disassembly

I'm trying to disassemble a program to see a syscall assembly instruction (the INT instruction, I believe) and the handler with GDB and have written a little program (see below) for it that opens and closes a file. I was able to follow the call to fopen with GDB until it executed a call. When I tried to tell GDB "disassemble 0x...." (address of call) it responded with 'No function contains specified address.' Is it possible to force GDB to disassemble (or display it in assembler as good as possible) that memory address? If so, how? #include <stdio.h> #include <stdlib.h> int main() { FILE* f; f

I need to read instructions one-by-one from a small code segment in memory and I have to find out the size of the instructions which I have in memory. The following is just a example of raw disassembled code to explain my problem: (gdb) disas /r 0x400281,+8 Dump of assembler code from 0x400281 to 0x400289: 0x0000000000400281: 48 89 c7 movq %rax, %rdi 0x0000000000400284: b0 00 movb $0, %al 0x0000000000400286: e8 f2 48 00 00 callq 0x10001f30a End of assembler dump. I know the memory address of the first instruction (p = 0x0000000000400281 in this case) and I can read every memory address from p.

I am looking at some disassembled code obtained from Java bytecode. I see some declaration as follows: .method static synthetic access$0()Lcom/package/Sample; I am not able to figure out what the synthetic or access$0 mean. Can someone please help me understand this part? Johan Sjöberg Synthetic field , (2) A compiler-created field that links a local inner class to a block's local variable or reference type parameter. See also The JavaTM Virtual Machine Specification (§4.7.6) or Synthetic Class in Java . In the java language, inner classes can access private members of their enclosing class.

I've got a binary installed on my system, and would like to look at the disassembly of a given function. Preferrably using objdump , but other solutions would be acceptable as well. From this questions I've learned that I might be able to disassemble part of the code if I only know the boundary addresses. From this answer I've learned how to turn my split debug symbols back into a single file. But even operating on that single file, and even disassembling all the code (i.e. without start or stop address, but plain -d parameter to objdump ), I still don't see that symbol anywhere. Which makes

I would like to translate X86_64, x86, ARM executables into LLVM IR (disassembly). What solution do you suggest ? mcsema is a production-quality binary lifter. It takes x86 and x86-64 and statically "lifts" it to LLVM IR. It's actively maintained, BSD licensed, and has extensive tests and documentation. https://github.com/trailofbits/mcsema Consider using RevGen tool developed within the S2E project . It allows converting x86 binaries to LLVM IR. The source code could be checked out from Revgen branch of GIT repository available by url https://dslabgit.epfl.ch/git/s2e/s2e.git . As regards to