Date: Mon, 5 Apr 1999 01:08:19 -0700 (PDT) From: Daniel Berlin <danielb@university.microsoft.com> To: Warner Losh <imp@harmony.village.org> Cc: Doug Rabson <dfr@nlsystems.com>, Nick Hibma <hibma@skylink.it>, FreeBSD hackers mailing list <hackers@FreeBSD.ORG>, USB BSD list <usb-bsd@makelist.com> Subject: Re: disassembling i386 code Message-ID: <14088.28531.908490.405287@danberlin.resnet.rochester.edu> In-Reply-To: <199904050118.TAA66919@harmony.village.org> References: <Pine.BSF.4.05.9904041812380.74823-100000@herring.nlsystems.com> <199904050118.TAA66919@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually, the best dissasembler around is IDA Pro from DataRescue.
This is for just about any executable format on x86, ELF/PEF on PPC,
and a few other andom processors in the standard version (i860, SH-4,
and JAVA).
It's really pretty damn amazing.
I've used sourcer before (used it for years), but ever since IDA came
about, it's blown everything else out of the water.
I've dissasembled BeOS executables (PEF on PPC, ELF on x86, used to be
PE) , JAVA class files (I'll admit it's not the best tool for doing
JAVA class files, because it looks at it from the point of view of a
java processor), and a bunch of other stuff with it, never had a
problem.
It makes sourcer look like a 3rd grade science project.
There little blurb says it best:
" IDA Pro is simply the world's most
advanced disassembler. It mixes multi pass
analysis, stack variables, symbolic
constants, unicode, ELF support, color
highlighting, C++ name demangling to
compiler library recognition in a stunning
package ! "
http://www.datarescue.com
grab the demo, but the input file size is limited to 64k.
it's a bit pricey, but do a dejanews search on ida 3.84 or ida 3.8,
and read what people say about it.
I've yet to see a negative comment yet.
I'll stop now before i start to sound like i get paid to say this
stuff :P,
Dan
Warner Losh writes:
> In message <Pine.BSF.4.05.9904041812380.74823-100000@herring.nlsystems.com> Doug Rabson writes:
> : If you are lucky, you might be able to use 'objdump --disassemble' using
> : the version of objdump in the cygwin toolset.
>
> This supposedly works. However, the objdump output is somewhat less
> than wonderful for these projects.
>
> : There is a commercial disassembler for Windows, Sourcer from V
> : Communications. Have a look at http://www.v-com.com/products/sourcer.html
> : but it costs money...
>
> Sourcer is why I took an interest in the doscmd program earlier in the
> year. I managed to get things to the point where sourcer's main
> programs would run, but not the batch files. The program is a pain to
> use, but does give OK results.
>
> There are boatloads of disassemblers that run under windows. Do a web
> search for them and you'll see plenty.
>
> Warner
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14088.28531.908490.405287>