BORG v1.13

by

Cronos

 Updated : 31/8/98.

Contents:

  • What is Borg ?
  • Whats New in v1.13.
  • How did Borg come about ?
  • What can Borg do ?
  • Conditions Of Use.
  • Planned Features for Borg.
  • How you can help.
  • Known Bugs.
  • Download Borg

 

What is Borg ?

Borg is a disassembler for 32-bit PE files (Executables and DLL's) only. Borg is Freeware, and this is a philosophy which I will continue to maintain as long as personal resources allow. But if you really really want to contribute then send me an E-Mail.

How did Borg come about ?

I have used many other disassemblers in the past. Recently there has been an alarming trend towards severely limiting the ability of so-called 'shareware' disassemblers. The few available programs for disassembly of Win 95 executables seem to be crippled beyond belief. There are several good, older disassemblers available for DOS executables and Win 3.1 executables but the modern trend is toward Win 95 programs. With few capable programs around, and no good free ones, Borg was started.

What is new in Borg v1.13

  • Reprogramming of some lists used. This should speed up the output phase of Borg a bit.
  • Better detection of xrefs in data.
  • Quicker killthread (hopefully :))
  • An error in the printing of the Versioninfo resource item 'filesystem' has been corrected.
  • Some further information on Dialog resources is now given.

What is new in Borg v1.12

  • Now identifies exports by ordinal. Simple when you know how but a seemingly undocumented thing!

What is new in Borg v1.11

  • Changed open/save dialog boxes so that they are not modeless.
  • Can no longer change options after loading a file.
  • Borg now includes a database of dll calls, so that imports by ordinal can now be identified. Currently includes tables for user32, wsock32,version,winmm,kernel32,gdi32 and msvcrt40. If anyone wants any specific dll's adding to this database then please let me know. The database is in a text file, so you can play around with it anyway.
  • Where an offset is identified and this leads to a string, ie DS, this is now shown in the comments.

What is new in Borg v1.10

  • Changes to DS/DD identification - now identifies more x-refs.
  • Objects flagged as code but not flagged as executable are now disassembled (nice trick PELOCK).

What is new in Borg v1.09

  • Relocation data is now loaded and put to use.
  • More offsets are now identified and xrefs.
  • Now static linked so there is no need for any other DLL's in the distribution.

What is new in Borg v1.08

  • File version info is now loaded in part (Does anyone know the full format of this resource ?
  • Options have been added to turn codeflow analysis on/off and to turn the loading of data objects on/off.
  • The interface has had some updates. The progress bar now resizes and works properly. Borg now uses CTL3D for dialogs,etc.

What is New in Borg v1.01-v1.07

  • Have now been removed from this list.

What Can Borg do ?

Well, at the moment Borg is in its early stages. It tries to do the following :-

  • Produce a reasonable disassembly of the program under investigation.
  • Use a method of ‘intelligent disassembly’.
  • See comments above on newer versions for recent history.

Conditions Of Use.

  • As I said before Borg is Freeware, no restrictions, just use it! But let this be at your own risk. If it damages your computer in any way whatsoever the author will not be held responsible. Downloading and running or even looking at this program is at your own discretion and liability. If you damage your own computer in any way whatsoever by running, modifying, using or abusing this software then the author will not be held responsible. Standard Disclaimer.
  • If you want to distribute it in any way, then go ahead. It would be nice just to let me know where it's off too, and if it's on a CD then it would be even nicer to have a copy of it :)
  • I won't get into the ethics of reverse engineering or disassembly. Nuff said.

 Planned Features for Borg.

Currently development of Borg is centred around the following :-

  • Ensuring the disassembly is correct.
  • Improving code flow analysis and adding other structures.
  • Adding menu options (any requests ?).

 Future planned developments.

It is planned to add the following features to Borg :-

  • Identification of common call arguments. ie. argument types for common API calls. These can be identified through pushes immediately prior to the call and some of the data types can be identified.
  • Possibly dumping it all to file straight away (It can be very memory hungry at the moment).
  • Introduction of a labelling scheme for local variables (held on the stack).

How you can help.

I need help with Borg. I need help to Beta test Borg, and feedback on what it is doing. In particular I need to know :-

  • Have you found any instructions which have not been disassembled correctly, or disassembled differently to other disassemblers ? It has been difficult to test some of the less common instructions.
  • Do you have any great ideas which you would like to see implemented in Borg ?

Please complete the Borg report form, and return it to me, Cronos@ Compuserve.com.

Please note that I will never be adding the following features to Borg :-

  • ‘Text word-processing features’. Save it and load it into your favourite word processor. Nuff said.

The following features I deem to be a long way off :-

  • Interactive disassembly.
  • Loading other exe formats (LE,NE,DOS,O/S 2 or whatever). There are plenty of good, older disassemblers which are quite capable of handling these files.

Thanks for your help and time,

Cronos.

Known Bugs

  • None pending.

 

Download Borg v1.13

Download it here :- BORG.ZIP

I apologise for this being a 'dead end' web page, but if anyone wants a link adding here then please E-mail me, and I will consider it.

 

Links To Other Sites

Decompilation Page Well worth a visit.