search

rizinorg / cutter

Free and Open Source Reverse Engineering Platform powered by rizin
https://cutter.re
GNU General Public License v3.0
15.6k stars 1.14k forks source link

Enhance assembly reading/learning #2503

Open lattice0 opened 3 years ago

lattice0 commented 3 years ago

I think Cutter could be more friendly with people new on reverse engineering and assembly.

I activated assembly comments on each instruction and unfortunate it does not show from which register to which register the data is moving, for example.

When you switch between different architectures and different syntaxes it's hard to remember which are the source and destination registers or operands.

I then discovered that activating assembly pseudocode kinda shows this information about which register goes from where, but then I don't see the actual instruction, which is also important if I want to learn what each instruction does.

So, it would be nice to have either or both:

1 - comments with more precise description about which register/data is source and destination

2 - show assembly pseudocode AND instruction side by side, not just one or another

In the near future we might be working with RISC-V, ARM and AMD64 at the same time. Even professionals might use this to quickly learn new architectures, and even learn all the RISC-V extensions

ITAYC0HEN commented 3 years ago

Hi Lucas, thanks for the suggestion! :) Indeed we in Cutter are also trying to be as friendly to beginners as we can. The instruction descriptions and the pseudo code are one of the things we have that aid reverses understand the instruction set. The descriptions we use by default are coming from *.sdb.txt file from the Rizin repository. Take for example the instruction descriptions for x86 from Rizin. Some instructions are generic because the opcodes can vary and it is no probable to store descriptions for every combination of registers that can be used. The descriptions are available for everyone to modify, extend and improve so in case you spot a specific instruction description that isn't sufficient, we'd love help with improving it on Rizin.

In a way, I think that we expect the users to know the basics of the language they are about to reverse engineer, at least the syntax. For example, we can expect the users to know the locations of the source and destination registers. Users who analyze x86 with the intel syntax should understand that in the instruction mov eax, edx the value in the source register edx is moved to the destination register eax. Assuming that the users do not know the syntax is problematic.

So combining the instruction description, with the knowledge of the used syntax, should be enough. For example, the following description used "src" and "dst" instead of naming the registers.

0x00005b91    mov rax, rsi        ; moves data from src to dst

In addition to all this, we do invite the community to come up with solutions, some of them are plugins, like CutterRef and AssemblyReference that can be found on our Cutter-Plugins curated list.

Regarding your second suggestion, of showing the instructions in place, and in the comments show the pseudocode, this is something that needs to be evaluated in Rizin and not in Cutter. I personally don't find it necessary for the reasons I mentioned above.

Thank you once again!