medusa icon indicating copy to clipboard operation
medusa copied to clipboard

Question: FormatDisassembly

Open saeschdivara opened this issue 10 years ago • 14 comments


I was trying to print out every single line of the disassembly with formating. It got really slow in the following method:

// OPTIMIZEME: This function could be very time consumming (use deque?)
bool MappedMemoryArea::_GetPreviousCellOffset(TOffset Offset, TOffset& rPreviousOffset) const
  while (Offset != 0x0)
    if (m_Cells[Offset] != nullptr)
      rPreviousOffset = Offset;
      return true;

  return false;

Now my question is if I can just switch the type of m_Cells to a deque or do I need to change something else?

saeschdivara avatar Feb 13 '15 15:02 saeschdivara

Hey Sascha,

I need more details in order to help you, for instance: why do you need to get the previous address? If you're looking for an example to disassemble everything, you might want to take a look at Let me know if it what you are looking for. :)

wisk avatar Feb 13 '15 20:02 wisk

Well, maybe I have totally wrong idea how to print out the whole code formatted:

    medusa::Address FirstAddr = _medusa.GetDocument().GetFirstAddress();
    medusa::Address LastAddr  = _medusa.GetDocument().GetLastAddress();

    medusa::PrintData Print;
    medusa::FormatDisassembly FmtDisasm(_medusa, Print);

    medusa::u32 m_FormatFlags = medusa::FormatDisassembly::ShowAddress |
                        medusa::FormatDisassembly::AddSpaceBeforeXref |

    QFile assemblyFile("test.asm");
    if (! | QIODevice::Text))

    qDebug() << "Created file at: " << assemblyFile.fileName();

    QTextStream out(&assemblyFile);

    int iLineNumber = 0;

    while (FirstAddr != LastAddr) {

        while (!_medusa.GetDocument().GetNextAddress(FirstAddr, FirstAddr))
            qDebug() << "Nothing found at " << FirstAddr.GetOffset();

        FmtDisasm(FirstAddr, m_FormatFlags, 1);

        std::string Line = Print.GetTexts();
        out << QString::fromStdString(Line);


        if (iLineNumber == 100) {
            iLineNumber = 0;


I just created a menu item to be able to activate it after all the work is done. I want a normal assembly file to be able to analyse it further with maybe something else...

saeschdivara avatar Feb 14 '15 11:02 saeschdivara

Your code looks good to me, is your code slower than medusa_text? Actually dumping disassembled text is quite long, especially here since Medusa has to re-disassemble instruction each time it's necessary. I like your idea to be able to save disassembled code into a file, unfortunately I cannot add this feature right now since it would require to implement blocking asynchronous task.

wisk avatar Feb 14 '15 14:02 wisk

Well, it hasn't finished after 12 hours for the same file I have giving you a link to... So it is very slow. The file is 316.4 mb big. I will try it now for myself.

saeschdivara avatar Feb 14 '15 17:02 saeschdivara

wow 12 hours, something bad happens. :p Could you check addresses on the log file? I suspect Document::GetNextAddress fails and always returns the same address. That would explain the endless loop.

wisk avatar Feb 14 '15 18:02 wisk

Well, I guess that must be true... I have updated my code so it may perform better but I am not sure if it really works:

class MemoryDisAssemblerTask : public QRunnable

    MemoryDisAssemblerTask(medusa::Medusa * medusa, medusa::Address const rAddress)
        : m_pMedusa(medusa), m_Address(rAddress) {

    void run()
        medusa::MemoryArea const* rMemArea = m_pMedusa->GetDocument().GetMemoryArea(m_Address);

        qDebug() << "Hello world from thread" << QThread::currentThread();
        qDebug() << m_Address.GetOffset();

        QString assemblyName = QString::fromStdString( rMemArea->GetName() ) + QString(".asm");

        if (assemblyName.startsWith('.')) {
            assemblyName = QString("sec_") + assemblyName;

        QFile assemblyFile(assemblyName);
        if (! | QIODevice::Text))

        QTextStream out(&assemblyFile);

        qDebug() << "Created file at: " << assemblyFile.fileName();

        medusa::Address FirstAddr = m_Address;

        int iLineNumber = 0;

        std:string MemoryName = rMemArea->GetName();

        medusa::PrintData Print;
        medusa::FormatDisassembly FmtDisasm(*m_pMedusa, Print);

        medusa::u32 m_FormatFlags = medusa::FormatDisassembly::ShowAddress |
                            medusa::FormatDisassembly::AddSpaceBeforeXref |

        QString qMemoryName = QString::fromStdString(MemoryName);

        medusa::TOffset EndOffset = FirstAddr.GetOffset() + rMemArea->GetSize();
        qDebug() << qMemoryName << " EndOffset: " << EndOffset;

        while (true) {
            qDebug() << qMemoryName << FirstAddr.GetOffset();

            FmtDisasm(FirstAddr, m_FormatFlags, 1);

            std::string Line = Print.GetTexts();
            out << QString::fromStdString(Line);


            if (iLineNumber == 1000) {
                iLineNumber = 0;

            if (FirstAddr.GetOffset() == EndOffset) {
                qDebug() << "We are at the end of " << qMemoryName;

            if (!m_pMedusa->GetDocument().GetNextAddress(FirstAddr, FirstAddr)) {
                qDebug() << "Nothing found for " << qMemoryName;


    medusa::Address m_Address;
    medusa::Medusa * m_pMedusa;

void MainWindow::on_actionSimpleAction_triggered()
    _medusa.GetDocument().ForEachMemoryArea([&](medusa::MemoryArea const& rMemArea)
        MemoryDisAssemblerTask *hello = new MemoryDisAssemblerTask(


saeschdivara avatar Feb 16 '15 14:02 saeschdivara

It looks great, feel free to include this feature on medusa. :)

wisk avatar Feb 16 '15 21:02 wisk

Well, it is not yet finish since there are still some problems but I think I can fix most and than I can make a pull request

saeschdivara avatar Feb 17 '15 07:02 saeschdivara

Is it correct that only with this code, I can check where the end of the section is:

if (!rMemArea->GetNextAddress(FirstAddr, FirstAddr)) {
                qDebug() << "Nothing found for " << qMemoryName;

saeschdivara avatar Feb 17 '15 11:02 saeschdivara

Actually, no since Document::GetNextAddress method should handle the case when the next address is located in the next MemoryArea (i.e. Section in PE case). To tell the truth, I'm not very confident regarding the reliability of this method (actual implementation is located in both bool TextDatabase::_MoveAddressForward(Address const& rAddress, Address& rMovedAddress, s64 Offset) const and bool TextDatabase::_MoveAddressBackward(Address const& rAddress, Address& rMovedAddress, s64 Offset) const). It may explain why it doesn't work when you only rely on it. If you find a special case (executable + address) where it doesn't work as expected, feel free to share, I'll provide a fix ASAP.

wisk avatar Feb 17 '15 12:02 wisk

Well, how could I check manually if it stops correctly?

saeschdivara avatar Feb 17 '15 13:02 saeschdivara

I think it works correctly but my exe-file is about 25mb in size. And that many instructions writing down is not that fast as it seems...

saeschdivara avatar Feb 18 '15 15:02 saeschdivara

Probably not the better way, but that's what I would do: let it run several minutes (e.g. 30 minutes), and attach a debugger to see what actually happens. This method sucks but it's simple. BTW: Your executable looks really heavy :) I think it embeds a lot of data which slow medusa down.

wisk avatar Feb 18 '15 17:02 wisk

I think that too because during the storing I almost only see db instructions ;)

saeschdivara avatar Feb 19 '15 08:02 saeschdivara