are. There appears to be
> > some load statements in the middle of the data blocks which
> > don't make sense as how could you branch out of them ?

> >  Anyone who thinks they can solve it in a snap and wants to
> > try, email me and I may be tempted to email you the full
> > source code as this may be a time consuming project.

> >  Is there any way to tell what language produced this ?
> > I was told assembly, but I don't know if they really know that.

> This source appears to be of a subprogram that is to be called
> from a (main) program which provides two arguments.

> I must add that the code itself looks rather "dangerous" as it depends
> upon the calling program to provide some of the addresses used
> internally in the subprogram. Unless there is a "safe" initialisation
> from the subprogram and unless the calling program is reliable in
> protecting the first argument (holding these addresses) such code
> is definitely to be avoided.

> I have taken the liberty to modify your code on the assumption that
> the language used is really IBM Assembly, but if someone has
> written this in assembly language it is very surprising how many
> places he has coded a branch to the immediately following
> statement. However, I know of no high-level language compiler
> that produces this kind of code. In particular the lacking local
> savearea is a strong indication that the source was indeed written
> directly in assembly language.

> You will find that I have replaced most addresses relative to R12
> with symbolic labels Lxxx where "xxx" is the offset into the module.

> hope this helps

> regards Sven

> >                               RPSU001  CSECT
>  USING *,R15
> > 000000  04    47F0F010                 B     L010
> > 000004  01    0B                     DC AL1(L'L005)
> > 000005  0B    D9D7E2E4F0F0F14040    L005     DC    CL11'RPSU001'
> > 000010  04    90ECD00C        L010         STM   R14,R12,12(R13)
> > 000014  02    05C0                     BALR  R12,R0        Establish base
> register for the module
>   DROP R15
>   USING *,R12
> > 000016  04    58A01000                 L     R10,0(,R1)   Load address of
>  first parameter
> > 00001A  04    58901004                 L     R9,4(,R1)   Load address of
>  second parameter
> > 00001E  04    92F0A00F                 MVI   15(R10),C'0'
> > 000022  04    45E0C038                 BAL   R14,L04E
> > 000026  04    45E0C0D8                 BAL   R14,L0EE
> > 00002A  04    95C5A00E                 CLI   14(R10),C'E'
> > 00002E  04    4770C024                 BNE   L03A
> > 000032  04    45E0C112                 BAL   R14,L128
> > 000036  04    47F0C02C                 B     L042
> > 00003A  04    45E0C13E        L03A         BAL   R14,L154
> > 00003E  04    47F0C02C                 B     L042
> > 000042  04    900FA010         L042        STM   R0,R15,16(R10)
> > 000046  04    98ECD00C                 LM    R14,R12,12(R13)
> > 00004A  04    47FE0000                 B      0(R14)
> > 00004E  04    50E0A05C       L04E          ST    R14,92(,R10)

> > ...
> > ... <lines deleted>
> > ...

> > 0000E4  04    4770C0D2                 BNE   L0E8
> > 0000E8  04    58E0A05C         L0E8        L     R14,92(,R10)
> > 0000EC  02    07FE                     BR    R14
> > 0000EE  04    50E0A05C              L0EE   ST    R14,92(,R10)
> > 0000F2  06    D203A066A00A             MVC   102(4,R10),10(R10)
> > 0000F8  06    D603A066C3C2             OC    102(4,R10),L3D8
> > 0000FE  06    F273A050A066             PACK  80(8,R10),102(4,R10)
> > 000104  04    4F10A050                 CVB   R1,80(,R10)
> > 000108  04    4210A06A                 STC   R1,106(,R10)
> > 00010C  02    1711                     XR    R1,R1
> > 00010E  02    1722                     XR    R2,R2
> > 000110  04    4310A06A                 IC    R1,106(,R10)
> > 000114  04    4320C1A6                 IC    R2,L1BC
> > 000118  02    1A12                     AR    R1,R2
> > 00011A  04    4210A06A                 STC   R1,106(,R10)
> > 00011E  04    47F0C10C                 B     L122
> > 000122  04    58E0A05C           L122      L     R14,92(,R10)
> > 000126  02    07FE                     BR    R14
> >   EXIT
> > 000128  04    50E0A05C           L128      ST    R14,92(,R10)
> > 00012C  04    41109000                 LA    R1,0(,R9)
> > 000130  04    4820A064                 LH    R2,100(,R10)
> > 000134  04    4130C1BA                 LA    R3,L1D0
> > 000138  02    1744                     XR    R4,R4
> > 00013A  04    4340A06A                 IC    R4,106(,R10)
> > 00013E  02    1A34                     AR    R3,R4
> > ...
> > ... lines deleted
> > ...

> > 00014E  04    58E0A05C                 L     R14,92(,R10)
> > 000152  02    07FE                     BR    R14
> >   EXIT
> > 000154  04    50E0A05C            L154     ST    R14,92(,R10)
> > 000158  04    45E0C166                 BAL   R14,L17C
> >   PERFORM
> > 00015C  04    41109000                 LA    R1,0(,R9)
> > ...
> > ....
> > ...
> > 000168                                        L168 EQU *

> > 000172  04    4620C152                 BCT   R2,L168
> > 000176  04    58E0A05C                 L     R14,92(,R10)
> > 00017A  02    07FE                     BR    R14
> >   EXIT
> > 00017C  04    50E0A060                L17C   ST    R14,96(,R10)
> > 000180  04    4110A06B                 LA    R1,107(,R10)
> > 000184  04    41200100                 LA    R2,256
> > 000188  04    4130C1BA                 LA    R3,L1D0
> > 00018C  02    1744                     XR    R4,R4
> > 00018E  04    4340A06A                 IC    R4,106(,R10)
> > 000192  02    1A34                     AR    R3,R4
> > 000194  04    41500000                 LA    R5,0
> > 000198  02    1744                     XR    R4,R4
> > 00019A  04    43403000            L19A     IC    R4,0(,R3)
> > 00019E  04    42541000                 STC   R5,0(R4,R1)
> > 0001A2  04    41303001                 LA    R3,1(,R3)
> > 0001A6  04    41505001                 LA    R5,1(,R5)
> > 0001AA  04    4620C184                 BCT   R2,L19A
> > 0001AE  04    58E0A060                 L     R14,96(,R10)
> > 0001B2  02    07FE                     BR    R14
> >   EXIT
> > 0001B4  01    A9                       DC    X'A9'
> > 0001B5  01    F8                       DC    C'8'
> > 0001B6  02    DD1B                     DC    X'DD1B'
> > 0001B8  04    018897AF                 DC    X'018897AF'
> > 0001BC  04    880CA9EE          L1BC       DC    X'880CA9EE'
> > 0001C0  02    3299                     DC    X'3299'
> > 0001C2  08    4040404040404040         DC    C'        '
> > 0001CA  02    4040                     DC    C'  '
> > 0001CC  04    00000000                 DC    F'0'
> > 0001D0  08    1012                    L1D0  DC X'10121416181A1C1E'
> > 0001D8  08    1F1D                         DC X'1F1D1B1917151311'
> > 0001E0  08    30323436                 DC    X'30323436383A3C3E'
> > 0001E8  08    3F3D3B39                 DC    X'3F3D3B3937353331'
> > 0001F0  08    50525456                 DC    X'50525456585A5C5E'
> > 0001F8  08    585A5C5E                 DC    X'5F5D5B5957555351'
> > ...
> > ...
> > ...
>  more data-areas built according to a system similar as for the fields above

> > 0003D0  08    F0F0F0F1F4F0F0F0         DC    C'00014000'
> > 0003D8  04    F0F0F0F0              L3D8   DC    C'0000'
> >                                        REQU
> >                                        END



Sun, 22 Jan 2006 11:00:24 GMT  
 dissassembled code.
Not sure they will pay to have it farmed out. I may be stuck.
What kind of effort is involved to make this into C ? I think it's
around 300 lines.
What would it cost ? Some division of some client company may have the
source code but may not want to give it up I guess. We are moving off
the mainframe
to some other platform. Any good books help me out ? One of those
short reference guides would be cheaper if they have them.
Quote:

> On 5 Aug 2003 13:59:23 -0700, bhagavad_guitar hath writ:
> > I was given a dissassembled program to work with and told the source
> > code was missing. I wrote a linker in PDP macro 11 back in college,
> > but that was a very long time ago on a different instruction set.
> >...
> > Basicaly I see the first statement is a branch with a mask.
> > What does mask of 16 mean here ?

> >                               RPSU001  CSECT
> > 000000  04    47F0F010                 B     16(,R15)

> You're in WAY over your head.
> That is NOT a "..mask of 16."  That is a DISPlacement of 16 beyond
> the address contained in the specified BASE register -- here R15.

> Get some qualified help.
> I'm probably available.

> Jonesy -- IBM Assembler since 1966



Sun, 22 Jan 2006 11:03:46 GMT  
 dissassembled code.
On 5 Aug 2003 20:00:24 -0700

: Any Ideas on what I should figure out next ?

In your original message, you said that you were asked to find out what the
program did. Because the program's behavior depends upon values set in the
passed parameters (e.g. CLI   14(R10),C'E') you are likely to learn more about
WHAT it does by examining the source code of the calling program (if it exists)
than you will by your current approach. Of course, if you are also supposed to
find out HOW it does it, then you will have to continue studying the
disassembly.

-- Chuck



Sun, 22 Jan 2006 13:29:23 GMT  
 dissassembled code.


:>I was given a dissassembled program to work with and told the source
:>code
:>was missing. I wrote a linker in PDP macro 11 back in college, but
:>that was a very long time ago on a different instruction set.
:>They want me to figure out what this thing does. It's an encryption
:>program of some sort. I deleted some lines of code here and there
:>in the unlikely event they may not want me to post this here.
:>All I have for doc at the momement is stuff of www.simotime.com

Writing a linker is not useful training to be able to disassemble programs,
even on the same instruction set.

:>Basicaly I see the first statement is a branch with a mask.
:>What does mask of 16 mean here ? In most places where there
:>is some sort of branch it uses R12, how can I tell what is in R12 ?
:>It doesn't appear that R12 is based on my CSECT base. It looks
:>like the offsets to branch to are decimal rather than hex.
:>There appears to be one main section of code, followed by
:>several subroutines or case statement parts followed by data
:>at the end where all the DC statements are. There appears to be
:>some load statements in the middle of the data blocks which
:>don't make sense as how could you branch out of them ?

As you do not have much knowledge of S390 assembler language, you are not the
correct person to be tasked to do this job.

A typical disaasembler program will try to guess if the data is instructions
or constants.

:> Anyone who thinks they can solve it in a snap and wants to
:>try, email me and I may be tempted to email you the full
:>source code as this may be a time consuming project.

I doubt anyone can solve it "in a snap".

To get useful disassembled source with comments would require a trained
professional. And it will not be cheap.

I would typically say that your best approach is to look at the calling
programs and figure out what the subroutine "should be" doing and start from
there. But if this was an encryption program you may have a true black box
which would require either making sure all encrypted data was decrypted before
supplying a new plug in or actually figuring out the algorithm.

:> Is there any way to tell what language produced this ?
:>I was told assembly, but I don't know if they really know that.

Does not look like any compiled language that I recognize.

--

http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel



Sun, 22 Jan 2006 15:08:11 GMT  
 dissassembled code.
"bhagavad_guitar"  wrote

Quote:
> Sven,

>  Thanks alot. I think I see what you did, you added
> 0x16 to the literals that where in there because
> R12 became the base register at offset 0x16 it looks
> like. With the addresses now making sense hopefull
> that's a big step. I'll try to work it out tommorow
> to see if it all makes sense and the addresses look right.
> Does R12 stay as the base register throughout ? I wonder why it
> started with R15 ? Me and my big mouth, they asked if anyone has ever
> done assembly language and I volunteered I did some PDP macro 11 back
> in the late 80's. Any Ideas on what I should figure out next ? Is
> there a good
> online instruction set doc I can work it out with ? What's a cheaper
> book that might help ? One that is easy to follow but complete enough
> ?
> Will 370 assembly language experience help my resume much ?

First of all you should try to get your hands on books titled something
like:
PRINCIPLES OF OPERATION (this is "the bible"!)
ASSEMBLER LANGUAGE REFERENCE
ASSEMBLER PROGRAMMING GUIDE
LINKAGE EDITOR  or LINKAGE EDITOR AND LOADER
SUPERVISOR SERVICES AND MACRO SERVICES
You may also need various other books on IBM macros.

Here you will learn things like:

When a program is entered then registers:
13 must point to a savearea (including how to set it up and use it)
14 must contain the return address
15 must contain the entry point address
1 must contain the address of a list of addresses to the arguments passed.

On return from the program all registers except 15, 0 and 1 must be
restored to their contents at entry, register 15 may contain a return code,
registers 0 (and 1) may contain returned function result values.

Note however that my experience lies almost 20 years back, much may
have happened to protocols since then although I doubt that these linkage
conventions can have changed much. IBM has always been famous for
preserving compatibility.

Now back to your program listing:

There is no general rule that R12 shall be a base register, the programmer
has simply selected that himself and loaded the base address with a
BALR 12,0 instruction. It is quite unlikely that he ever used this register
for something else, and as long as there are no instructions modifying this
register you can safely assume he has not. This will be evident by the
occurrences of addresses like xxx(12).

(I prefer another approach myself: I just copy register 15 into the selected
base register and have the simplification that all displacements are
relative
to the module load address).

One word of caution: None of the registers 14, 15, 0, 1 or 2 should ever
be selected as base registers! (For various reasons)

What to figure out next? I think the best approach is to continue the
analysis
I started and concentrate upon identifying where you have statements that
are to be executed and where you have data areas.

regards Sven



Sun, 22 Jan 2006 17:30:49 GMT  
 dissassembled code.

Quote:

> PRINCIPLES OF OPERATION (this is "the bible"!)
> ASSEMBLER LANGUAGE REFERENCE
> ASSEMBLER PROGRAMMING GUIDE
> LINKAGE EDITOR  or LINKAGE EDITOR AND LOADER
> SUPERVISOR SERVICES AND MACRO SERVICES

the "bible" has been the "red book" (although not available to
customers), which the principles of operation is a subset. the term
"red book" came from it being distributed in a red 3-ring binder.

starting around 1970 or so the red book was entered into cms
(cambridge monitor system) script file. all the interesting
engineering notes, instruction justification, model dependent
considerations, etc. are in the "red book" sections, with the
principle of operation sections interspersed.  depending on invokation
of cms script command, either the full red book would be printed or
just the principle of operations subset. You could somewhat tell the
transition in the principle of operations and other documents by
whether the boxes had connected lines or not. During that period,
script documents were most frequently printed on 1403/3211 printers
and the box diagrams wouldn't have solid, connected lines ... which
reappeared with 3800 printers.  The earliest "font" support by the
variously named cms script processors (gml, bookie, bookmaster, etc)
somewhat grew out of the script support for different 2741 selectric
typeballs (aka could manually switch selectric typeballs on the 2741
to get different character sets/fonts).

1970 was about the time that "G", "M", and "L" (all at the cambridge
scientic center), invented "gml" (note their initials) and the syntax
support was added to cms script.  The original script syntax is
runoff-like "dot" commands. during the '70s it was common to find lots
of cms script files that had "gml" and "dot" syntax intermixed in the
same document. of course, gml begat sgml, html, xml, etc. In the port
from 360/67 to 370, cp/67 was renamed vm/370 and cambridge monitor
system (cms) was renamed conversational monitor system (cms).

misc. cambrdige science center:
http://www.garlic.com/~lynn/subtopic.html#545tech

now, i have vaque memories of somebody talking about a custom chain
for 1403n1 ... that did have the characters that would produce solid
lines for boxes and other diagrams .... reportedly used for
engineering logic diagrams. however, some number of ibm publications
went thru the period where they were princted with boxes and diagrams
that didn't have solid, connected lines.

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm



Sun, 22 Jan 2006 22:19:53 GMT  
 dissassembled code.

Quote:
> the "bible" has been the "red book" (although not available to
> customers), which the principles of operation is a subset. the term
> "red book" came from it being distributed in a red 3-ring binder.

This term seems to live on at IBM in the technical manuals available
at

  http://redbooks.ibm.com/

The Principle of Operations for a number of architectures, including
the new z/Architecture is available as PDFs.

MC



Sun, 22 Jan 2006 23:18:04 GMT  
 dissassembled code.
Well,

we're dealing with management here, they haven't given me anything more as of yet.


Quote:
> On 5 Aug 2003 20:00:24 -0700

> : Any Ideas on what I should figure out next ?

> In your original message, you said that you were asked to find out what the
> program did. Because the program's behavior depends upon values set in the
> passed parameters (e.g. CLI   14(R10),C'E') you are likely to learn more about
> WHAT it does by examining the source code of the calling program (if it exists)
> than you will by your current approach. Of course, if you are also supposed to
> find out HOW it does it, then you will have to continue studying the
> disassembly.

> -- Chuck



Mon, 23 Jan 2006 00:46:06 GMT  
 dissassembled code.
On 5 Aug 2003 20:03:46 -0700, bhagavad_guitar hath writ:

Quote:
> Not sure they will pay to have it farmed out. I may be stuck.

I understand.  Been there - got closets full of Tee-shirts.
There's never enough time nor money to "Do It Right".  But, there
always seems to be limitless funds and available time to hack,
patch, re-hack, re-patch ... ad infinitum.

Quote:
> What kind of effort is involved to make this into C ? I think it's
> around 300 lines.

I would not hazard a guess.  C programs are tough enough to write
under Good Project Management guidelines.  This would have all
the makings for a *disaster*.

I wish you well.

Jonesy
--
  | Marvin L Jones       | jonz         |  W3DHJ   |  OS/2

  |   7,703' -- 2,345m   |   config.com |  DM68mn             SK



Mon, 23 Jan 2006 02:16:18 GMT  
 dissassembled code.

Quote:



> >I was given a dissassembled program to work with and told the source code
> >was missing.

> If the listing is *all* you have to work with, you've got _real_ problems.

> The typical work-cycle involves _repeated_ dissasembly of the module,
> utilizing a growing "hints" file -- that allows you to assign USING pseudo-
> ops, symbolic _names_ to addresses, and to -force- specified areas of data
> to be interpreted in the desired form/format -- e.g. 'instruction', 'data',
> etc.

> >             I wrote a linker in PDP macro 11 back in college, but
> >that was a very long time ago on a different instruction set.
> >They want me to figure out what this thing does. It's an encryption
> >program of some sort. I deleted some lines of code here and there
> >in the unlikely event they may not want me to post this here.
> >All I have for doc at the momement is stuff of www.simotime.com

> >Basicaly I see the first statement is a branch with a mask.
> >What does mask of 16 mean here ?

> Consult your green/yellow card.  or the POPS book.   <grin>

> A hazard of using a 'dumb' disassembler -- that doesn't back-code to
> "extended" mmemonics for conditional branch instructions.   :)

> >                                 In most places where there
> >is some sort of branch it uses R12, how can I tell what is in R12 ?
> >It doesn't appear that R12 is based on my CSECT base. It looks
> >like the offsets to branch to are decimal rather than hex.

> yes, that's how -that- disassembler is showing them, it appears.

> >There appears to be one main section of code, followed by
> >several subroutines or case statement parts followed by data
> >at the end where all the DC statements are. There appears to be
> >some load statements in the middle of the data blocks which
> >don't make sense as how could you branch out of them ?

> What you see is "artifact" of the dis-assembly process.

> *lots* of stuff gets 'mis-identified' by dissasemblers.  Starting at the
> very -beginning- of the listing, for example.

 I had a feeling about that as it didn't make sense. However aside
from that stuff in the middle of what appears to be a block of data,
could I assume most of the other instructions are accurate ?

- Show quoted text -

Quote:

> This is what the dis-assembler 'hints' file is used to 'fix'.

> The second instruction is virtually certain *not* to be an instruction.
> Byte 4 looks to be the -length- of the string starting at byte 5
> The 'D9' at byte 5 is almost certianly the start of the char string constant
> "RPSU001    "

> Given that, then, at offset 0, you have an 'unconditional jump' around the
> module name.   This 'preamble' -could- be high-level-language generated, or
> a 'convention' in the originating shop.  For no good reason, I favor the latter
> interpretation.  <grin>

> address 10 is traditional 'entry point' code
> at address 16, you've got "fetch passed parameter (addresses)" for 2 parameters,
> and set a character '0' at  offset 15 (decimal) in the 1st passed param.

> > Anyone who thinks they can solve it in a snap

> No chance.  the discipline is 'reverse engineering', is inevitably time-
> consuming, requiring a trained eyeball, _and_ a particular kind of 'warped'
> mind-set.  (it's actually a cousin of intergral calculus)

> The data blocks at the end of the listing are reminiscent of a table-lookup
> CRC-16 calculation.  *VERY* reminiscent.  

> >                                               and wants to
> >try, email me and I may be tempted to email you the full
> >source code as this may be a time consuming project.

> not 'may be', *will*.

> > Is there any way to tell what language produced this ?

> *NOT* with any reasonable degree of certainty.  an 'educated' guess is
> sometimes possible.

> >I was told assembly, but I don't know if they really know that.

> I don't see anything that _looks_ like high-level language constructs.
> This could be because:
>    1) I havn't looked very hard
>    2) not enough data to examine
>    3) It is from a high-level language that had a _very_good_ optimizer stage
>    4) It _was_ written in assembler

> my guess is 'structured assembler'.

> >                              RPSU001  CSECT
> >000000  04    47F0F010                 B     16(,R15)
> >000004  02    0BD9                     BSM   R13,R9
> >000006  08    D7E2E4F0F0F14040         DC    C'PSU001  '
> >00000E  02    4040                     DC    C'  '
> >000010  04    90ECD00C                 STM   R14,R12,12(R13)          
> >  SAVE REGS
> >000014  02    05C0                     BALR  R12,R0                  
> >  ADDRESS SET
> >000016  04    58A01000                 L     R10,0(,R1)
> >00001A  04    58901004                 L     R9,4(,R1)
> >00001E  04    92F0A00F                 MVI   15(R10),C'0'
> >000022  04    45E0C038                 BAL   R14,56(,R12)            
> >  PERFORM
> >000026  04    45E0C0D8                 BAL   R14,216(,R12)            
> >  PERFORM
> >00002A  04    95C5A00E                 CLI   14(R10),C'E'
> >00002E  04    4770C024                 BNE   36(,R12)
> >000032  04    45E0C112                 BAL   R14,274(,R12)            
> >  PERFORM
> >000036  04    47F0C02C                 B     44(,R12)
> >00003A  04    45E0C13E                 BAL   R14,318(,R12)            
> >  PERFORM
> >00003E  04    47F0C02C                 B     44(,R12)
> >000042  04    900FA010                 STM   R0,R15,16(R10)          
> >  SAVE REGS
> >000046  04    98ECD00C                 LM    R14,R12,12(R13)          
> >  RESTORE REGS
> >00004A  04    47FE0000                 B     0(R14)

> >00004E  04    50E0A05C                 ST    R14,92(,R10)

> >...
> >... <lines deleted>
> >...

> >0000E4  04    4770C0D2                 BNE   210(,R12)
> >0000E8  04    58E0A05C                 L     R14,92(,R10)
> >0000EC  02    07FE                     BR    R14                      
> >  EXIT
> >0000EE  04    50E0A05C                 ST    R14,92(,R10)
> >0000F2  06    D203A066A00A             MVC   102(4,R10),10(R10)
> >0000F8  06    D603A066C3C2             OC    102(4,R10),962(R12)
> >0000FE  06    F273A050A066             PACK  80(8,R10),102(4,R10)
> >000104  04    4F10A050                 CVB   R1,80(,R10)
> >000108  04    4210A06A                 STC   R1,106(,R10)
> >00010C  02    1711                     XR    R1,R1
> >00010E  02    1722                     XR    R2,R2
> >000110  04    4310A06A                 IC    R1,106(,R10)
> >000114  04    4320C1A6                 IC    R2,422(,R12)
> >000118  02    1A12                     AR    R1,R2
> >00011A  04    4210A06A                 STC   R1,106(,R10)
> >00011E  04    47F0C10C                 B     268(,R12)
> >000122  04    58E0A05C                 L     R14,92(,R10)
> >000126  02    07FE                     BR    R14                      
> >  EXIT
> >000128  04    50E0A05C                 ST    R14,92(,R10)
> >00012C  04    41109000                 LA    R1,0(,R9)
> >000130  04    4820A064                 LH    R2,100(,R10)
> >000134  04    4130C1BA                 LA    R3,442(,R12)
> >000138  02    1744                     XR    R4,R4
> >00013A  04    4340A06A                 IC    R4,106(,R10)
> >00013E  02    1A34                     AR    R3,R4
> >...
> >... lines deleted
> >...

> >00014E  04    58E0A05C                 L     R14,92(,R10)
> >000152  02    07FE                     BR    R14                      
> >  EXIT
> >000154  04    50E0A05C                 ST    R14,92(,R10)
> >000158  04    45E0C166                 BAL   R14,358(,R12)            
> >  PERFORM
> >00015C  04    41109000                 LA    R1,0(,R9)
> >...
> >....
> >...

> >000172  04    4620C152                 BCT   R2,338(,R12)
> >000176  04    58E0A05C                 L     R14,92(,R10)
> >00017A  02    07FE                     BR    R14                      
> >  EXIT
> >00017C  04    50E0A060                 ST    R14,96(,R10)
> >000180  04    4110A06B                 LA    R1,107(,R10)
> >000184  04    41200100                 LA    R2,256
> >000188  04    4130C1BA                 LA    R3,442(,R12)
> >00018C  02    1744                     XR    R4,R4
> >00018E  04    4340A06A                 IC    R4,106(,R10)
> >000192  02    1A34                     AR    R3,R4
> >000194  04    41500000                 LA    R5,0
> >000198  02    1744                     XR    R4,R4
> >00019A  04    43403000                 IC    R4,0(,R3)
> >00019E  04    42541000                 STC   R5,0(R4,R1)
> >0001A2  04    41303001                 LA    R3,1(,R3)
> >0001A6  04    41505001                 LA    R5,1(,R5)
> >0001AA  04    4620C184                 BCT   R2,388(,R12)
> >0001AE  04    58E0A060                 L     R14,96(,R10)
> >0001B2  02    07FE                     BR    R14                      
> >  EXIT
> >0001B4  01    A9                       DC    X'A9'
> >0001B5  01    F8                       DC    C'8'
> >0001B6  02    DD1B                     DC    X'DD1B'
> >0001B8  04    018897AF                 DC    X'018897AF'
> >0001BC  04    880CA9EE                 DC    X'880CA9EE'
> >0001C0  02    3299                     DC    X'3299'
> >0001C2  08    4040404040404040         DC    C'        '
> >0001CA  02    4040                     DC    C'  '
> >0001CC  04    00000000                 DC    F'0'
> >0001D0  02    1012                     LPR   R1,R2
> >0001D2  02    1416                     NR    R1,R6
> >0001D4  02    181A                     LR    R1,R10
> >0001D6  02    1C1E                     DC    H'7198'
> >0001D8  02    1F1D                     SLR   R1,R13
> >0001DA  02    1B19                     SR    R1,R9
> >0001DC  04    17151311                

...

read more »



Mon, 23 Jan 2006 03:15:47 GMT  
 dissassembled code.

Quote:
> now, i have vaque memories of somebody talking about a custom
chain
> for 1403n1 ... that did have the characters that would produce
solid
> lines for boxes and other diagrams .... reportedly used for
> engineering logic diagrams. however, some number of ibm
publications
> went thru the period where they were princted with boxes and
diagrams
> that didn't have solid, connected lines.

The 1403 couldn't print solid horizontal lines simply because
there were gaps between the print hammers (one hammer for each of
the 132 print positions). Solid vertical lines were possible with
the TN type-train, but only if you set the line-spacing at 8
lines per inch, which produced somewhat ugly printouts, as a
rule.

There was a special side-ways printing train with all the
characters rotated 90 degrees that was used for printing ALDs and
microcode flow diagrams. This one could produce solid horizontal
lines (which were really vertical, from the printer's
perspective), but still-interrupted vertical ones, on account of
the aforementioned gap between hammers. When using this train,
the line-spacing was supposed to be set to 15 Lines per inch
(yielding characters per inch, rotated, by 10 lines per inch,
based on the hammer spacing.

The "name" of this type-train was designated as "ESID" IIRC. I
never knew what the letters stood for, but they were an anagram
for "SIDE". In OS/360, type-train names were limited to four
characters. Something about too little room in the JFCB record in
the job queue.



Mon, 23 Jan 2006 04:13:11 GMT  
 
 [ 25 post ]  Go to page: [1] [2]

 Relevant Pages 

1. P-code, T-code, and Uni-Code Intermediate Languages

2. P-code, T-code and Uni-Code Intermediate Languages

3. Example of Python code (C code to Python code)

4. Good code/bad code & looping

5. Good code/bad code & looping

6. Binary Gray Code - code example

7. VW: Method and code branch tracing to validate code tests

8. Generator yielding unwanted code - code.txt (1/1)

9. Generator yielding unwanted code - code.txt (0/1)

10. Need Help: Converting Clarion DOS Code to CW Code

11. Escape codes / printing a document with embedded escape codes

12. Is it possible to generate code (as C or C++ code) from a LabView diagram

 

 
Powered by phpBB® Forum Software