So if we change 0x55 to 0x54 the output becomes 0x1000: push esp - a different register is pushed. When we consult the x86 opcode table, we see that a value of 0x50 + the register = Push Word, Doubleword or Quadword Onto the Stack. If you want to disassemble individual bytes, you can use the Capstone disassembly framework's Python bindings to write scripts that disassemble the byte values that you specify. It sounds like you are interested in going the other way, that is, disassembling object (binary) code. GCC is a compiler toolchain, which performs preprocessing of the source file, translates source code to assembly, translates that to machine code, and then performs relocation via the link-editor, producing an ELF binary. If you want to create your own libopcodes-based disassembler that does this, the following article will help you get started: Basic disassembly with libopcodes. rely on the BFD library, meaning they take well-formed ELF files, not arbitrary byte values or ASCII hex strings, as input. Linux binutils tools, such as objdump, gdb etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |