Skip to main content
The 2024 Developer Survey results are live! See the results

Questions tagged [disassembly]

Ask Question

Involves turning "compiled" code (such as machine code, byte code or IR code) back in higher-level assembly mnemonics.

disassembly
1,668 questions
Newest Active Bountied Unanswered
0 votes
0 answers
5 views

It's there any way to get the thumbnail from the sai2 file?

For example, you can use some means to parse psd files and export them into image files, but how does PaintTool SAI2 get thumbnail? I tried x64dbg and IDA Pro to debug sai2.exe and got the folder C:\...
WerewolfwolfyXD's user avatar
WerewolfwolfyXD
  • 1
0 votes
0 answers
106 views

How to find memory address of a function which isn't called in main, but declared and defined outside main in gdb

tl,tr: Find memory address of an uncalled function, without having source code(or having function name) in gdb. Issue: given a source code given to me, which looks like this: #include<stdio.h> ...
nastya's user avatar
nastya
  • 1
0 votes
1 answer
31 views

Listing imported functions from a Windows PE file

I am trying to recover the imported functions from a PE file. The code looks for call instructions in the disassembled .text section and then checks the call destination address against the function ...
Stephen O'Shaughnessy's user avatar
Stephen O'Shaughnessy
  • 1
1 vote
1 answer
78 views

Exposing what the compiler does for passing to a reference vs to a const reference

Compiling the code shown below, and examining the disassembly (objdump -DSs a.out > a.dis), I am unable to see any difference in what happens for invoking fun_ref(T &) and fun_const_ref(const T ...
user1823664's user avatar
user1823664
  • 1,083
0 votes
0 answers
35 views

Recover a corrupted pickle file

I have a corrupted pickle file. I follow this to try to recover my file: how to read corrupted pickle file I read and try to understand how the file work to complete the file and as a result, I ...
Sơn Hoàng's user avatar
Sơn Hoàng
  • 31
0 votes
0 answers
21 views

how to add an additional dll to an exe file and force it to use

I have an exe file in which I want to make some corrections to the binary code, but I want to do this not just by editing bytes but by using an additional dll, which should patch the current ...
VeryDobro's user avatar
VeryDobro
  • 1
0 votes
0 answers
24 views

Iaito dissasembler shows invalid instructions

I am using iaito (official graphical interface for radare2) dissasembler here is an example instruction 0x1400371d4 xor cl, cl 0x1400371d6 invalid 0x1400371d7 shl eax, ...
Letrea's user avatar
Letrea
  • 1
0 votes
0 answers
29 views

Which tools to decompile extracted raw MIPS code

I have the extracted firmware image (image.out). It is a raw MIPS machine code, which is loaded at RAM address 0x80004000 The file contains binary data and readable text strings. I want decompile it, ...
Lexx Luxx's user avatar
Lexx Luxx
  • 272
3 votes
0 answers
47 views

Strange behaviour of Capstone disassembler when running a simple example

I played with Capstone disassembler and found strange behaviour. I created a simple program, which takes notepad.exe (x86-64 PE), disassembles its .text section and prints the disassembly line by line....
nomad's user avatar
nomad
  • 91
0 votes
0 answers
91 views

How to turn C Code into Assembly Code that a dissasembler would produce, using GCC?

I want to learn Assembly so I can reverse engineer disassembled Programs eventualy. I figured it would be best to learn C with Assembly side by side. I know now that there are different stages ...
bangingmyheadontable's user avatar
bangingmyheadontable
  • 53
0 votes
1 answer
32 views

llvm-objdump equivalent of aarch64-none-linux-gnu-objdump

Suppose I put four bytes into a file and then disassemble it using the GNU toolchain: -bash$ echo -en '\x1f\x20\x03\xd5' > ./myFile -bash$ aarch64-none-linux-gnu-objdump -m AARCH64 -b binary -D ./...
Lance E.T. Compte's user avatar
Lance E.T. Compte
  • 1,054
1 vote
1 answer
54 views

Linux kernel printk disassemble

This is in continuation of an existing SO post here. I have the following function in a dummy kernel module for x86_64 platform. static void dummy_function_1(int arg1, char arg2) { printk(...
Naveen's user avatar
Naveen
  • 8,104
0 votes
0 answers
40 views

How landing pad offset and action index can both be 0?

So, I am doing my own personality function (because I can). In this function, I am parsing a call site table. Each record has four fields - callsite offset, callsite length, landing pad offset and ...
tntnkn's user avatar
tntnkn
  • 113
0 votes
0 answers
57 views

How can an address that receives bytes through movs transfer bytes to another address that receives bytes through movups

Memory Viewer I need to assign the value of the upper address to the lower one, but they have different commands, the first one has movups, and the second one has movss I have this code in an auto-AOB ...
Knifick's user avatar
Knifick
  • 5
0 votes
1 answer
192 views

Extracting opcodes from arm64 (ARMv8.5-A) instructions

I need do come up with some wildcards to match certain instructions. For instance, on x86, to match most CALL instructions the following pattern will suffice: E8 ?? ?? ?? ?? where E8 is the opcode ...
IRP_HANDLER's user avatar
IRP_HANDLER
  • 171

15 30 50 per page
1
2 3 4 5
112