From owner-freebsd-hackers@FreeBSD.ORG  Fri Aug 27 13:37:46 2010
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 106FD1065697
	for <freebsd-hackers@freebsd.org>; Fri, 27 Aug 2010 13:37:46 +0000 (UTC)
	(envelope-from jhb@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id D20A18FC08
	for <freebsd-hackers@freebsd.org>; Fri, 27 Aug 2010 13:37:45 +0000 (UTC)
Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net
	[66.111.2.69])
	by cyrus.watson.org (Postfix) with ESMTPSA id 53AF546B2D;
	Fri, 27 Aug 2010 09:37:45 -0400 (EDT)
Received: from jhbbsd.localnet (smtp.hudson-trading.com [209.249.190.9])
	by bigwig.baldwin.cx (Postfix) with ESMTPSA id 7305C8A03C;
	Fri, 27 Aug 2010 09:37:44 -0400 (EDT)
From: John Baldwin <jhb@freebsd.org>
To: freebsd-hackers@freebsd.org
Date: Fri, 27 Aug 2010 09:32:36 -0400
User-Agent: KMail/1.13.5 (FreeBSD/7.3-CBSD-20100819; KDE/4.4.5; amd64; ; )
References: <AANLkTin+ThKcG1n4-xVDbbj4N9VWq2BakunNxGT6S329@mail.gmail.com>
	<AANLkTi=q2qMSHPMGG6G57-cnSnxtX2M114iOscid=c7T@mail.gmail.com>
	<AANLkTi=4JTTATFWF3XSQraWVt4a0Lk214EMyWvDrF4=j@mail.gmail.com>
In-Reply-To: <AANLkTi=4JTTATFWF3XSQraWVt4a0Lk214EMyWvDrF4=j@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201008270932.36795.jhb@freebsd.org>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1
	(bigwig.baldwin.cx); Fri, 27 Aug 2010 09:37:44 -0400 (EDT)
X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=4.2 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx
Cc: Dirk Engling <erdgeist@erdgeist.org>,
	Aryeh Friedman <aryeh.friedman@gmail.com>
Subject: Re: disassembler
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Aug 2010 13:37:46 -0000

On Thursday, August 26, 2010 11:42:25 pm Aryeh Friedman wrote:
> On Thu, Aug 26, 2010 at 11:36 PM, Aryeh Friedman
> <aryeh.friedman@gmail.com> wrote:
> > On Thu, Aug 26, 2010 at 10:46 PM, Dirk Engling <erdgeist@erdgeist.org> 
wrote:
> >> On 27.08.10 04:17, Aryeh Friedman wrote:
> >>
> >>> Is there a disassembler in the base system if not what is a good
> >>> option from ports?
> >>
> >> Try objdump -d,
> >>
> >>  erdgeist
> >>
> >
> > flosoft# objdump -d /dev/da0
> > objdump: Warning: '/dev/da0' is not an ordinary file

For a raw file of x86 instructions use ndisasm from the 'nasm' port.  Note 
that it assumes 16-bit code by default, but you can use ndisasm -U to parse 
32-bit instructions instead.  For a typical MBR boot loader, plain ndisasm 
should work fine:

# ndisasm /dev/twed0
00000000  FC                cld
00000001  31C0              xor ax,ax
00000003  8EC0              mov es,ax
00000005  8ED8              mov ds,ax
00000007  8ED0              mov ss,ax
00000009  BC007C            mov sp,0x7c00
0000000C  BE1A7C            mov si,0x7c1a
0000000F  BF1A06            mov di,0x61a
00000012  B9E601            mov cx,0x1e6
00000015  F3A4              rep movsb
00000017  E9008A            jmp word 0x8a1a
0000001A  31F6              xor si,si
...

etc.

I would dd the first sector of your disk off to a file and run ndisasm on that 
though rather than on the live disk.

-- 
John Baldwin