In a previous discussion, Tim Newsham said
“I would like to see someone reverse engineer some small Haskell programs. The compilation techniques are totally foreign to anyone familiar with standard imperative languages and there are no tools designed specifically for the task.”
He then provided a link to some examples to analyze. Another commenter brought up Standard ML, another functional language. (I assume he means the NJ Standard ML implementation, but it could also be OCaml or Moscow ML as Dan Moniz pointed out.) Tim responded:
“I don’t know entirely. I’m not familiar with ML compiler implementation. They could use similar compilation techniques, but might not. ML is not ‘pure’ (and additionally is strict) so the compilation techniques might be different.”
He also provided links to a couple papers on implementing compilers for functional language. One commenter took a brief look at Tim’s examples:
“I took a look. The compiled Haskell is definitely different from the compiled ML I looked at. Roughly the same order of magnitude as to how terrible it was, though. Mine actually used Peano arithmetic on lists for simple arithmetic operations. What was funny was the authors of that program bragging about how algorithmically fast their technology was. I couldn’t help but think, after examining some entire functions and finding that all of the code was dead except for a tiny fraction of the instructions, how much a decent back-end (something with constant propagation and dead-code elimination) could have improved the runtime performance.”
Since one common obfuscation technique is to implement a VM and then write your protection code in that enviroment, how obfuscated is compiled object code from standard functional programming languages?
rdist 
well i also took a look at that a.out in the previous post with gdb it seems to be perfectly debuggable in gdb
tim do you have a stripped sstripped elfkicked
sort of reverseme compiled in haskell
i would like to take a look at it and see how tough it is to really find a pasword for name
Nate feel free to cut edit delete beautify the following crap output from session on the a.out
:~/haskell> ls a.out :~/haskell> gdb -q a.out (no debugging symbols found)...gdb $ context-on gdb $ break main Breakpoint 1 at 0x8085264 gdb $ set args 7 gdb $ =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2007.04.29 10:49:18 =~=~=~=~=~=~=~=~=~=~=~= r + -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000246 esi:40018420 edi:BFFFD354 esp:BFFFD304 ebp:BFFFD308 eip:08085264 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I t s Z a P c [002B:BFFFD304]---------------------------------------------------------[stack] BFFFD334 : 02 00 00 00 54 D3 FF BF - 2C 92 09 08 74 92 09 08 ....T...,...t... BFFFD324 : 20 99 04 08 00 00 00 00 - 41 99 04 08 60 52 08 08 .......A...`R.. BFFFD314 : 54 D3 FF BF 60 D3 FF BF - A0 8B 01 40 02 00 00 00 T...`......@.... BFFFD304 : D8 EF 1A 40 28 D3 FF BF - 17 4D 09 40 02 00 00 00 ...@(....M.@.... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085264]---------------------------------------------------------[ code] 0x8085264 :sub esp,0x4 0x8085267 :and esp,0xfffffff0 0x808526a :sub esp,0x4 0x808526d :push 0x804a8e0 0x8085272 :push DWORD PTR [ebp+12] 0x8085275 :push DWORD PTR [ebp+8] ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. Breakpoint 1, 0x08085264 in main () gdb $ disassemble Dump of assembler code for function main: 0x08085260 :push ebp 0x08085261 :mov ebp,esp 0x08085263 :push ebx 0x08085264 :sub esp,0x4 0x08085267 :and esp,0xfffffff0 0x0808526a : sub esp,0x4 0x0808526d : push 0x804a8e0 0x08085272 : push DWORD PTR [ebp+12] 0x08085275 : push DWORD PTR [ebp+8] 0x08085278 : call 0x80864d3 0x0808527d : call 0x80858dc 0x08085282 : add esp,0x8 0x08085285 : push 0x0 0x08085287 : push 0x80ab3c4 0x0808528c : call 0x80857a2 0x08085291 : mov ebx,eax 0x08085293 : call 0x80858dd 0x08085298 : add esp,0x10 0x0808529b : cmp ebx,0x2 0x0808529e : je 0x80852b3 0x080852a0 : cmp ebx,0x2 0x080852a3 : ja 0x80852ac 0x080852a5 : cmp ebx,0x1 0x080852a8 : je 0x80852de 0x080852aa : jmp 0x80852e5 0x080852ac : cmp ebx,0x3 0x080852af : je 0x80852c7 0x080852b1 : jmp 0x80852e5 0x080852b3 : sub esp,0xc 0x080852b6 : push 0x80a5918 0x080852bb : call 0x808629b 0x080852c0 : mov eax,0xfa 0x080852c5 : jmp 0x80852d9 0x080852c7 : sub esp,0xc 0x080852ca : push 0x80a5985 0x080852cf : call 0x808629b 0x080852d4 : mov eax,0xfc 0x080852d9 : add esp,0x10 0x080852dc : jmp 0x80852f2 0x080852de : mov eax,0x0 0x080852e3 : jmp 0x80852f2 0x080852e5 : sub esp,0xc 0x080852e8 : push 0x80a5940 0x080852ed : call 0x8086248 0x080852f2 : sub esp,0xc 0x080852f5 : push eax 0x080852f6 : call 0x808666f 0x080852fb : mov eax,0x0 0x08085300 : mov ebx,DWORD PTR [ebp-4] 0x08085303 : leave 0x08085304 : ret 0x08085305 : nop 0x08085306 : nop 0x08085307 : nop End of assembler dump. gdb $ ni -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD300 ebp:BFFFD308 eip:08085267 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD300]---------------------------------------------------------[stack] BFFFD330 : 60 52 08 08 02 00 00 00 - 54 D3 FF BF 2C 92 09 08 `R......T...,... BFFFD320 : 02 00 00 00 20 99 04 08 - 00 00 00 00 41 99 04 08 .... .......A... BFFFD310 : 02 00 00 00 54 D3 FF BF - 60 D3 FF BF A0 8B 01 40 ....T...`......@ BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085267]---------------------------------------------------------[ code] 0x8085267 :and esp,0xfffffff0 0x808526a :sub esp,0x4 0x808526d :push 0x804a8e0 0x8085272 :push DWORD PTR [ebp+12] 0x8085275 :push DWORD PTR [ebp+8] 0x8085278 :call 0x80864d3 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085267 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD300 ebp:BFFFD308 eip:0808526A cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD300]---------------------------------------------------------[stack] BFFFD330 : 60 52 08 08 02 00 00 00 - 54 D3 FF BF 2C 92 09 08 `R......T...,... BFFFD320 : 02 00 00 00 20 99 04 08 - 00 00 00 00 41 99 04 08 .... .......A... BFFFD310 : 02 00 00 00 54 D3 FF BF - 60 D3 FF BF A0 8B 01 40 ....T...`......@ BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:0808526A]---------------------------------------------------------[ code] 0x808526a :sub esp,0x4 0x808526d :push 0x804a8e0 0x8085272 :push DWORD PTR [ebp+12] 0x8085275 :push DWORD PTR [ebp+8] 0x8085278 :call 0x80864d3 0x808527d :call 0x80858dc ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x0808526a in main () gdb $ -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000396 esi:40018420 edi:BFFFD354 esp:BFFFD2FC ebp:BFFFD308 eip:0808526D cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z A P c [002B:BFFFD2FC]---------------------------------------------------------[stack] BFFFD32C : 41 99 04 08 60 52 08 08 - 02 00 00 00 54 D3 FF BF A...`R......T... BFFFD31C : A0 8B 01 40 02 00 00 00 - 20 99 04 08 00 00 00 00 ...@.... ....... BFFFD30C : 17 4D 09 40 02 00 00 00 - 54 D3 FF BF 60 D3 FF BF .M.@....T...`... BFFFD2FC : D8 EF 1A 40 20 84 01 40 - D8 EF 1A 40 28 D3 FF BF ...@ ..@...@(... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:0808526D]---------------------------------------------------------[ code] 0x808526d :push 0x804a8e0 0x8085272 :push DWORD PTR [ebp+12] 0x8085275 :push DWORD PTR [ebp+8] 0x8085278 :call 0x80864d3 0x808527d :call 0x80858dc 0x8085282 :add esp,0x8 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x0808526d in main () gdb $ -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000396 esi:40018420 edi:BFFFD354 esp:BFFFD2F8 ebp:BFFFD308 eip:08085272 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z A P c [002B:BFFFD2F8]---------------------------------------------------------[stack] BFFFD328 : 00 00 00 00 41 99 04 08 - 60 52 08 08 02 00 00 00 ....A...`R...... BFFFD318 : 60 D3 FF BF A0 8B 01 40 - 02 00 00 00 20 99 04 08 `......@.... ... BFFFD308 : 28 D3 FF BF 17 4D 09 40 - 02 00 00 00 54 D3 FF BF (....M.@....T... BFFFD2F8 : E0 A8 04 08 D8 EF 1A 40 - 20 84 01 40 D8 EF 1A 40 .......@ ..@...@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085272]---------------------------------------------------------[ code] 0x8085272 :push DWORD PTR [ebp+12] 0x8085275 :push DWORD PTR [ebp+8] 0x8085278 :call 0x80864d3 0x808527d :call 0x80858dc 0x8085282 :add esp,0x8 0x8085285 :push 0x0 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085272 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000396 esi:40018420 edi:BFFFD354 esp:BFFFD2F4 ebp:BFFFD308 eip:08085275 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z A P c [002B:BFFFD2F4]---------------------------------------------------------[stack] BFFFD324 : 20 99 04 08 00 00 00 00 - 41 99 04 08 60 52 08 08 .......A...`R.. BFFFD314 : 54 D3 FF BF 60 D3 FF BF - A0 8B 01 40 02 00 00 00 T...`......@.... BFFFD304 : D8 EF 1A 40 28 D3 FF BF - 17 4D 09 40 02 00 00 00 ...@(....M.@.... BFFFD2F4 : 54 D3 FF BF E0 A8 04 08 - D8 EF 1A 40 20 84 01 40 T..........@ ..@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085275]---------------------------------------------------------[ code] 0x8085275 :push DWORD PTR [ebp+8] 0x8085278 :call 0x80864d3 0x808527d :call 0x80858dc 0x8085282 :add esp,0x8 0x8085285 :push 0x0 0x8085287 :push 0x80ab3c4 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085275 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:00000002 ebx:401AEFD8 ecx:080AB000 edx:401B0490 eflags:00000396 esi:40018420 edi:BFFFD354 esp:BFFFD2F0 ebp:BFFFD308 eip:08085278 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z A P c [002B:BFFFD2F0]---------------------------------------------------------[stack] BFFFD320 : 02 00 00 00 20 99 04 08 - 00 00 00 00 41 99 04 08 .... .......A... BFFFD310 : 02 00 00 00 54 D3 FF BF - 60 D3 FF BF A0 8B 01 40 ....T...`......@ BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ BFFFD2F0 : 02 00 00 00 54 D3 FF BF - E0 A8 04 08 D8 EF 1A 40 ....T..........@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085278]---------------------------------------------------------[ code] 0x8085278 :call 0x80864d3 0x808527d :call 0x80858dc 0x8085282 :add esp,0x8 0x8085285 :push 0x0 0x8085287 :push 0x80ab3c4 0x808528c :call 0x80857a2 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085278 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000282 esi:40018420 edi:BFFFD354 esp:BFFFD2F0 ebp:BFFFD308 eip:0808527D cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I t S z a p c [002B:BFFFD2F0]---------------------------------------------------------[stack] BFFFD320 : 02 00 00 00 20 99 04 08 - 00 00 00 00 41 99 04 08 .... .......A... BFFFD310 : 02 00 00 00 54 D3 FF BF - 60 D3 FF BF A0 8B 01 40 ....T...`......@ BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ BFFFD2F0 : 02 00 00 00 54 D3 FF BF - E0 A8 04 08 D8 EF 1A 40 ....T..........@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:0808527D]---------------------------------------------------------[ code] 0x808527d :call 0x80858dc 0x8085282 :add esp,0x8 0x8085285 :push 0x0 0x8085287 :push 0x80ab3c4 0x808528c :call 0x80857a2 0x8085291 :mov ebx,eax ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x0808527d in main () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000282 esi:40018420 edi:BFFFD354 esp:BFFFD2F0 ebp:BFFFD308 eip:08085282 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I t S z a p c [002B:BFFFD2F0]---------------------------------------------------------[stack] BFFFD320 : 02 00 00 00 20 99 04 08 - 00 00 00 00 41 99 04 08 .... .......A... BFFFD310 : 02 00 00 00 54 D3 FF BF - 60 D3 FF BF A0 8B 01 40 ....T...`......@ BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ BFFFD2F0 : 02 00 00 00 54 D3 FF BF - E0 A8 04 08 D8 EF 1A 40 ....T..........@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085282]---------------------------------------------------------[ code] 0x8085282 :add esp,0x8 0x8085285 :push 0x0 0x8085287 :push 0x80ab3c4 0x808528c :call 0x80857a2 0x8085291 :mov ebx,eax 0x8085293 :call 0x80858dd ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085282 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000382 esi:40018420 edi:BFFFD354 esp:BFFFD2F8 ebp:BFFFD308 eip:08085285 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a p c [002B:BFFFD2F8]---------------------------------------------------------[stack] BFFFD328 : 00 00 00 00 41 99 04 08 - 60 52 08 08 02 00 00 00 ....A...`R...... BFFFD318 : 60 D3 FF BF A0 8B 01 40 - 02 00 00 00 20 99 04 08 `......@.... ... BFFFD308 : 28 D3 FF BF 17 4D 09 40 - 02 00 00 00 54 D3 FF BF (....M.@....T... BFFFD2F8 : E0 A8 04 08 D8 EF 1A 40 - 20 84 01 40 D8 EF 1A 40 .......@ ..@...@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085285]---------------------------------------------------------[ code] 0x8085285 :push 0x0 0x8085287 :push 0x80ab3c4 0x808528c :call 0x80857a2 0x8085291 :mov ebx,eax 0x8085293 :call 0x80858dd 0x8085298 :add esp,0x10 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085285 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000382 esi:40018420 edi:BFFFD354 esp:BFFFD2F4 ebp:BFFFD308 eip:08085287 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a p c [002B:BFFFD2F4]---------------------------------------------------------[stack] BFFFD324 : 20 99 04 08 00 00 00 00 - 41 99 04 08 60 52 08 08 .......A...`R.. BFFFD314 : 54 D3 FF BF 60 D3 FF BF - A0 8B 01 40 02 00 00 00 T...`......@.... BFFFD304 : D8 EF 1A 40 28 D3 FF BF - 17 4D 09 40 02 00 00 00 ...@(....M.@.... BFFFD2F4 : 00 00 00 00 E0 A8 04 08 - D8 EF 1A 40 20 84 01 40 ...........@ ..@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08085287]---------------------------------------------------------[ code] 0x8085287 :push 0x80ab3c4 0x808528c :call 0x80857a2 0x8085291 :mov ebx,eax 0x8085293 :call 0x80858dd 0x8085298 :add esp,0x10 0x808529b :cmp ebx,0x2 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08085287 in main () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000382 esi:40018420 edi:BFFFD354 esp:BFFFD2F0 ebp:BFFFD308 eip:0808528C cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a p c [002B:BFFFD2F0]---------------------------------------------------------[stack] BFFFD320 : 02 00 00 00 20 99 04 08 - 00 00 00 00 41 99 04 08 .... .......A... BFFFD310 : 02 00 00 00 54 D3 FF BF - 60 D3 FF BF A0 8B 01 40 ....T...`......@ BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ BFFFD2F0 : C4 B3 0A 08 00 00 00 00 - E0 A8 04 08 D8 EF 1A 40 ...............@ [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:0808528C]---------------------------------------------------------[ code] 0x808528c :call 0x80857a2 0x8085291 :mov ebx,eax 0x8085293 :call 0x80858dd 0x8085298 :add esp,0x10 0x808529b :cmp ebx,0x2 0x808529e :je 0x80852b3 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x0808528c in main () gdb $ si -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000382 esi:40018420 edi:BFFFD354 esp:BFFFD2EC ebp:BFFFD308 eip:080857A2 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a p c [002B:BFFFD2EC]---------------------------------------------------------[stack] BFFFD31C : A0 8B 01 40 02 00 00 00 - 20 99 04 08 00 00 00 00 ...@.... ....... BFFFD30C : 17 4D 09 40 02 00 00 00 - 54 D3 FF BF 60 D3 FF BF .M.@....T...`... BFFFD2FC : D8 EF 1A 40 20 84 01 40 - D8 EF 1A 40 28 D3 FF BF ...@ ..@...@(... BFFFD2EC : 91 52 08 08 C4 B3 0A 08 - 00 00 00 00 E0 A8 04 08 .R.............. [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:080857A2]---------------------------------------------------------[ code] 0x80857a2 :push ebx 0x80857a3 :sub esp,0x14 0x80857a6 :mov ebx,ds:0x80aeeec 0x80857ac :mov ds:0x80aeeec,0x0 0x80857b6 :push ds:0x80af22c 0x80857bc :call 0x8087b4c ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x080857a2 in rts_evalLazyIO () gdb $ x/x 0x80aeeec 0x80aeeec : 0x00000000 gdb $ x/x 0x80aeeec f22c 0x80af22c :0x00000100 gdb $ si -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000382 esi:40018420 edi:BFFFD354 esp:BFFFD2E8 ebp:BFFFD308 eip:080857A3 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a p c [002B:BFFFD2E8]---------------------------------------------------------[stack] BFFFD318 : 60 D3 FF BF A0 8B 01 40 - 02 00 00 00 20 99 04 08 `......@.... ... BFFFD308 : 28 D3 FF BF 17 4D 09 40 - 02 00 00 00 54 D3 FF BF (....M.@....T... BFFFD2F8 : E0 A8 04 08 D8 EF 1A 40 - 20 84 01 40 D8 EF 1A 40 .......@ ..@...@ BFFFD2E8 : D8 EF 1A 40 91 52 08 08 - C4 B3 0A 08 00 00 00 00 ...@.R.......... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:080857A3]---------------------------------------------------------[ code] 0x80857a3 :sub esp,0x14 0x80857a6 :mov ebx,ds:0x80aeeec 0x80857ac :mov ds:0x80aeeec,0x0 0x80857b6 :push ds:0x80af22c 0x80857bc :call 0x8087b4c 0x80857c1 :add esp,0xc ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x080857a3 in rts_evalLazyIO () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:401AEFD8 ecx:40200060 edx:00000000 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD2D4 ebp:BFFFD308 eip:080857A6 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD2D4]---------------------------------------------------------[stack] BFFFD304 : D8 EF 1A 40 28 D3 FF BF - 17 4D 09 40 02 00 00 00 ...@(....M.@.... BFFFD2F4 : 00 00 00 00 E0 A8 04 08 - D8 EF 1A 40 20 84 01 40 ...........@ ..@ BFFFD2E4 : 60 D3 FF BF D8 EF 1A 40 - 91 52 08 08 C4 B3 0A 08 `......@.R...... BFFFD2D4 : F4 D2 FF BF E8 D2 FF BF - 3D 93 04 08 54 D3 FF BF ........=...T... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:080857A6]---------------------------------------------------------[ code] 0x80857a6 :mov ebx,ds:0x80aeeec 0x80857ac :mov ds:0x80aeeec,0x0 0x80857b6 :push ds:0x80af22c 0x80857bc :call 0x8087b4c 0x80857c1 :add esp,0xc 0x80857c4 :mov ecx,DWORD PTR [eax+52] ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x080857a6 in rts_evalLazyIO () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:00000000 ecx:40200060 edx:00000000 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD2D4 ebp:BFFFD308 eip:080857AC cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD2D4]---------------------------------------------------------[stack] BFFFD304 : D8 EF 1A 40 28 D3 FF BF - 17 4D 09 40 02 00 00 00 ...@(....M.@.... BFFFD2F4 : 00 00 00 00 E0 A8 04 08 - D8 EF 1A 40 20 84 01 40 ...........@ ..@ BFFFD2E4 : 60 D3 FF BF D8 EF 1A 40 - 91 52 08 08 C4 B3 0A 08 `......@.R...... BFFFD2D4 : F4 D2 FF BF E8 D2 FF BF - 3D 93 04 08 54 D3 FF BF ........=...T... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:080857AC]---------------------------------------------------------[ code] 0x80857ac :mov ds:0x80aeeec,0x0 0x80857b6 :push ds:0x80af22c 0x80857bc :call 0x8087b4c 0x80857c1 :add esp,0xc 0x80857c4 :mov ecx,DWORD PTR [eax+52] 0x80857c7 :lea edx,[ecx-4] ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x080857ac in rts_evalLazyIO () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:00000000 ecx:40200060 edx:00000000 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD2D4 ebp:BFFFD308 eip:080857B6 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD2D4]---------------------------------------------------------[stack] BFFFD304 : D8 EF 1A 40 28 D3 FF BF - 17 4D 09 40 02 00 00 00 ...@(....M.@.... BFFFD2F4 : 00 00 00 00 E0 A8 04 08 - D8 EF 1A 40 20 84 01 40 ...........@ ..@ BFFFD2E4 : 60 D3 FF BF D8 EF 1A 40 - 91 52 08 08 C4 B3 0A 08 `......@.R...... BFFFD2D4 : F4 D2 FF BF E8 D2 FF BF - 3D 93 04 08 54 D3 FF BF ........=...T... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:080857B6]---------------------------------------------------------[ code] 0x80857b6 :push ds:0x80af22c 0x80857bc :call 0x8087b4c 0x80857c1 :add esp,0xc 0x80857c4 :mov ecx,DWORD PTR [eax+52] 0x80857c7 :lea edx,[ecx-4] 0x80857ca :mov DWORD PTR [eax+52],edx ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x080857b6 in rts_evalLazyIO () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:00000000 ecx:40200060 edx:00000000 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD2D0 ebp:BFFFD308 eip:080857BC cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD2D0]---------------------------------------------------------[stack] BFFFD300 : 20 84 01 40 D8 EF 1A 40 - 28 D3 FF BF 17 4D 09 40 ..@...@(....M.@ BFFFD2F0 : C4 B3 0A 08 00 00 00 00 - E0 A8 04 08 D8 EF 1A 40 ...............@ BFFFD2E0 : 54 D3 FF BF 60 D3 FF BF - D8 EF 1A 40 91 52 08 08 T...`......@.R.. BFFFD2D0 : 00 01 00 00 F4 D2 FF BF - E8 D2 FF BF 3D 93 04 08 ............=... [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:080857BC]---------------------------------------------------------[ code] 0x80857bc :call 0x8087b4c 0x80857c1 :add esp,0xc 0x80857c4 :mov ecx,DWORD PTR [eax+52] 0x80857c7 :lea edx,[ecx-4] 0x80857ca :mov DWORD PTR [eax+52],edx 0x80857cd :mov DWORD PTR [ecx-4],0x808e4a0 ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x080857bc in rts_evalLazyIO () gdb $ -------------------------------------------------------------------------[ regs] eax:40200060 ebx:00000000 ecx:40200060 edx:00000000 eflags:00000386 esi:40018420 edi:BFFFD354 esp:BFFFD2CC ebp:BFFFD308 eip:08087B4C cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B o d I T S z a P c [002B:BFFFD2CC]---------------------------------------------------------[stack] BFFFD2FC : D8 EF 1A 40 20 84 01 40 - D8 EF 1A 40 28 D3 FF BF ...@ ..@...@(... BFFFD2EC : 91 52 08 08 C4 B3 0A 08 - 00 00 00 00 E0 A8 04 08 .R.............. BFFFD2DC : 3D 93 04 08 54 D3 FF BF - 60 D3 FF BF D8 EF 1A 40 =...T...`......@ BFFFD2CC : C1 57 08 08 00 01 00 00 - F4 D2 FF BF E8 D2 FF BF .W.............. [002B:40018420]---------------------------------------------------------[ data] 40018420 : F8 8D 01 40 06 00 00 00 - 48 8F 01 40 00 00 00 00 ...@....H..@.... 40018430 : 48 8F 01 40 44 9D 01 40 - 06 00 00 00 00 00 00 00 H..@D..@........ [0023:08087B4C]---------------------------------------------------------[ code] 0x8087b4c :push ebp 0x8087b4d :push edi 0x8087b4e :push esi 0x8087b4f :push ebx 0x8087b50 :sub esp,0xc 0x8087b53 :mov eax,DWORD PTR [esp+32] ------------------------------------------------------------------------------- Error while running hook_stop: Invalid type combination in ordering comparison. 0x08087b4c in createThread () gdb $ c fact 7 is 5040 first 7 primes: [2,3,5,7,11,13,17] Program exited normally. -------------------------------------------------------------------------[ regs] Error while running hook_stop: No registers. gdb $ q :~/haskell> cllooks like the html markers > and < got stripped in the previous post
the disassembly looks pretty straight forward with symbols and names
like this
0x8087b4c <createThread>:push ebp
0x8087b4d <createThread+1>:push edi
0x8087b4e <createThread+2>:push esi
0x8087b4f <createThread+3>:push ebx
0x8087b50 <createThread+4>:sub esp,0xc
0x8087b53 <createThread+7>:mov eax,DWORD PTR [esp+32]
“it seems to be perfectly debuggable in gdb”
Yes, there are no anti-debugging tricks in the code. That’s not the point.
“the disassembly looks pretty straight forward with symbols and names”
The createThread function is part of the runtime, not one of the functions from the source (also listed on the same page). The assembly does look somewhat “normal” but recovering the semantics from the assembly is not straightforward. At the very least, it does not look like code you’d get from an imperative language.
re: “peano arithmetic” from the old thread that kicked off this new blog thread — Here’s some short python fun I was goofing around with last week:
http://www.thenewsh.com/~newsham/lambda.py
and here’s a cool paper that inspired me to goof with such things:
Click to access 03-JansenKoopmanPlasmeijer-EfficientInterpretation.pdf
“how obfuscated is compiled object code from standard functional programming languages?”
About as obfuscated as using -static on a large C/C++ program IMO. The objdump output looks a bit ‘ugly’, and its bloated as hell, but its certainly follow-able given enough time to recreate all the underlying functions.
Its pretty easy to whip through the disassembly of a small C/C++ program to recover its semantics.
well there seems to be a few hood hatted buddhas lurking out there that were probably designed to analyse and make sense out of this bloat
buddha refuses to get enlightned sitting under my computer
hood needs some green and i refuse to install them
hat is 5 years old so its probably dirty as hell
declarative debuggers nice generic term however
haskell 6.6.1 runs nice so probably i would try play with it and diff them to see how much stagnent pattern emerges