disassembly

I am writing a tool which uses libbfd and libopcodes in x86-32 and x86-64 Linux to perform disassembly. The problem is that whilst I am able to get libopcodes to disassemble, I am unable to get any instruction information. For the purposes of demonstration, I have made a minimal example which reproduces my issue. The program should disassemble itself from entry point to the first RET / RETQ . The code is a bit hacked up with globals and error checking has been omitted for brevity, etc. but should illustrate the issue clearly. #include <bfd.h> #include <dis-asm.h> #include <stdbool.h> #include

It's not a big secret that x86 (and x86_64) processors have not only the single-byte NOP instruction, but also various types of multi-byte NOP-like instructions. There's the ones I've managed to find: Recommended by AMD, ref. AMD Software Optimization Guide for AMD Family 15h Processors, document #47414 , section 5.8 "Code Padding with Operand-Size Override and Multibyte NOP", page 94) 90 NOP1_OVERRIDE_NOP 6690 NOP2_OVERRIDE_NOP 0f1f00 NOP3_OVERRIDE_NOP 0f1f4000 NOP4_OVERRIDE_NOP 0f1f440000 NOP5_OVERRIDE_NOP 660f1f440000 NOP6_OVERRIDE_NOP 0f1f8000000000 NOP7_OVERRIDE_NOP 0f1f840000000000 NOP8

I have a .pyc file. I need to understand the content of that file to know how the disassembler works of python, i.e. how can I generate a output like dis.dis(function) from .pyc file content. for e.g. >>> def sqr(x): ... return x*x ... >>> import dis >>> dis.dis(sqr) 2 0 LOAD_FAST 0 (x) 3 LOAD_FAST 0 (x) 6 BINARY_MULTIPLY 7 RETURN_VALUE I need to get a output like this using the .pyc file. Martijn Pieters .pyc files contain some metadata and a marshal ed code object; to load the code object and disassemble that use: import dis, marshal, sys # Header size changed in 3.3. It might change again,

I'm currently disassembling some small C programs made in Visual Studio 2012 Express, and i've noticed a trend amongst the binaries. The first set of instructions executed in the main function are always: SUB ESP,154 ; Doesn't have to be 0x154. ..... ..... ..... LEA EDI,DWORD PTR SS:[EBP-154] MOV ECX,55 ; Also doesn't have to be 0x55. MOV EAX,CCCCCCCC REP STOS DWORD PTR ES:[EDI] So, why does the machine fill the stack with this 0xCCCCCCCC? I've read that it is used by VC++, or something, as a mark for uninitialized space? Then let's say I am going to put something inside my buffer... The

Is there a utility similar to OllyDbg / SoftICE for java? I.e. execute class (from jar / with class path) and, without source code, show the disassembly of the intermediate code with ability to step through / step over / search for references / edit specific intermediate code in memory / apply edit to file... If not, is it even possible to write something like this (assuming we're willing to live without hotspot for the debug duration)? Edit: I'm not talking about JAD or JD or Cavaj. These are fine decompilers, but I don't want a decompiler for several reasons, most notable is that their

I wrote this simple C program: int main() { int i; int count = 0; for(i = 0; i < 2000000000; i++){ count = count + 1; } } I wanted to see how the gcc compiler optimizes this loop (clearly add 1 2000000000 times should be "add 2000000000 one time"). So: gcc test.c and then time on a.out gives: real 0m7.717s user 0m7.710s sys 0m0.000s $ gcc -O2 test.c and then time on a.out` gives: real 0m0.003s user 0m0.000s sys 0m0.000s Then I disassembled both with gcc -S . First one seems quite clear: .file "test.c" .text .globl main .type main, @function main: .LFB0: .cfi_startproc pushq %rbp .cfi_def_cfa

I've written a piece of C code and I've disassembled it as well as read the registers to understand how the program works in assembly. int test(char *this){ char sum_buf[6]; strncpy(sum_buf,this,32); return 0; } The piece of my code that I've been examining is the test function. When I disassemble the output my test function I get ... 0x00000000004005c0 <+12>: mov %fs:0x28,%rax => 0x00000000004005c9 <+21>: mov %rax,-0x8(%rbp) ... stuff .. 0x00000000004005f0 <+60>: xor %fs:0x28,%rdx 0x00000000004005f9 <+69>: je 0x400600 <test+76> 0x00000000004005fb <+71>: callq 0x4004a0 <__stack_chk_fail@plt>

I responded to another question about developing for the iPhone in non-Objective-C languages, and I made the assertion that using, say, C# to write for the iPhone would strike an Apple reviewer wrong. I was speaking largely about UI elements differing between the ObjC and C# libraries in question, but a commenter made an interesting point, leading me to this question: Is it possible to determine the language a program is written in, solely from its binary? If there are such methods, what are they? Let's assume for the purposes of the question: That from an interaction standpoint (console

Can I disassemble a flat binary file using objdump? I'm familiar with disassembling a structured binary executable such as an ELF file using: objdump -d file.elf But if I have a flat binary file that I know is supposed to be loaded at, e.g., address 0xabcd1000, can I ask objdump to disassemble it? I tried supplying options such as '--start-address=0xabcd1000' but objdump just states that it doesn't recognize the format. I have other ideas about how to disassemble the file but I wanted to know if objdump could provide a simple solution. I found the solution to my own question on a different