Finding main() function

[lab313ru]

Is it possible to add such feature? For example, I want to find main function in MS-DOS executables.

[uxmal]

Could you provide more details what you mean here? Are you thinking about locating / skipping the C runtime boiler-plate code that gets linked into an executable, and try to find the actual user code that the CRT calls (the main function that the user wrote)? If so, this is a duplicate of #205.

In order to accomplish this, I need a sample MS-DOS file where the problem is present. At the moment, I'm considering an ad-hoc method where first a match is made against a list of "templates" of CRT entry functions (from various compilers, programming languages, etc). Once a match is found, there will be a second template to identify the entry point into the actual binary.

[lab313ru]

In @nemerle 's dcc there is a code for identifying main() functions for MS-DOS executables, and for lib-functions too.

[nemerle]

Yup the code just matches some very simple patterns ( get's confused sometimes too) and calls it a day 😄

[lab313ru]

Such code could be used here to find WinMain() or main() functions?

[uxmal]

absolutely. Boomerang also does some really hacky work to find WinMain. I want a solution that involves as little code as possible, and as much pattern matching as possible. Reko already has a regexp engine that understands hexadecimal patterns. Now it's more about collecting such patterns. For that to happen, I need sample EXE files that have been built with a known compiler.

[nemerle]

Nope, dcc 'main' locator patterns are dos only and pretty simplistic.
The ones that are a bit better are in boomerang

[uxmal]

OK, the most recent checkins have added general support for 'main' locator patterns. I've also grabbed some MS-DOS patterns from https://github.com/nemerle/dcc. Users still have to provide specific 'main' patterns if Reko fails to find them. @lab313ru: If you have a binary that doesn't get its 'main' found, could you please forward it to me so I can locate the pattern and add it to Reko?

[lab313ru]

So what about Amiga executables?) But, there is no any info about pre-main stub anywhere.

I'll try to indentify such stub.

[nemerle]

Getting main detection to work on amiga executables would be a fun task for a binary archaeologist 😄

We'd need to have access to various amiga compiler ( Aztec C/ Lattice/ StormC/ others) libraries

[lab313ru]

Some of them is possible to find at eab.abime.net forums, I hope.

[nemerle]

Finding them will be the first step :)

The next one depends on the format of available data

• if we get the 'lib' files we'll need to cobble together a parser for those, and extract the start function pattern
• if we get 's' assembly sources, we'd need to convert it into byte patterns

[lab313ru]

I'll try to find something. For example, for PPAMI.EXE.

[uxmal]

@nemerle : those Amiga samples you provided to Reko (back when it was called "Decompiler") -- what compiler did you use for them?

[nemerle]

It might have been the open source one - vbcc