Hi,
I am wring some code that mix 16bit and 32bit code in asm and C. To fight some bugs I am having, I need to diassemble the code. Unfortunately I found that objdump is horrible: it very often produces bad disassembly that is very different from the source, so I cannot understand where the problem is.
I use objdump with option "-S -d". So could anybody tell if if there is a way to have objdump worked better?
Or: Is there a more reliable disassembler than objdump for what I want to do?
Thanks,
J
A good diassembler?
I tried ndisasm before, but the output looks quite confused, because it doesnt come with C source code like objdump (the -S option of objdump is good!). And ndisasm only produces pure assembly, without any symbols that can help to quickly understand the code??Jeremiah Griffin wrote:I use ndisasm, the nasm disassembler. Just strip the location and hex dump columns from the disassembly and you'll have a reassemblable output ready to go through nasm. It replaces data with opcodes, though - but in the end it looks the same in the output file.
Any idea?
Thanks,
J
In my experience, objdump produces very bad assembly output, which is completely wrong almost all the time on my code. So I cannot say that objdump is a good one, at least for 16bit code.JamesM wrote:I suggest you get used to reading assembly. objdump is an extremely good disassembler - what you're actually asking for is a decompiler, of which there are few, and fewer good ones. I use "objdump -d" and interpret the assembly, as I know many others do.
Meanwhile, ndisasm produces very nice and correct assembly code, The only problem is that it cannot corporate source code like objdump does.
Currently I use objdump to have a look first, then if something is wrong (mostly), I get the related opcode, and search for them on the output of ndisasm to see what it actually does. But this is very inconvenient, so I want to know if there is a "2-in-1" tool to do everything correctly and nicely.
Thanks,
J
FYI,
http://sourceforge.net/projects/bastard/
<kernel-level >
http://oss.sgi.com/projects/kdb/
http://www.linice.com/
--
PS: http://en.wikibooks.org/wiki/Reverse_Engineering/Tools
PPS: http://idc.sf.net and it's disassembler, not diassembler.
http://sourceforge.net/projects/bastard/
<kernel-level >
http://oss.sgi.com/projects/kdb/
http://www.linice.com/
--
PS: http://en.wikibooks.org/wiki/Reverse_Engineering/Tools
PPS: http://idc.sf.net and it's disassembler, not diassembler.
Last edited by binutils on Tue Apr 01, 2008 5:43 am, edited 1 time in total.
I use IDA as well.
I use it for both the disassembly mode and decompiling feature.
I use it for both the disassembly mode and decompiling feature.
Website: https://joscor.com
Sorry that I have no code here, but you can try to compile some 16bit code with ".code16gcc" directive. Somehow objdump fails to understand when the code use override prefixes for address and data.JamesM wrote:In what respect is the output wrong? Could you post a snippet of where it goes wrong?
Thanks,
J
I think in case you are trying to disasembly 8086 code with objdump this `-m i8086' switch should be used.junkoi wrote: Sorry that I have no code here, but you can try to compile some 16bit code with ".code16gcc" directive. Somehow objdump fails to understand when the code use override prefixes for address and data.
IIRC, that's because you're using it wrong. You're supposed to pass a command line option to switch it to 16-bit mode.In my experience, objdump produces very bad assembly output, which is completely wrong almost all the time on my code. So I cannot say that objdump is a good one, at least for 16bit code.
devel, thanks so much for your suggestion! -m i8086 works perfectly for me!!!!!!devel wrote:I think in case you are trying to disasembly 8086 code with objdump this `-m i8086' switch should be used.junkoi wrote: Sorry that I have no code here, but you can try to compile some 16bit code with ".code16gcc" directive. Somehow objdump fails to understand when the code use override prefixes for address and data.
Best,
J