disassembly

问题 What does the "SHORT" mean in this code? JE SHORT 00013FB8 回答1: Short jumps (and near calls) are jumps whos target is in the same module(they are intramodular, however it is possible to get intermodular variants from certain hacks), they are most commonly up to 127 bytes of relative displacement(they change the flow of execution forward or backward from the address of the instruction), however there are 16bit variants offering 32k bytes. You don't really need to worry about it much, its

问题 I need a tool to decompile obfuscated .NET code. Yes, I know about Reflector and its plugins (FileDisassemble, FileGenerator). But they create VS project which won't compile. For an example the decompiled code contains: private sealed class d__0 : IEnumerator, IEnumerator, IDisposable { private int <>1__state; private int <>2__current; I need a tool which could rename automatically such name into readable (read "compilable") form. Thnx. 回答1: Salamander .NET Decompiler Xenocode Fox 回答2: I've

问题 I've compiled the following using Visual Studio C++ 2008 SP1, x64 C++ compiler: I'm curious, why did compiler add those nop instructions after those call s? PS1. I would understand that the 2nd and 3rd nop s would be to align the code on a 4 byte margin, but the 1st nop breaks that assumption. PS2. The C++ code that was compiled had no loops or special optimization stuff in it: CTestDlg::CTestDlg(CWnd* pParent /*=NULL*/) : CDialog(CTestDlg::IDD, pParent) { m_hIcon = AfxGetApp()->LoadIcon(IDR

问题 Im using aarch64-linux-gnu-objdump to disassemble part of a program for ARM v8. It works well for V8 64 bit instructions, but fails when the mode is changed to V7 instruction set(A32) - the code starts as V8 instruction set, switches to A32 ( AArch32 execution state) and than to T32 - thumb instruction set. how can I disassemble the A32 and T32 instructions? Do I need to break the code to parts when the mode switches, so that i have separate instruction mode blocks? any help would be

问题 This question already has an answer here : Why is the address of static variables relative to the Instruction Pointer? (1 answer) Closed last year . I found the following assembly code in disassembler (floating point logic c++). 842: movss 0x21a(%rip),%xmm0 I understand that when process rip will allways be 842 and this 0x21a(%rip) will be const. It seems a little odd to use this register. I want to know is there any advantage of using rip relative address, instead other addressing. 回答1: RIP

问题 I was told to use a disassembler. Does gcc have anything built in? What is the easiest way to do this? 回答1: I don't think gcc has a flag for it, since it's primarily a compiler, but another of the GNU development tools does. objdump takes a -d / --disassemble flag: $ objdump -d /path/to/binary The disassembly looks like this: 080483b4 <main>: 80483b4: 8d 4c 24 04 lea 0x4(%esp),%ecx 80483b8: 83 e4 f0 and $0xfffffff0,%esp 80483bb: ff 71 fc pushl -0x4(%ecx) 80483be: 55 push %ebp 80483bf: 89 e5

问题 I am porting Quake 2's inline Win32 assembly to GAS. I started out by taking the inline assembly and then placing it into it's own ASM file. Fixed any issues, then started porting to GAS. I do know that the src/dst is reversed in AT&T vs Intel syntax (including floating point registers for some math operations) and a few other small gotchas, but when I got this compiling fine I noticed that the code was not working as intended. I looked over it carefully for hours with a compare utility and

问题 I'm trying to get to the bottom of an annoying problem with EventViewer, so I've hooked up an instance of VS (2013) to mmc.exe and breaking on exceptions. VS only gives me the disassembly, even though it's pointing at System.IO.Path.CheckInvalidPathChars(string) , and the Modules window says that mscorlib.dll (2.0) is loaded with the symbol file (twice, as it happens, once in DefaultDomain, and once in EventViewer domain). Failing that, could anyone help me work out what the offending Path is

问题 I'd like to get a solid understanding of the low level process for representing and running a program. I've decided to do this by writing a program to parse and display object file information (headers, sections, etc.). I've nearly finished this part. A natural extension is to decompile the remaining relevant data into assembly instructions. Initially, I'll focus on x86. Where can I find resources related to this decompilation (binary -> ASM)? I've read that x86 has a one to one

问题 Assembling the following code on macOS: global start default rel section .text start: lea rdx, [buffer + 0] lea rdx, [buffer + 1] lea rdx, [buffer + 2] lea rdx, [buffer + 3] lea rdx, [buffer + 4] lea rdx, [buffer + 5] lea rdx, [buffer + 6] lea rdx, [buffer + 7] lea rdx, [buffer + 8] section .data buffer: db 0,0,0 using the command nasm -fmacho64 -w+all test.asm -o test.o , yields: (with gobjdump -d test.o ) 0000000000000000 <start>: 0: 48 8d 15 38 00 00 00 lea 0x38(%rip),%rdx # 3f <buffer> 7: