disassembly

问题 Say I do: #!/usr/bin/env python # encoding: utf-8 class A(object): pass Now I disassemble it: python -m dis test0.py 4 0 LOAD_CONST 0 ('A') 3 LOAD_NAME 0 (object) 6 BUILD_TUPLE 1 9 LOAD_CONST 1 (<code object A at 0x1004ebb30, file "test0.py", line 4>) 12 MAKE_FUNCTION 0 15 CALL_FUNCTION 0 18 BUILD_CLASS 19 STORE_NAME 1 (A) 22 LOAD_CONST 2 (None) 25 RETURN_VALUE Now I add some statements in the class definition: #!/usr/bin/env python # encoding: utf-8 class A(object): print 'hello' 1+1 pass

问题 In a disassembled program I'm analyzing, I found the command sar %eax What does this do? I know that sar with two arguments performs a right shift, but I can't find what it means with only one parameter. This program was compiled for an Intel x86 processor. 回答1: Looks like the dissembler used short-hand for SAR EAX,1 which has an opcode of 0xD1F8 . when the immediate is not 1, aka SAR EAX,xx , the opcode is 0xC1F8 xx , see the Intel Instruction reference, Vol. 2B, 4-353. 回答2: When there is

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 3 years ago . Does anyone know a decent tool that will compare two different versions of the same dll and extract the differences? thanks 回答1: Reflector has a Diff tool. Note: Reflector is now paid software. 回答2: dotPeek from JetBrains can also be used. It is also free. Open the assembly up in dotPeek Select the assembly File

问题 Can I disassemble a flat binary file using objdump? I'm familiar with disassembling a structured binary executable such as an ELF file using: objdump -d file.elf But if I have a flat binary file that I know is supposed to be loaded at, e.g., address 0xabcd1000, can I ask objdump to disassemble it? I tried supplying options such as '--start-address=0xabcd1000' but objdump just states that it doesn't recognize the format. I have other ideas about how to disassemble the file but I wanted to know

问题 I am in need to debug bouncing ball virus (note that it is written in win16 asm) to finish my essay. Attempting to use GDB but it said: not in executable format. File format unrecognized. My problem is: Is it possible to use GDB to finish that? If yes, what should I do? If no, what else debugger can I use besides the Win's debug.exe? 来源： https://stackoverflow.com/questions/10999988/how-can-i-disassembly-win16-with-gdb

问题 I have been reading through the following series of articles: http://www.altdevblogaday.com/2011/11/09/a-low-level-curriculum-for-c-and-c The disassembled code shown and the disassembled code I am managing to produce whilst running the same code vary quite significantly and I lack the understanding to explain the differences. Is there anyone that can step through it line by line and perhaps explain what it's doing at each step ? I get the feeling from the searching around I have done that the

问题 Size contains the number 86. var_10= dword ptr -10h var_C= dword ptr -0Ch size= dword ptr 8 push ebp mov ebp, esp sub esp, 28h mov eax, [ebp+size] mov [esp], eax ; size call _malloc mov ds:x, eax mov [ebp+var_C], 0 jmp short loc_804889E loc_804889E: ~~~~~~~~~~~~~~~~~~~~~ mov eax, [ebp+size] sub eax, 1 cmp eax, [ebp+var_C] jg short loc_8048887 loc_8048887: ~~~~~~~~~~~~~~~~~~~~~ mov edx, ds:x mov eax, [ebp+var_C] add edx, eax mov eax, [ebp+var_C] add eax, 16h mov [edx], al add [ebp+var_C], 1 I

问题 I need some help understanding why GCC is doing main: pushl %ebp movl %esp, %ebp andl $-16, %esp # ??? subl $48, %esp # ??? movl $8, 16(%esp) movl $4, 20(%esp) Why does it first subtract 16 and then subtract 48 again? Wouldn't it be easier to do subl $64, %esp ? 回答1: andl $-16, %esp # ??? The above line is not subtracting 16 from esp but to align it to 16 byte boundary. While the following one is to subtract, mostly for reserving some space on the stack. subl $48, %esp # ??? 来源： https:/

问题 Let's say i released the application below. using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; namespace WindowsFormsApplication2 { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { MessageBox.Show("Hello World!","Message Box"); } } } Now here is my

问题 I've set up a hello world program just for testing my riscv32-unknown-elf toolchain, spike , pk etc. Though I managed to get the hello world printed using spike --isa=RV32 pk hello.elf , I found out that if I added the -d flag for debugging, I was given following instructions (a section of the whole): core 0: 0x0000000000001000 (0x7ffff297) auipc t0, 0x7ffff : core 0: 0x0000000000001004 (0x00028067) jr t0 : core 0: 0xffffffff80000000 (0x1b00006f) j pc + 0x1b0 : core 0: 0xffffffff800001b0