Questions tagged [disassembly]

Involves turning "compiled" code (such as machine code, byte code or IR code) back in higher-level assembly mnemonics.

Disassembly is the process for turning a binary form back into its higher-level counterpart so that it can be inspected or altered in a human-readable form.

This is normally done with the aid of a disassembler, some notable examples being:

IDA
Ollydbg

1640 questions

votes

1 answer

Understanding JMP Codes in Assembly

Iv'e just recently scratched the surface of assembly language and debugging. I have the following code: Address Hex dump Command Comments 006E3689 . E8 C5F9FFFF CALL 006E3053 ->006E368E E9 …

asked Nov 13 '14 at 00:28

Brent Aureli

votes

2 answers

What does this bsr.l instruction do?

I'm playing with coldfire disassembler and find out this piece of code: loc_F7E: bsr.l loc_F7E+2 lea 12(sp),sp pea (284).w clr.l -(sp) move.l a6,d0 addi.l #-636,d0 move.l d0,-(sp) loc_F98: bsr.l loc_F98+2 lea…

assembly 68000 disassembly coldfire

asked Nov 12 '14 at 22:19

Michel Boaventura

votes

1 answer

Unable to analyze the nature of the function in a given memory location

I'm trying to analyze malware in an executable. I'm trying to analyze the nature of the function at the subroutine sub_401040. When I ran it in IDA Pro, I got assembly code that looks something like the one that is posted below. However, I'm a bit…

malware disassembly ida

asked Oct 31 '14 at 21:17

ramu ranga

votes

1 answer

Can different file extension executables be disassembled into the same instruction set OpCode?

This is a question from someone clueless about disassembly and decompiling in general, so bear with me. I am curious to know if executable file extensions (for example, listed in http://pcsupport.about.com/od/tipstricks/a/execfileext.htm ) can be…

executable executable-jar decompiler disassembly opcode

asked Oct 23 '14 at 18:16

jeffrey

3,196
7
26
44

votes

0 answers

Change variable in EXE or DLL

I have a problem with a program which starts with one variable set to true by default. I need change this variable to false (so the program will start with this variable set to false). It is one EXE file with one DLL. Could you help me? I have…

dll exe reverse-engineering disassembly

asked Oct 02 '14 at 19:55

Zooltan

votes

1 answer

Know size of class at runtime

I have the linux CPP compiled binary. Based on class(symbol) name, how can I know the size of symbol at runtime, memory it would occupy; Using any disassembly tool? Or any other methods? (It may be pointing to extra heap memory which is not my…

c++ linux disassembly

asked Sep 30 '14 at 08:16

TorukMakto

2,066
2
24
38

votes

2 answers

assembly x86 machine code meaning for 00

I was wondering what the machine code 00 means? Also, I sometimes see machine code 08 appear in a procedure. What does 08 mean? 08048413

: 8048413: 55 push %ebp #save frame pointer 8048414: 89 e5 …

assembly x86 disassembly objdump instruction-encoding

asked Sep 29 '14 at 07:14

delgeezee

votes

1 answer

Is there a way to export asm file which is unhide all items from IDA Pro

I want to get an asm file which was dissassembled using IDA Pro and use scripts to make lots of asm files at once. I tried two ways to get asm file first one was with idapython: idc.GenerateFile(idc.OFILE_ASM, idc.GetInputFile()+".asm", 0,…

disassembly ida

asked Sep 28 '14 at 02:39

Exiling

votes

0 answers

ARM disassemble+ Crash at ldmge r1!, {r4, r5, r6, r7, r8, r9, r10, r11}

I found a crash in memcpy() function, which gets called from one of 802.11n specific aggregation function in wifi driver. From the core analysis, the crash point is mentioned below, 0x012014f8 : ldmge r1!, {r4, r5, r6, r7, r8, r9, r10,…

crash arm disassembly

asked Sep 23 '14 at 10:30

Anil

votes

1 answer

assembler 68K symbol '!' in source operand

How to interpret assembly 68K instruction: MOVE.W #5100!$13ec,-(A7) What is a meaning of symbol '!' between decimal 5100 and hexadecimal 13ec. I have noticed that 5100 is equal to $13ec.

disassembly

asked Sep 08 '14 at 20:46

Vlad

votes

0 answers

How to change an assembly attribute of a third-party dll file?

I have a .NET project that refuses to be built in VS2013 because of a referenced library. The problematic library has culture attribute set to neutral. This causes the following error: Invalid argument. Culture is not supported. Parameter name:…

.net dll culture disassembly

asked Aug 19 '14 at 10:53

Limbo Exile

1,321
2
21
41

votes

1 answer

call to another function in a dll causes access violation

okay so I'm starting to realize that dll arn't the simplest of things to understand, I'm trying to make a dll which is VC6 compatible, I got some code working in VS2010 but in trying to work out how to get that code to work for a VC6 project I've…

c++ dll access-violation disassembly

asked Aug 18 '14 at 09:42

Perry Ward

votes

1 answer

track every system and external library call on an OS X app

I want to examine every system and external library call of a given application, together with the data structures that are passed around. (The application in question is some kind of packaged software based on OpenSSL and around OS X keychain, and…

macos keychain private-key disassembly dtrace

asked Aug 01 '14 at 21:14

cnst

25,870
6
90
122

votes

1 answer

Unknown module in OllyDbg 2.01 "Assemble" command

I'm disassembly a crack-me and I want to replace an empty space with the WINAPI SetDlgItemText() which takes three parameters. I successfully added the three "push" instruction but when I try to assemble call OllyDbg…

assembly disassembly ollydbg

asked Jul 31 '14 at 21:09

incud

votes

1 answer

Instruction disassembler ARM. [ARM/Thumb mode]

I would like to ask you how to determine in which ISA (ARM/Thumb/Thumb-2) an instruction is encoded? First of all, I tried to do it following the instructions here (section 4.5.5). However, when I use readelf -s ./arm_binary, and arm_binary was…

arm disassembly

asked Jul 29 '14 at 14:00

user1358552

Prev 1 2 3

…

99 100 Next