flat assembler
Message board for the users of flat assembler.
Index
> Main > simple newbie question |
Author |
|
Plue 11 Nov 2007, 21:26
I think that those are the elf headers, but ndisasm interprets them as asm instructions.
|
|||
11 Nov 2007, 21:26 |
|
LocoDelAssembly 11 Nov 2007, 22:53
Quote: RESTRICTIONS The above supports what Plue says. Any time I dissasembled under Linux I used objdump as the quote suggest but the problem is that it uses AT&T syntax (any way to make it use Intel?). The freewere version of IDApro is capable of disassemble ELFs but it runs under Windows only. |
|||
11 Nov 2007, 22:53 |
|
sloppy 12 Nov 2007, 08:37
Ok thanks,
I tried objdump (it's not a problem at&t syntax) but I get no output... but I looked quickly, maybe I try again later. As for IDA it works (more or less) with wine under linux, and it does give me my code, but it seems too much stuff for a beginner like me Thanks again, Luca |
|||
12 Nov 2007, 08:37 |
|
LocoDelAssembly 12 Nov 2007, 16:41
That is because you have not published "_start". Instead of making executables directly you could make an elf object and then make the executable (or just use objdump on the object).
Here an example where objdump works: Code: loco@athlon64:~/Desktop$ cat test.asm struc PascalString [chars] { common . db 0, chars store byte $-. at . } format ELF section '.text' executable public _start _start: mov ecx, helloMsg mov eax,4 mov ebx,1 movzx edx, byte [ecx] inc ecx int 0x80 mov eax,1 xor ebx,ebx int 0x80 helloMsg PascalString "Hello world!", 10 loco@athlon64:~/Desktop$ fasm test.asm && ld -m elf_i386 test.o flat assembler version 1.67.23 (16384 kilobytes memory) 2 passes, 386 bytes. loco@athlon64:~/Desktop$ ./a.out Hello world! loco@athlon64:~/Desktop$ objdump -d a.out a.out: file format elf32-i386 Disassembly of section .text: 08048054 <_start>: 8048054: b9 72 80 04 08 mov $0x8048072,%ecx 8048059: b8 04 00 00 00 mov $0x4,%eax 804805e: bb 01 00 00 00 mov $0x1,%ebx 8048063: 0f b6 11 movzbl (%ecx),%edx 8048066: 41 inc %ecx 8048067: cd 80 int $0x80 8048069: b8 01 00 00 00 mov $0x1,%eax 804806e: 31 db xor %ebx,%ebx 8048070: cd 80 int $0x80 8048072: 0e push %cs 8048073: 48 dec %eax 8048074: 65 gs 8048075: 6c insb (%dx),%es%edi) 8048076: 6c insb (%dx),%es%edi) 8048077: 6f outsl %ds%esi),(%dx) 8048078: 20 77 6f and %dh,0x6f(%edi) 804807b: 72 6c jb 80480e9 <_start+0x95> 804807d: 64 21 0a and %ecx,%fs%edx) But as you can see, objdump is not as smart as IDApro is. Using Google I found http://lida.sourceforge.net/ . I have not tested it but perhaps you can give it a try. |
|||
12 Nov 2007, 16:41 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.