Dis Assembly

Program-Transformation.Org: The Program Transformation Wiki

Disassembly

Disassembly is the process of translating an executable program into its equivalent assembly representation. The greatest problem with disassembling is determining what is code (instructions) and what is data, as both are represented in the same way in current machines. Further, disassembly is equivalent to the Halting Problem and hence cannot be fully automated for all input programs.

This page contains information about various commercial, shareware and freeware disassemblers, and tools for building disassemblers.

Because of the relative immaturity of machine code decompilation, it is presently the case that for large, commercial reverse engineering projects, a good disassembler is probably a better option than a decompiler.

  • IDA Pro. Generally agreed as the most powerful disassembler. See IDAPro.

  • Borg is a freeware disassembler for Windows 32-bit binaries. See BorgDisassembler.

  • Object file converter is an open source tool which can disassemble COFF, PE, ELF, OMF and Mach-O files for x86 and x86-64 systems. Supports SSE4 instruction set. Reports syntax errors and suboptimal instruction codes. Source code is portable to all systems. It can also be used for converting object files between different formats and as a cross-platform library manager.

  • MacNosy is a disassembler for Mac (68K and PowerPC) applications, resource files or ROM.

  • Lida (Linux Interactive DisAssembler) is a 6 pass disassembler with some cryptanalysis and resistance against corrupt ELF sections and the like. Features include cross references, string references, add/rename labels and pointers, search, syntax highlighting, high speed.

  • XDASM: Universal Cross Disassembler. This is a commercial disassembler for a large number of 8/16 bit processors (except anything higher than 386). This disassembler uses processor description to do its work, which means you can add your own processor descriptions. Was US$249, now US$99 if you print your own manual.

  • PE Explorer Disassembler achieves most of the power of IDA Pro, while requiring less skill or knowledge, by automating more of the disassembly process. The PE Explorer disassembler assumes that some manual editing of the reproduced code will be needed. A 30 day free trial is available. See PEExplorer.

  • MFVDasm is commercial software (US$100 as of December 2001) for Windows. It disassembles many PC format files, and uses a web-browser like GUI interface. A 7 day free trial is available.

  • VXDasm is a visual relocatable disassembler for Windows device drivers. A demo version is downloadable from the VXDasm home page.

  • Bastard is an open source disassembler hosted on Sourceforge. From the web page: "The bastard currently runs on x86 Linux and FreeBSD [CVS version]. It can disassemble x86 ELF, a.out, and PE files as well as flat binary files [.com, .bin]. Future releases will support additional file formats and CPU architectures." The libdisasm library is available separately (X86 only).

  • TC source for 486 code stream disassembler: These Turbo C sources are written by Robin Hilliard and are under the GNU license. As far as we know, no automatic detection system for code and data is included. (Dated: 4-20-93.)

  • obj2asm TC Source for intelligent .OBJ disassembler. This is not a disassembler of EXE or COM files, but of OBJ files, which are sometimes distributed in LIB files, without the original code. Because of the nature of the OBJ files, a far more accurate disassembling can be done, with even some of the original names of procedures and (global) variables. Sources are provided under the GNU license. This is also from Robin Hilliard. (Dated: 4-20-93.)

  • Duncan Murdoch maintains a page with programs for dumping the various Turbo Pascal Unit (TPU) files, as well as various other disassembly related programs.

  • AMSGEN is a disassembler written by J. Gersbach and J. Damke. (Appears to be freeware.) It is automatic detection of code and data, but extra information can be provided in a .SEQ file. ASMGSQ is a .SEQ file generator. The program has been throughly tested on correctness. A test procedure is included in the distribution. (Dated: 11-23-90.) Download from SimTel.

  • Bubble is a disassembler program with automatic detection of code and data fragments, but can also be used interactively. (Dated: 3-12-92.) Download from SimTel. (Address updated 07 Jun 2004 by Trash.BG1)

  • DIS86 is more like a step-by-step debugger, with built in disassembler. You can walk through the code, call subroutines, and return. It keeps some track of the contents of the registers, but not much. You can add your own labels. Does not have an automatic detection of code and data. Written by James R. van Zandt. (Dated: 1-1-79.) Download from SimTel.

  • nm - print symbol name list (Unix command). nm prints the name list (symbol table) of each object filename in the argument list. If an argument is an archive, a listing for each object file in the archive will be produced. If no filename is given, the symbols in a.out are listed.

  • RosAsm is primarily an assembler, but it claims to have a "two click disassembly" feature. I haven't tried it, but it sounds interesting. The claim is that most small and some medium sized programs can be modified.

  • Dispe is a Japanese disassembler for Windows PE programs. It attempts to structure the output slightly, giving it a slight decompiler flavour. I find that Babelfish translates the page better than Google. There appears to be a freely downloadable Windows binary on the web page.

Possibly obsolete products

  • WDASM 1.7b: Windows Disassembler Program. This is a shareware Windows program for disassembling Windows 3.1 programs, written by Eric Grass. It also includes a program called hilevel, which can transform the assembler output in a structured assembler format, including definition of procedures, local variables, and if-macro sections (it is also mentioned in the Free Compilers list.) Was at http://www.leo.org/pub/comp/os/windows/win3.11/programming/asm/index.html .

  • ASM Trace is the disassembler by Tels of ASM Edit. The author wrote it because he was not happy with Sourcer. He has discontinued work on ASM Trace a while ago. Was at http://www.bloodgate.com .

  • Unasource. The current release of Unasource is v0.3d which is described by its author, Francisco Javier Felix, as a little disassembler for .com and .sys pentium binaries. Unasource is a straight line disassembler for DOS binaries. The long term goal for unasource is to be a full decompiler that generates C, Cobol, Visual Basic and other source codes. At present, it is a disassembler. Was at http://www.ctv.es/USERS/fflix/ .

CategoryDecompilation