1

What is the easiest way to convert the following Bytecode to Assembly language?

83 EC 8B 55 51 53 AC C4 05 8B 64 57 00 00 00 30 8B 0C 40 8B 00 8B 0C 40 58 8B 00 8B 03 D8 89 18
50 8B 3C 40 8B DA 01 78 DF 01 20 7A 07 8B C9 31 38 81 D8 01 61 65 72 43 78 81 1C 75 41 73 73 0B
8B 13 75 00 D8 01 24 42 48 04 B7 0F 01 1C 52 8B 82 1C 03 DA C7 83 09 EB 4A 3B 41 04 8D CF 7C 18
8D 50 F0 45 31 57 AC 7D 00 11 B9 C0 AB F3 00 00 44 AC 45 C7 50 00 00 00 50 50 50 50 00 09 E8 50
61 63 00 00 65 2E 63 6C 50 00 65 78 59 5F D3 FF 03 E0 C1 5B C9 06 C0 83 90 90 90 C3

Thanks in advance!

nemoest
  • 81
  • 1
  • 10
  • 2
    Use a decompiler. We are not a code translation service... – Marc B Jul 07 '15 at 19:37
  • 1
    I don't ask you to do it, I have just no idea on how to do it. – nemoest Jul 07 '15 at 19:37
  • 4
    https://www.onlinedisassembler.com/odaweb/ – BitTickler Jul 07 '15 at 19:39
  • 2
    Well what architecture is this supposed to be for? It doesn't make sense as x86 code, it starts out fine with a subtract from esp (a negative number though? bit odd) and some pushes, but then AC?? No one uses `lods`. Then C4 05, well an actual `les` is extremely unlikely, but it's a valid `les`, so this has to be 64bit code (in 32bit mode, valid `les` is not interpreted as a VEX prefix). But then 5 turns out to be an invalid opcode map! This isn't making any sense. – harold Jul 07 '15 at 20:43
  • It's not Java bytecode because of the three consecutive zero bytes. – Antimony Jul 08 '15 at 03:08
  • Yes the Endian-type is/was wrong in that Byte-order it is above. After analyzing the code it seems to search in PEB for kernel32.dll and walks its EAD and searches for CreateProcessA and calls it with calc.exe...Ah and it is valid x86 if you change the Order of the bytes – nemoest Jul 08 '15 at 09:54
  • 1
    Could you post it in the proper order then? – harold Jul 08 '15 at 12:40

1 Answers1

1

Disassembling bytecode is pretty cool. The quickest method for you would probably be to use something like ODA, the online disassembler. Many tools exist for going the other way around, you can can even generate bytecode in python!

For reversing further, decompilers will not only disassemble and provide you with assembly, but also go up one more level and give you C code if possible. Hex-Rays is a good example of this.

However, a simple disassembler is all you need to get assembly from bytecode!

not-inept
  • 104
  • 2