-5

I have a binary file compiled using gcc of a simple c program. I'm writing my own dis-assembler, I able to read ELF header and other header from ELF files.

I'm reading ".text"section from ELF binary file. And trying to convert the opecode into mnemonics/assembly instruction.

How to convert raw opcode/machine code into mnemonics/assembly instruction?? C source code is: 

#include <stdio.h>

int main()
{
  int i = 10;
  int j = 22 + i;

  return 0;
}

Following is the example of raw opcode i have received after reading ELF file:

55 ffffff89 ffffffe5 ffffff83 ffffffec 20 ffffffc7 45 ffffffec 3 ffffffc7 45
fffffff0 41 ffffffc7 45 fffffff4 8 ffffffc7 45 fffffff8 21 ffffff8b 45
ffffffec ffffff83 ffffffc0 16 ffffff89 45 fffffffc ffffffb8 ffffffc9 ffffffc3
BSalunke
  • 11,499
  • 8
  • 34
  • 68
  • Your disassembler would probably need to include a list of all opcodes and which instructions they correspond to, and it would also have to parse all prefixes and the ModR/M and SIB bytes. You can find all this info in [Intel's manuals](http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html). – Michael Apr 02 '16 at 10:08
  • 3
    You need to fix your code so it doesn't sign-extend 8-bit values to 32-bit before printing them. – Ross Ridge Apr 02 '16 at 10:09
  • 2
    Use **`unsigned char`** to read the opcode values, and print with `%02x`. – Antti Haapala -- Слава Україні Apr 02 '16 at 10:09
  • 3
    I am voting to close this as too broad, as the question asks how to write a disassembler without showing any effort towards it. ([OP is already knowledgeable of `objdump`](http://stackoverflow.com/questions/36370689/what-numeric-values-defines-in-dissembled-of-c-code)) – Antti Haapala -- Слава Україні Apr 02 '16 at 10:12
  • You use the freely available Intel instruction references. – David Hoelzer Apr 02 '16 at 12:22
  • @AnttiHaapala Sorry, but I disagree with you. I was not asking for complete diassemble code, I wrote code to parse the ELF, I just need hint/pointer to decode the above formatted opcode to mnemonics. – BSalunke Apr 03 '16 at 07:57

1 Answers1

2

If you have the GNU binutils installed (which you likely have), you can use

objdump --disassemble elf-file

If the question is "Why do I get those ffffff numbers", then you need to show us the code that produces the numbers. Most likely you are having a sign extension issue from signed characters to int.

Jens
  • 69,818
  • 15
  • 125
  • 179