In ActionScript 2 code, it would be better for readability if strings defined in constant pools were surrounded by quotes.

CREATEPROCESS -> CREATE_PROCESS
I don't know how to fork or commit.
sorry for writing such small things like this.

Comparable to the SWFTools swfdump tool.

Right now the user does not know how many tags/functions there are left to try while using Minimizer. This should be improved so that the user knows how much there is left to come.

Right now Flash Dissector shows the unadjusted relative branch offset in the GUI for ActionIf instructions. This makes it difficult to find out where a jump is going. Displaying the adjusted address would make things much easier for users.

Right now the readme file does not explain that you need the JHexView and splib libraries from my GitHub account too.

Same as Issue #21 but for ActionJump.

Right now Flash Dissector swallows parser bugs silently and the user does not get any feedback that something went wrong.

Negative 3-byte signed integer values are not parsed correctly.

As of version 1.1 when displaying ActionScript 2 code in the GUI, ActionPush instructions are shown as blanks instead of ActionPush instructions.

I want to have the ability to drag & drop files into Flash Dissector to load them.

This makes it easier to re-open recently analyzed files.

couldn't open www.justin.tv/widgets/live_embed_player.swf, it quits without warning

Right now all the constants are shown in one line which is not very readable

An exception get's thrown (see below) when attempting to parse a Multiname with a kind.value() of 0x1D. I modified MultinameInfoParser class to include kind.value() and fieldName in the exception message.

Exception in thread "AWT-EventQueue-0" java.lang.IllegalStateException: Invalid multiname type: 29, fieldName: DoABC::ABCData::constant_pool::multiname[6]::data
at tv.porst.swfretools.parser.structures.MultinameInfoParser.parseData(MultinameInfoParser.java:34)
at tv.porst.swfretools.parser.structures.MultinameInfoParser.parse(MultinameInfoParser.java:41)
at tv.porst.swfretools.parser.structures.ConstantPoolParser.parse(ConstantPoolParser.java:68)
at tv.porst.swfretools.parser.structures.AS3DataParser.parse(AS3DataParser.java:18)
at tv.porst.swfretools.parser.tags.DoABCParser.parse(DoABCParser.java:33)
at tv.porst.swfretools.parser.tags.TagParser.parseTag(TagParser.java:165)
at tv.porst.swfretools.parser.tags.TagParser.parseTag(TagParser.java:76)
at tv.porst.swfretools.parser.tags.TagParser.parse(TagParser.java:213)
at tv.porst.swfretools.parser.SWFParser.parse(SWFParser.java:95)
at tv.porst.swfretools.dissector.gui.main.models.FileModel.openFile(FileModel.java:63)
at tv.porst.swfretools.dissector.gui.main.implementations.FileActions.openFile(FileActions.java:61)
at tv.porst.swfretools.dissector.gui.main.actions.OpenAction.actionPerformed(OpenAction.java:49)

The following links should be of some help in writing a parser for the Vector type:

• http://stackoverflow.com/questions/553445/how-do-generics-vector-work-inside-the-avm
• http://blog.richardszalay.com/2009/02/11/generics-vector-in-the-avm2/

Right now there is no feedback in the GUI about what is happening internally. A progress dialog would give this feedback.

Once in a while there are nested SWF files inside a SWF file or shellcode is stored in a DefineBinaryData tag. It would be cool if there was a right-click menu in the Flash tree to dump all structures.

In Flash Dissector, the DoAction tag action list is not shown in the GUI.

Because going through all tags and functions one by one is too slow.

When showing ActionScript 2 code in the GUI, unknown instructions are shown as blanks. A better idea is to show them as unknown instructions with their unknown action code.

java -jar minimizer.jar F:\Tools\flex_sdk_4.1\runtimes\player\10.1\win\FlashPla

yerDebugger.exe e:\ToDo\cve-2011-2110\main.swf
Minimizing SWF file F:\Tools\flex_sdk_4.1\runtimes\player\10.1\win\FlashPlayerDe
bugger.exe with player e:\ToDo\cve-2011-2110\main.swf
Trying to remove tag FileAttributes (1 of 9) at offset 00000015 ... KEEP
Trying to remove tag Metadata (2 of 9) at offset 0000001B ... KEEP
Trying to remove tag ScriptLimits (3 of 9) at offset 000001E8 ... KEEP
Trying to remove tag SetBackgroundColor (4 of 9) at offset 000001EE ... KEEP
Trying to remove tag FrameLabel (5 of 9) at offset 0000020F ... KEEP
Trying to remove tag DoABC (6 of 9) at offset 00000216 ... Exception in thread "
main" java.lang.NegativeArraySizeException
at tv.porst.splib.arrays.ArrayHelpers.removeData(Unknown Source)
at tv.porst.swfretools.minimizer.Minimizer.removeTags(Unknown Source)
at tv.porst.swfretools.minimizer.Minimizer.main(Unknown Source)

i'm using swftools_120.zip

thx

For each action, the tree only shows an ACTION entry without showing information for each specific action type.

Which in turn leads to a nullpointer exception.

As of version 1.1, PushDuplicate instructions are not shown in the GUI.

The DefineBinaryData tag can contain nested SWF files. Parse those recursively.