Stack Overflow
Stack Overflow

Questions tagged [disassembly]

Involves turning "compiled" code (such as machine code, byte code or IR code) back in higher-level assembly mnemonics.

Disassembly is the process for turning a binary form back into its higher-level counterpart so that it can be inspected or altered in a human-readable form.

This is normally done with the aid of a disassembler, some notable examples being:

1640 questions
0
votes
1 answer

How to eliminate the middle column generated by objdump?

Platform is on 32 bit Linux, I use objdump to disassemble a binary, and trying to re-use the address column and assemble code columns , but after searching in the objdump's manual, I can not find how to force objdump to not output the hex code…
lllllllllllll
  • 8,519
  • 9
  • 45
  • 80
0
votes
2 answers

What are these little functions in FFFF**** addres space seen by C# code x86 disassembly?

While debugging some of my code written in C# I had to walk through disassembly to get a clearer understanding of what is going on on a microlevel. Most of the code is rather transparent, but there are some functions obviously provided by CLR or C#,…
akalenuk
  • 3,815
  • 4
  • 34
  • 56
0
votes
1 answer

typecasting in little endian vs big endian

Using the below code, i have looked into the disassembly in MS-VC++ int main() { int a = 0x7fffee ,as; //initialization in hex short b = 0x7fff ,bs; //the format specifier %hp of %hd prints lower 2bytes only printf("a(in dec) = %d : b(in…
nmxprime
  • 1,506
  • 3
  • 25
  • 52
0
votes
1 answer

x86 LEA with ESP + offset

I am learning x86 through the book Practical Malware Analysis, and I often see things like: lea edx, [esp+24Ch+name] push edx push ... call ds:bind I understand how LEA works, and that this is basically storing the value of esp+24C+name in edx.…
Jordan Hanna
  • 145
  • 2
  • 7
0
votes
1 answer

Programmatically change WxWidget slider from external process?

I have only the binary of a closed source MS Windows application. Using the FindWindow [1] and GetClassName [2] functions revealed the class name of the main window of the application: "wxWindow" [3]. Consequently I assume the wxWidgets [4] GUI…
Lars Schneider
  • 5,530
  • 4
  • 33
  • 58
0
votes
1 answer

ida pro virtual function actual declaration

I am trying to hack into an exe to find the implementation of certain functions and perform actions in an injected dll. The exe is a sort of screen saver, and fortunately very simple, so it uses important strings to identify code sections. My…
Alpha cockroach
  • 35
  • 1
  • 7
0
votes
1 answer

Analyzing gdb disassembly

DISCLAIMER: This is a homework problem so I do not want you to just tell me the answer. Rather I need help understanding how this code works. If this is not allowed then that is fine I can take this down or whatever is required by me. What I am…
Javier Pena
  • 115
  • 1
  • 2
  • 6
0
votes
0 answers

decoding binary to mips instruction using mips language

Hi when decoding mips using mips language you have to partition the code. After youve partitioned the instruction lets say a branch instruction into: OP code Sregister Tregister Address $t1 contains the value 0100 which is 8 and I wanted to print…
user3175173
  • 103
  • 2
  • 13
0
votes
0 answers

What is **mov eax, ds:(__dso_handle_ptr - 804DFF4h)[ebx]**?

I use IDA pro to disassembly ELF 32 bit file. In the asm code it creates, I find one sentence as below: mov eax, ds:(__dso_handle_ptr - 804DFF4h)[ebx] I have never seen asm code like this, and use nasm/masm to directly assembly it would…
lllllllllllll
  • 8,519
  • 9
  • 45
  • 80
0
votes
1 answer

How to translate **long_options option ** into re-assemble code?

Test platform is 32 bit Linux. I use IDA Pro to disassembly the basename elf binary from coreutils. In the data section I find this: long_options option Could any one give some help on how to translate this into…
lllllllllllll
  • 8,519
  • 9
  • 45
  • 80
0
votes
1 answer

Decompiling x86 PE binary to C?

I'd like to know if there's any way to generate the C code of a x86 PE binary. I don't really need this, I just want to learn how some closed-source software are working. From my common sense, I think the process is: Converting the x86 binary to…
Alon Gubkin
  • 56,458
  • 54
  • 195
  • 288
0
votes
1 answer

Where are the arguments at this ASM function?

I have this disassembled function: PUSH EBP MOV EBP, ESP SUB ESP, C PUSH 408506 MOV EAX, DWORD PTR FS:[0] PUSH EAX MOV DWORD PTR FS:[0], ESP SUB ESP, 14 PUSH EBX PUSH ESI PUSH EDI MOV DWORD PTR [EBP-C],…
cdonts
  • 9,304
  • 4
  • 46
  • 72
0
votes
3 answers

How to know how many arguments takes a function?

I have this function: BOOL WINAPI MyFunction(WORD a, WORD b, WORD *c, WORD *d) When disassembling, I'm getting something like this: PUSH EBP MOV ESP, EBP SUB ESP, C ... LEAVE RETN C As far as I know, the SUB ESP, C means that the function takes 12…
cdonts
  • 9,304
  • 4
  • 46
  • 72
0
votes
1 answer

Function memory address (ASM)

I have decompiled a program with VB Decompiler and it says that my target function (the one which I want to see the code) is at the address 0x00617B70. So once I have disassembled the application I go to that memory address and I see: CALL …
cdonts
  • 9,304
  • 4
  • 46
  • 72
0
votes
0 answers

The meaning of some fields in structure of udis86 object

Could you explain please what these fields mean uint8_t inp_curr; uint8_t inp_ctr; uint8_t inp_fill; uint64_t pc; in struct ud (udis86 object)? I notice they are always getting the identical values.
Qwerty
  • 153
  • 1
  • 9
1 2 3
99
100