Stack Overflow
Stack Overflow

Questions tagged [disassembly]

Involves turning "compiled" code (such as machine code, byte code or IR code) back in higher-level assembly mnemonics.

Disassembly is the process for turning a binary form back into its higher-level counterpart so that it can be inspected or altered in a human-readable form.

This is normally done with the aid of a disassembler, some notable examples being:

1640 questions
0
votes
2 answers

How to find implementation of .NET InternalCall methods

Out of curiosity I want to see the assembly code for the implementation of some internal methods. In this example I am trying to start with the Interlocked.Increment method. By setting a break point on my source code and then showing the…
Phil Wright
  • 22,580
  • 14
  • 83
  • 137
0
votes
0 answers

What switches/options force CL (Microsoft C/C++ compiler) to produce "fragmented" procedures?

In the majority of cases a compiled procedure is a bunch of processor instructions that occupies continuous range of bytes in the code section. It of course may contain conditional and unconditional jumps and non-linear execution flow, but looking…
firehacker
  • 9
  • 2
0
votes
1 answer

How can I convert Java code to Jasmin without compiling?

I need to convert some pieces of a class into Jasmin (or if possible, Smali) and mix new codes with disassembled ones together. What I want to know is: Is that possible? and if yes, How? (I have diff patches of java files but don't have source code…
Hadi77
  • 127
  • 8
0
votes
1 answer

How to add resources to Jar

I'm actually trying to repack a JAR file (after noping out some lines that cause conflicts) and here's my approach: Convert Jar into Dex (with dex2jar). It's worth noting that resources like jpgs are not packed along into Dex. Disassemble Dex into…
Isilmë O.
  • 1,668
  • 3
  • 23
  • 35
0
votes
1 answer

IDA Assembly change jump destination

I'm new to reverse engineering and i'm trying to change a __text:001C2BE4 jz loc_1C3180 which jumps to __text:001C3180 loc_1C3180: into a jump to another subroutine. (__text:00128DC0 sub_128DC0:) However, I don't yet…
Laurent
  • 1,292
  • 4
  • 23
  • 47
0
votes
1 answer

Can I add assembly language commands and data into an existing binary?

This question is mostly about my experience with Hopper - The OS X and Linux Disassembler although conceptually I think it would also apply to other Disassemblers like IDA. The tools allow one to see the assembly code representation of the (hex)…
cwd
  • 53,018
  • 53
  • 161
  • 198
0
votes
1 answer

Xed2-Intel64 library - Issue MOV opcode

I have an issue with the C++ xed2-Intel64 library. Some opcodes are not well cut, for example the MOV opcode with objdump : 49 89 d1 : mov rsp rbp But I obtain with xed_decode and the mode : xed_decoded_inst_set_mode(&xedd,…
Martin
  • 113
  • 7
0
votes
4 answers

Windows disassembler: looking for a tool

I'm looking for a (preferably free) tool that can produce "proper" disassembly listing from a (non-.NET) windows PE file (*.exe or *.dll). Important requirement: it should be possible to run the listing through a windows assembler (nasm, masm or…
SigTerm
  • 26,089
  • 6
  • 66
  • 115
0
votes
0 answers

Assembly Language, objdump?

I'm trying to follow along in the Art of Exploitation book, yet when I got to the disassembly language portion I got a little lost, because my output after running the objdump -D a.out | grep -A20 main.: command that he wrote was different. …
WhiteMask
  • 648
  • 1
  • 5
  • 17
0
votes
1 answer

GDB disas question about address values

I'm working with a binary file that I disas'd in gdb. Right now I'm just examining the return value of a function. 0x08048604 : ret Is the address shown the address where ret is stored in the function? Or is it just the address of the…
GetOffMyLawn
  • 1,362
  • 4
  • 14
  • 21
0
votes
1 answer

Changes in gcc/persistence of optimization flags gcc/C

Just curious. Using gcc/gdb under Ubuntu 9.10. Reading a C book that also often gives the disassembly of the object file. When reading in January, my disassembly looks a lot like the book's; now, it's quite different - possibly more optimized (I…
gnometorule
  • 2,151
  • 2
  • 20
  • 29
0
votes
0 answers

WinDbg: call stack and disassembly are inconsistent

I am debugging a program using WinDbg. At the crash site, the last two frames of call stack are: ChildEBP RetAddr WARNING: Stack unwind information not available. Following frames may be wrong. 0251bfe8 6031f8da…
ZillGate
  • 1,173
  • 12
  • 22
0
votes
2 answers

X64 Disassemblers IDA and WINDBG. IDA doesnt show x64 opcodes

So i just started learning WINDBG, upgrading from ollydbg to 64bit. and while studying something weird happed: on WINDBG i see all the RXX Registers and opcodes while on IDA i still see the EXX opcodes while debugging the same EXE (notepad.exe for…
Frustrated
  • 13
  • 4
0
votes
1 answer

why this assembly piece of code do jmp forever

I wrote the code , but I don't know why it prompts from user forever, indeed it never ends unless pressing an Enter without giving any number . This the code : output prompt1; inputs number,16 ; atoi number ; mov max,ax ; mov cx ,…
user3679015
  • 61
  • 1
  • 7
0
votes
1 answer

IAR Workbench - How to get the file name and its path of the code appears in dis-assembly window?

While debugging an issue with IAR workbench, I could see the current PC points in the assembly code. I need to edit the same code but I'm not able to locate the file location. This is a start-up file whihc IAR automatically includes. There are many…
user3214692
  • 51
  • 6
1 2 3
99 100