Date: Fri, 27 Aug 2010 09:32:36 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-hackers@freebsd.org Cc: Dirk Engling <erdgeist@erdgeist.org>, Aryeh Friedman <aryeh.friedman@gmail.com> Subject: Re: disassembler Message-ID: <201008270932.36795.jhb@freebsd.org> In-Reply-To: <AANLkTi=4JTTATFWF3XSQraWVt4a0Lk214EMyWvDrF4=j@mail.gmail.com> References: <AANLkTin%2BThKcG1n4-xVDbbj4N9VWq2BakunNxGT6S329@mail.gmail.com> <AANLkTi=q2qMSHPMGG6G57-cnSnxtX2M114iOscid=c7T@mail.gmail.com> <AANLkTi=4JTTATFWF3XSQraWVt4a0Lk214EMyWvDrF4=j@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, August 26, 2010 11:42:25 pm Aryeh Friedman wrote: > On Thu, Aug 26, 2010 at 11:36 PM, Aryeh Friedman > <aryeh.friedman@gmail.com> wrote: > > On Thu, Aug 26, 2010 at 10:46 PM, Dirk Engling <erdgeist@erdgeist.org> wrote: > >> On 27.08.10 04:17, Aryeh Friedman wrote: > >> > >>> Is there a disassembler in the base system if not what is a good > >>> option from ports? > >> > >> Try objdump -d, > >> > >> erdgeist > >> > > > > flosoft# objdump -d /dev/da0 > > objdump: Warning: '/dev/da0' is not an ordinary file For a raw file of x86 instructions use ndisasm from the 'nasm' port. Note that it assumes 16-bit code by default, but you can use ndisasm -U to parse 32-bit instructions instead. For a typical MBR boot loader, plain ndisasm should work fine: # ndisasm /dev/twed0 00000000 FC cld 00000001 31C0 xor ax,ax 00000003 8EC0 mov es,ax 00000005 8ED8 mov ds,ax 00000007 8ED0 mov ss,ax 00000009 BC007C mov sp,0x7c00 0000000C BE1A7C mov si,0x7c1a 0000000F BF1A06 mov di,0x61a 00000012 B9E601 mov cx,0x1e6 00000015 F3A4 rep movsb 00000017 E9008A jmp word 0x8a1a 0000001A 31F6 xor si,si ... etc. I would dd the first sector of your disk off to a file and run ndisasm on that though rather than on the live disk. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008270932.36795.jhb>