Questions tagged [disassembly]

Involves turning "compiled" code (such as machine code, byte code or IR code) back in higher-level assembly mnemonics.

Disassembly is the process for turning a binary form back into its higher-level counterpart so that it can be inspected or altered in a human-readable form.

This is normally done with the aid of a disassembler, some notable examples being:

IDA
Ollydbg

1640 questions

votes

1 answer

Different way to write LDRB

So I'm writing up some ARM code, and we were told to disassemble a program, and then recode it using what we know. The problem is I keep coming across as LDRB command, of which I know nothing about. Going through the ARM documentation, it seems to…

assembly arm disassembly

asked Jul 25 '14 at 18:05

user3294283

votes

1 answer

how to compare 2 version of dll's and find the modified methods

Note: I don't have pdb files for those dll's. I tried to compare the dll's using " Mono.Cecil" but was able to succeed in comparing the method signature only. Is there a way to compare the method body and find the modified methods.

mono.cecil disassembly

asked Jul 23 '14 at 13:41

Abhi

votes

0 answers

GDB disassembly different on exec to remote after load - not loading correctly?

I have an .out file compiled with arm-none-eabi-gcc -mtune=cortex-m3 --specs=nosys.specs. If I run GDB with arm-none-eabi-gdb a.out and do disas main on the exec I get a reasonably looking disassembly, that closely resembles the C for such a simple…

gdb remote-debugging disassembly segger-jlink

asked Jul 14 '14 at 16:35

OJFord

10,522
8
64
98

votes

0 answers

Disassembly or run-time function address?

I have a simple program written in C which outputs the memory address of a specific function. When running this program, the output is: 0x00401334. Going to that memory location with a real-time memory editor and disassembler I can prove the…

x86 disassembly

asked Jul 12 '14 at 15:02

cdonts

9,304
4
46
72

votes

1 answer

C++ compiler function call

Why compiler put so much commands before function call (look at the link below)? As I understand, it should pass only function parameters before call. struct A{ int c = 5; void test(unsigned int a){ a++; c++; } }; struct C{ int k =2; A…

c++ gcc asmx disassembly

asked Jun 20 '14 at 18:32

tower120

5,007
6
40
88

votes

1 answer

Read Time Out process

Kindly answer this ildasm screenshot .mresource public LinkDev.BSolutions.ExchangeValidationLib.ExchangeValidationTemplate.html I am trying to access this resource from my code: Stream templateStream =…

c# timeout embedded-resource disassembly

asked Jun 04 '14 at 09:53

Mona Amin

votes

1 answer

What is meaning of write at zero after method call?

I've got a sigfault inside a shared library. There is a stack trace. (_bad_func+0x3dd) Function definition is: 000000000008b030 <_bad_func>: I found the problem place (0x08b950 + 0x3dd => 0x8bd2d) and get puzzled. 8bd23: bf 03 00 00 00 …

gcc assembly intel disassembly

asked May 21 '14 at 10:30

Daniil Iaitskov

5,525
8
39
49

votes

2 answers

Need Help in C++ Disasm

I do some C++ disassembling with IDA Pro. But I often see lines likes these. call __ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc ;std::operator<<>(std::basic_ostream> &,char …

c++ reverse-engineering disassembly ida

asked May 09 '14 at 23:21

jarCrack

votes

0 answers

which function is this jmpq line calling? how to figure out?

what does the line jmpq 400a06 mean? I know there is a shared library function called, but how can i figure out which function?

assembly reverse-engineering disassembly att

asked May 02 '14 at 10:55

user2798943

votes

1 answer

Why I can not directly get the content of `.bss` section?

Test is on Linux 32bit. I use this command to get the context of .text .rodata and .data section: objdump -s -j .text elf_binary objdump -s -j .rodata elf_binary objdump -s -j .data elf_binary But basically when I tried to use this to get the…

binary elf disassembly

asked May 01 '14 at 21:40

lllllllllllll

8,519
9
45
80

votes

0 answers

Does the compiler provides extra stack space for byte-spilling?

From the sample code below which I got here, I don't understand why the value of registers are move to specific part in stack when byte-spilling is performed. pushq %rbp movq %rsp, %rbp subq $96, %rsp …

compiler-construction disassembly

asked Apr 30 '14 at 11:50

acegs

2,621
1
22
31

votes

1 answer

C Function Call Convention: Why movl instead of pushl?

I don't understand why the following lines are using movl to push data below the stack pointer are produced by GCC. movl -4(%ebp), %eax # -4(%ebp) <- local variable 1 movl 8(%ebp), %edx # 8(%ebp) <- first parameter movl %edx,…

assembly x86 32-bit disassembly gnu-assembler

asked Apr 26 '14 at 10:32

miho

11,765
7
42
85

votes

1 answer

% meaning in disassemblen programs

According to internet's tutorials, when i disassemble a program, i should see code like this: (c hello world) 0x8048384 push ebp 0x8048385 mov ebp,esp 0x8048387 sub esp,0x8 0x804838a …

assembly disassembly

asked Apr 23 '14 at 19:22

Ginterhauser

votes

1 answer

disassembly issue: wrong result

I want to disassemble a very simple row binary code (.com file) with nasm but the output is not what i expected.the main code is: mov ax,4 push ax mov ax,7 push 9 but the output in nasm is: (and i also tried to use IDA Pro and it was the…

nasm binaryfiles disassembly

asked Apr 21 '14 at 19:29

Iman Kianrostami

votes

0 answers

Machine code address of call function translates to another address when viewing in disassembly and actually being executed. Why?

I was playing with a shellcode example and put some code on the stack. Here is a relevant fragment from it, as seen in the memory view of VS2013: Memory view: 0x0018FEB4 90 90 90 83 ec 28 eb 0b e8 66 2a 1a 75 50 e8 9d 80 18 75 Now, when I see the…

memory x86 memory-address native-code disassembly

asked Apr 20 '14 at 15:30

octo

Prev 1 2 3

…

100 Next