Disassembling

Disassembling is the process of translating an executable program into its equivalent assembly representation. The greatest problem in disassembling is determining what is code (instructions) and what is data, as both are represented in the same way in current machines. Further, disassembling is equivalent to the Halting Problem and hence cannot be fully automated for all input programs.

This page contains information about various commercial, shareware and freeware disassemblers, and tools for building disassemblers.

Because of the relative immaturity of decompilation, it is sadly the case that for large, commercial reverse engineering projects, a good disassembler is probably a better option right now than a decompiler. Hopefully, this situation will change in the near future.

  • IDA Pro. Generally agreed as the most powerful disassembler. See IDAPro.

  • MacNosy is a disassembler for Mac (68K and PowerPC) applications, resource files or ROM.

  • Borg is a freeware disassembler for Windows 32-bit binaries. See BorgDisassembler.

  • XDASM: Universal Cross Disassembler. This is a commercial disassembler for a large number of 8/16 bit processors (except anything higher than 386). This disassembler uses processor description to do its work, which means you can add your own processor descriptions. Was US$249, now US$99 if you print your own manual.

  • MFVDasm is commercial software (US$100 as of December 2001) for Windows. It disassembles many PC format files, and uses a web-browser like GUI interface. A 7 day free trial is available.

  • VXDasm is a visual relocatable disassembler for Windows device drivers. A demo version is downloadable from the VXDasm home page.

  • Bastard is an open source disassembler hosted on Sourceforge. From the web page: "The bastard currently runs on x86 Linux and FreeBSD [CVS version]. It can disassemble x86 ELF, a.out, and PE files as well as flat binary files [.com, .bin]. Future releases will support additional file formats and CPU architectures."

  • TC source for 486 code stream disassembler: These Turbo C sources are written by Robin Hilliard and are under the GNU license. As far as we know, no automatic detection system for code and data is included. (Dated: 4-20-93.)

  • obj2asm TC Source for intelligent .OBJ disassembler. This is not a disassembler of EXE or COM files, but of OBJ files, which are sometimes distributed in LIB files, without the original code. Because of the nature of the OBJ files, a far more accurate disassembling can be done, with even some of the original names of procedures and (global) variables. Sources are provided under the GNU license. This is also from Robin Hilliard. (Dated: 4-20-93.)

  • Duncan Murdoch maintains a page with programs for dumping the various Turbo Pascal Unit (TPU) files, as well as various other disassembly related programs.

  • AMSGEN is a disassembler written by J. Gersbach and J. Damke. (Appears to be freeware.) It is automatic detection of code and data, but extra information can be provided in a .SEQ file. ASMGSQ is a .SEQ file generator. The program has been throughly tested on correctness. A test procedure is included in the distribution. (Dated: 11-23-90.) Download from SimTel.

  • Bubble is a disassembler program with automatic detection of code and data fragments, but can also be used interactively. (Dated: 3-12-92.) Download from SimTel. (Address updated 07 Jun 2004 by BrentGoldthwaite?)

  • DIS86 is more like a step-by-step debugger, with built in disassembler. You can walk through the code, call subroutines, and return. It keeps some track of the contents of the registers, but not much. You can add your own labels. Does not have an automatic detection of code and data. Written by James R. van Zandt. (Dated: 1-1-79.) Download from SimTel.

  • nm - print symbol name list (Unix command). nm prints the name list (symbol table) of each object filename in the argument list. If an argument is an archive, a listing for each object file in the archive will be produced. If no filename is given, the symbols in a.out are listed.

  • RosAsm is primarily an assembler, but it claims to have a "two click disassembly" feature. I haven't tried it, but it sounds interesting. The claim is that most small and some medium sized programs can be modified.

Possibly obsolete products

  • WDASM 1.7b: Windows Disassembler Program. This is a shareware Windows program for disassembling Windows 3.1 programs, written by Eric Grass. It also includes a program called hilevel, which can transform the assembler output in a structured assembler format, including definition of procedures, local variables, and if-macro sections (it is also mentioned in the Free Compilers list.) Was at http://www.leo.org/pub/comp/os/windows/win3.11/programming/asm/index.html .

  • ASM Trace is the disassembler by Tels of ASM Edit. The author wrote it because he was not happy with Sourcer. He has discontinued work on ASM Trace a while ago. Was at http://www.bloodgate.com .

  • Unasource. The current release of Unasource is v0.3d which is described by its author, Francisco Javier Felix, as a little disassembler for .com and .sys pentium binaries. Unasource is a straight line disassembler for DOS binaries. The long term goal for unasource is to be a full decompiler that generates C, Cobol, Visual Basic and other source codes. At present, it is a disassembler. Was at http://www.ctv.es/USERS/fflix/ .

CategoryDecompilation

Revision: r1.26 - 24 Oct 2004 - 03:33 - MikeVanEmmerik
Transform > DeCompilation > DecompilationDisassembly
Copyright © 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback