如何反汇编 fasm 生成的二进制文件?
How to disassemble fasm-generated binary?
我正在用FASM 汇编程序编写程序,想看看所有宏展开后生成的代码是什么。人们通常可以使用 objdump -d 来分解二进制文件,但是对于由 fasm 生成的二进制文件,它只输出以下内容:
$ cat true.fasm
format ELF64 executable
sys_exit = 60
entry $
mov eax, sys_exit
xor edi, edi
syscall
$ fasm true.fasm
$ objdum -d ./true
out/true: file format elf64-x86-64
我能做的是将二进制文件加载到 gdb,用 starti 启动它并用 x/10i $rip 解码指令,这是次优的。是否有可以执行相同操作的非交互式命令?
您可以轻松使用 radare2,使用 pdf 命令表示 disassemble :
% cat test.asm
format ELF64 executable
sys_exit = 60
entry $
mov rax, sys_exit
xor rdi, rdi
syscall
% ./fasm test.asm
flat assembler version 1.73.04 (16384 kilobytes memory) 1 passes, 132 bytes.
% file test
test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
% r2 -AA test
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[x] Finding function preludes
[x] Enable constraint types analysis for variables
-- In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
[0x00400078]> pdf
;-- segment.LOAD0:
;-- rip:
┌ 12: entry0 ();
│ 0x00400078 48c7c03c0000. mov rax, 0x3c ; '<' ; 60 ; [00] -rwx segment size 12 named LOAD0
│ 0x0040007f 4831ff xor rdi, rdi
└ 0x00400082 0f05 syscall
[0x00400078]>
我正在用FASM 汇编程序编写程序,想看看所有宏展开后生成的代码是什么。人们通常可以使用 objdump -d 来分解二进制文件,但是对于由 fasm 生成的二进制文件,它只输出以下内容:
$ cat true.fasm
format ELF64 executable
sys_exit = 60
entry $
mov eax, sys_exit
xor edi, edi
syscall
$ fasm true.fasm
$ objdum -d ./true
out/true: file format elf64-x86-64
我能做的是将二进制文件加载到 gdb,用 starti 启动它并用 x/10i $rip 解码指令,这是次优的。是否有可以执行相同操作的非交互式命令?
您可以轻松使用 radare2,使用 pdf 命令表示 disassemble :
% cat test.asm
format ELF64 executable
sys_exit = 60
entry $
mov rax, sys_exit
xor rdi, rdi
syscall
% ./fasm test.asm
flat assembler version 1.73.04 (16384 kilobytes memory) 1 passes, 132 bytes.
% file test
test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
% r2 -AA test
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[x] Finding function preludes
[x] Enable constraint types analysis for variables
-- In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
[0x00400078]> pdf
;-- segment.LOAD0:
;-- rip:
┌ 12: entry0 ();
│ 0x00400078 48c7c03c0000. mov rax, 0x3c ; '<' ; 60 ; [00] -rwx segment size 12 named LOAD0
│ 0x0040007f 4831ff xor rdi, rdi
└ 0x00400082 0f05 syscall
[0x00400078]>