disassembly

问题 This question already has answers here : What methods can be used to efficiently extend instruction length on modern x86? (4 answers) How do GNU assembler x86 instruction suffixes like “.s” in “mov.s” work? (1 answer) How to disassemble, modify and then reassemble a Linux executable? (8 answers) Closed last year . Yesterday, I got caught a problem on re-asselembling the disassembly. My experiment was like below. : 1. Disassemble binary_A into A.s 2. Re-assemble A.s into binary_A' I expected

问题 How can I see the disassembled version of the executable (eg. a.out) of a C++ program on Mac OSx? 回答1: It's not exactly what you're asking for, but g++ -S produces assembly from source code and can be expected to be more readable than a disassembled version. If you can't recompile with -S (e.g. no source code), then gdb lets you disassemble, as does objdump --disassemble . Depends what you've installed. See also: https://superuser.com/questions/206547/how-can-i-install-objdump-on-mac-os-x 回答2

问题 My first question here, hopefully I'm not doing it wrong. My problem is that I have a certain old DOS program which has quite much hacked the file format to the extreme to save space. (Yes, it's a demoscene prod for those who know.) Objdump doesn't want to help me with it; quick Googling yielded no real results for the problem and the manpage doesn't seem too generous in this regard either. There are others yes, like lida. However, for some reason I couldn't get lida to work; I believe there

问题 I'm having a hard time trying to (Dis)assemble a dll using the Visual Studio command prompt, don't look that simple as I see in the microsoft page. I'm using the ildasm for these way: ildasm myLibrary.dll output:MyLibrary.il And I get: Unable to open 'MyLibrary.il' for output. I also tried the full path: ildasm directory\myLibrary.dll output:directory\MyLibrary.il And I get: MULTIPLE INPUT FILES SPECIFIED Using the ildasm GUI actually works, but when I use the ilasm: ilasm myLibrary.il /dll I

问题 After being able to determine call stack successfully (in my previous questions) - I was bit puzzled with opengl drivers. KERNELBASE.dll GlobalAlloc (00007FF995B09643) nvoglv64.DLL DrvPresentBuffers (0000000054F22747) nvoglv64.DLL DrvPresentBuffers (0000000054F20893) nvoglv64.DLL DrvPresentBuffers (0000000054F221B2) nvoglv64.DLL (0000000054A6D79A) nvoglv64.DLL (0000000054BA478A) nvoglv64.DLL (0000000054BA60B5) myown.dll my own source code(line) (00007FF96CCB6B73) What I've briefly analyzed -

问题 I don't understand why the following lines are using movl to push data below the stack pointer are produced by GCC. movl -4(%ebp), %eax # -4(%ebp) <- local variable 1 movl 8(%ebp), %edx # 8(%ebp) <- first parameter movl %edx, 8(%esp) # ??? WHY NOT: pushl %edx movl %eax, 4(%esp) # ??? WHY NOT: pushl %eax movl -8(%ebp), %eax # ??? WHY NOT: pushl -8(%ebp) movl %eax, (%esp) call athena movl %eax, f (full code) I guess this code tries to push 3 parameters for the function call. But why isn't it

问题 This question already has answers here : How to read the Intel Opcode notation (3 answers) Closed 12 months ago . How can I determine what an array of bytes will translate into in machine code? I understand that if I see 0f at the start it's a 2 byte instruction, but I see other prefixes and in some disassembly in my x64 debugger I see weird interactions like 48 83 C4 38 and I can see on the opcode reference that 48 says the operand is 64 bytes. But 83 says it can be 7 different instructions

问题 I have a bit of strange question. If I use objdump -d for disassembling an ARM binary it can resolve the function (system library) names of branch instructions e.g.: 8404: e581e000 str lr, [r1] 8408: e59f0028 ldr r0, [pc, #40] ; 8438 <address_of_message1> 840c: ebffffc1 bl 8318 <printf@plt> 8410: e59f0028 ldr r0, [pc, #40] ; 8440 <address_of_scan_pattern> 8414: e59f1028 ldr r1, [pc, #40] ; 8444 <address_of_read> 8418: ebffffc4 bl 8330 <scanf@plt> 841c: e59f0018 ldr r0, [pc, #24] ; 843c

问题 The problem exists at 017D0B5F call eax : 017D0B56 mov esi,esp 017D0B58 mov edx,dword ptr [ebp-20h] 017D0B5B push edx 017D0B5C mov eax,dword ptr [ecx+8] 017D0B5F call eax 017D0B61 cmp esi,esp 017D0B63 call @ILT+2525(__RTC_CheckEsp) (17C49E2h) 017D0B68 cmp dword ptr [ebp-2Ch],0 017D0B6C je CSourceStream::DoBufferProcessingLoop+10Ah (17D0B8Ah) 017D0B6E mov eax,dword ptr [ebp-2Ch] 017D0B71 push eax 017D0B72 push offset string "Deliver() returned %08x; stoppin"... (17F7278h) Here's the

问题 I'm an IOS developer and I know objective C. I wanna to create a stand alone mac app whose sole functionality is to patch another app available in same mac. Lets say I have an app called X in my applications folder. This app X has some undesired behaviour. So I tried to modify this behaviour. I analysed the app's executable with the help of Hopper disassembler, I came to know that I have to change assembly instructions starting at 00000001003e3790 . I changed those assembly instructions and