Hi all, Can someone recommend a good win32 disassembler, preferably one that shows the contents of data segments and shows imports/exports?
Thanks a lot, James Liggett
OllyDbg is a good free binary disassembler/debugger
http://www.ollydbg.de/ -------- Ida Pro is a very nice disassembler/debugger -- (its commerical but it there is a free windows version)
http://www.datarescue.com/ http://www.datarescue.com/idabase/idadown.htm -------- W32Dasm is a decent (kinda old) disassembler/debugger -- is it still commerical??
(look for a demo via google) -------- REC is an impressive free deCompiler (better than a simple disassembler) its based off of boomarang http://boomerang.sourceforge.net/ (notice http://www.program-transformation.org/Transform/DecompilationPossible ("Pigs from Sausages?" hehe http://www.dur.ac.uk/martin.ward/martin/papers/migration-t.pdf))
http://www.backerstreet.com/rec/rec.htm
I hope you find this helpful -- I have some other links up my sleves but most are outdated and or commerical
Nick
Nick Burns wrote:
REC is an impressive free deCompiler (better than a simple disassembler) its based off of boomarang
REC uses compiler dependend pattern matching which often fails miserably for modern code, it doesn't recognize a huge amount of >i386 opcodes (even some i386 opcodes) and I've seen way too many segfaults when dealing with large programs. I'm not sure if the situation has changed with REC 2.0 but as the author admits that the backend hasn't really changed I doubt it.
REC is also (debian) non-free (instead of boomerang, which is open-source and much more advanced from a architectural point of view but isn't really usable for larger binaries either).
You're much better off with some assembly knowledge and a good disassembler.
Felix
"Felix" == Felix Nawothnig felix.nawothnig@t-online.de writes:
Felix> Nick Burns wrote: >> REC is an impressive free deCompiler (better than a simple >> disassembler) its based off of boomarang
Felix> REC uses compiler dependend pattern matching which often fails Felix> miserably for modern code, it doesn't recognize a huge amount of Felix> >i386 opcodes (even some i386 opcodes) and I've seen way too many Felix> segfaults when dealing with large programs. I'm not sure if the Felix> situation has changed with REC 2.0 but as the author admits that Felix> the backend hasn't really changed I doubt it.
Felix> REC is also (debian) non-free (instead of boomerang, which is Felix> open-source and much more advanced from a architectural point of Felix> view but isn't really usable for larger binaries either).
Felix> You're much better off with some assembly knowledge and a good Felix> disassembler.
There is recstudio mentioned, but I don't see a download link. Does anybody know about the (release|copyright) status of recstudio?
On 7/11/05, Uwe Bonnes bon@elektron.ikp.physik.tu-darmstadt.de wrote:
There is recstudio mentioned, but I don't see a download link. Does anybody know about the (release|copyright) status of recstudio?
http://www.backerstreet.com/rec/rec.htm
Tom
Hi,
On Sun, Jul 10, 2005 at 02:31:57PM -0700, James Liggett wrote:
Hi all, Can someone recommend a good win32 disassembler, preferably one that shows the contents of data segments and shows imports/exports?
You probably want IDA (Interactive DisAssembler). With about $600 or so too expensive for my needs (I would have bought a cheaper version if available), but there are also free versions available.
Andreas Mohr
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, Jul 10, 2005 at 02:31:57PM -0700, James Liggett wrote:
Can someone recommend a good win32 disassembler, preferably one that shows the contents of data segments and shows imports/exports?
I use the HT Editor (http://hte.sourceforge.net/). It's far less featureful than IDA Pro, but it has a built-in analyzer and suports many win32 executable formats. I use it in conjunction with winedbg to find wine bugs.
- -- Anderson Lizardo
_______________________________________________________ Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/
On Sun, 10 Jul 2005 14:31:57 -0700 James Liggett jrliggett@cox.net wrote:
Hi all, Can someone recommend a good win32 disassembler, preferably one that shows the contents of data segments and shows imports/exports?
Geprge Bush?
Thanks a lot, James Liggett
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. MailScanner Supplied by ITS-HelpDesk. ext 4001 or email helpdesk@irl.cri.nz--
-
Anderson Lizardo -
Andreas Mohr -
Felix Nawothnig -
James Liggett -
Nick Burns -
Roger Young -
Tom Wickline -
Uwe Bonnes