![]() ![]() The left side shows a kind of button bar that lets you select different items in the left-hand navigation pane. Since the PE file format Windows uses has some information in it, the disassembler knows about some symbols and segments. Once you have the executable in hand, you can upload it to the disassembler using the File menu (use the Upload item, of course). If you want a more realistic example, the web site has a menu where you can pick several examples, but they are much more complex. Don’t forget, if we really wanted to see what the compiler was generating, we could just ask it. In addition, the disassembler can pull information out of the executable file that helps it do things like segregate code and data. Of course, this is cheating because we already know too much about the code for it to be a fair test. I compiled this to an executable using GCC under Cygwin. Just to get a taste of how the tool works, have a look at this simple program: #include You can even collaborate with others, which would be really handy when working on a large project. Even better, you can interactively give it some hints about the subject code and it will improve the results. But this online version does a lot of smart analysis and provides hyperlinked cross-references. In the old days, a disassembler just generated a lot of output in a file or a print out. However, there is a very interesting online tool that can handle a lot of different architectures. Be prepared to do a lot of detective work in most cases.Įxactly what tool you use will depend on what CPU architecture you want to work with. But it isn’t easy, especially for anything nontrivial. The real value of a disassembler is when you don’t have the source code. If you use a high-level language and you want to check your compiler output, you can easily have the compiler provide assembly language output (see below). The disassembly can’t recover things like variable names, some function names, and - of course - comments. If you are coding your own program in assembly, a disassembler isn’t usually necessary. The transition points between data and code can also be tricky. ![]() The disassembler can’t always figure out the difference between code and data, for example. This is nothing more than a program that converts numeric machine code into symbolic instructions. That was hard to do even when CPUs only had a handful of instructions.Ī more practical approach is to use a tool called a disassembler. If you want to impress everyone, you’ll just read through the hex code (well, the really tough old birds will read it in binary). If you aren’t very organized, it might even be your own - source code does get lost. If you really want to hack software, you are going to face a time when you have to take apart someone’s machine code. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |