| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente |
| back2root:reverse-engineering:disassembler_decompilier [2023/02/18 20:25] – [parameters after the call instruction] frater | back2root:reverse-engineering:disassembler_decompilier [2023/02/18 20:30] (Version actuelle) – [Further reading] frater |
|---|
| |
| === 32 bit CPU code === | === 32 bit CPU code === |
| Most 32-bit CPUs use the ARM instruction set.<ref name=turley /><ref> | Most 32-bit CPUs use the ARM instruction set. |
| Mark Hachman. | Mark Hachman. |
| [http://www.extremetech.com/extreme/52180-arm-cores-climb-into-3g-territory "ARM Cores Climb Into 3G Territory"]. | |
| | [[http://www.extremetech.com/extreme/52180-arm-cores-climb-into-3g-territory|ARM Cores Climb Into 3G Territory]] |
| 2002. | 2002. |
| | |
| "Although Intel and AMD receive the bulk of attention in the computing world, ARM’s embedded 32-bit architecture, ... has outsold all others." | "Although Intel and AMD receive the bulk of attention in the computing world, ARM’s embedded 32-bit architecture, ... has outsold all others." |
| </ref><ref> | |
| Tom Krazit. | Tom Krazit. |
| [http://news.cnet.com/ARMed-for-the-living-room/2100-1006_3-6056729.html "ARMed for the living room"]. | |
| "ARM licensed 1.6 billion cores [in 2005]". | [[http://news.cnet.com/ARMed-for-the-living-room/2100-1006_3-6056729.html|ARMed for the living room]] |
| | |
| | |
| | "ARM licensed 1.6 billion cores [in 2005]" |
| 2006. | 2006. |
| </ref> | |
| |
| Typical ARM assembly code is a series of subroutines, with literal constants scattered between subroutines. | Typical ARM assembly code is a series of subroutines, with literal constants scattered between subroutines. |
| The [[Embedded_Systems/Mixed_C_and_Assembly_Programming#ARM | standard prolog and epilog]] for subroutines is pretty easy to recognize. | |
| |
| === A brief list of disassemblers === | === A brief list of disassemblers === |
| * [http://home.hccnet.nl/a.w.m.van.der.horst/ciasdis.html ciasdis] "an assembler where the elements opcode, operands and modifiers are all objects, that are reusable for disassembly." For 8080 8086 80386 Alpha 6809 and should be usable for Pentium 68000 6502 8051. | * [[http://home.hccnet.nl/a.w.m.van.der.horst/ciasdis.html|ciasdis]] "an assembler where the elements opcode, operands and modifiers are all objects, that are reusable for disassembly." For 8080 8086 80386 Alpha 6809 and should be usable for Pentium 68000 6502 8051. |
| * [http://radare.org/ radare, the reverse engineering framework] includes open-source tools to disassemble code for many processors including x86, ARM, PowerPC, m68k, etc. several virtual machines including java, msil, etc., and for many platforms including Linux, BSD, OSX, Windows, iPhoneOS, etc. | * [[http://radare.org/|radare, the reverse engineering framework]] includes open-source tools to disassemble code for many processors including x86, ARM, PowerPC, m68k, etc. several virtual machines including java, msil, etc., and for many platforms including Linux, BSD, OSX, Windows, iPhoneOS, etc. |
| * IDA, the Interactive Disassembler ( [http://www.hex-rays.com/idapro/ IDA Pro] ) can disassemble code for a huge number of processors, including ARM Architecture (including Thumb and Thumb-2), ATMEL AVR, INTEL 8051, INTEL 80x86, MOS Technologies 6502, MC6809, MC6811, M68H12C, MSP430, PIC 12XX, PIC 14XX, PIC 18XX, PIC 16XXX, Zilog Z80, etc. | * IDA, the Interactive Disassembler ( [[http://www.hex-rays.com/idapro/|IDA Pro]] ) can disassemble code for a huge number of processors, including ARM Architecture (including Thumb and Thumb-2), ATMEL AVR, INTEL 8051, INTEL 80x86, MOS Technologies 6502, MC6809, MC6811, M68H12C, MSP430, PIC 12XX, PIC 14XX, PIC 18XX, PIC 16XXX, Zilog Z80, etc. |
| * objdump, part of the GNU binutils, can disassemble code for several processors and platforms. binutils is an important part of the toolchain as it provides the linker, assembler and other utilties (like objdump) to manipulate executables on the target platform, and is available for most popular platforms. | * objdump, part of the GNU binutils, can disassemble code for several processors and platforms. binutils is an important part of the toolchain as it provides the linker, assembler and other utilties (like objdump) to manipulate executables on the target platform, and is available for most popular platforms. |
| **For OS X/BSD systems, there is a rough equivalent called otool in the XCode kit. | * For OS X/BSD systems, there is a rough equivalent called otool in the XCode kit. |
| *{{DMOZ|Computers/Programming/Disassemblers/|Disassemblers}} lists a huge number of disassemblers | * [[http://www.program-transformation.org/Transform/DisAssembly|Program transformation wiki: disassembly]] lists many highly recommended disassemblers |
| * [http://www.program-transformation.org/Transform/DisAssembly Program transformation wiki: disassembly] lists many highly recommended disassemblers | * [[http://sourceforge.net/search/?words=disassemble|search for "disassemble" at SourceForge]] shows many disassemblers for a variety of CPUs. |
| * [http://sourceforge.net/search/?words=disassemble search for "disassemble" at SourceForge] shows many disassemblers for a variety of CPUs. | * [[http://hopperapp.com|Hopper]] is a disassembler that runs on OS-X and disassembles 32/64-bit OS-X and windows binaries. |
| * [http://hopperapp.com Hopper] is a disassembler that runs on OS-X and disassembles 32/64-bit OS-X and windows binaries. | * The [[http://www.cs.tufts.edu/~nr/cs257/archive/cristina-cifuentes/computer00.pdf|University of Queensland Binary Translator (UQBT)]] is a reusable, component-based binary-translation framework that supports CISC, RISC, and stack-based processors. |
| * The [http://www.cs.tufts.edu/~nr/cs257/archive/cristina-cifuentes/computer00.pdf University of Queensland Binary Translator (UQBT)] is a reusable, component-based binary-translation framework that supports CISC, RISC, and stack-based processors. | |
| | === Further reading ==== |
| |
| == Further reading == | * [[http://www.crackmes.de/]] : reverse engineering challenges |
| {{reflist}} | * "A Challengers Handbook" by Caesum [[http://www.caesum.com/handbook/contents.htm]] has some tips on reverse engineering programs in JavaScript, Flash Actionscript (SWF), Java, etc. |
| * http://www.crackmes.de/ : reverse engineering challenges | * the Open Source Institute occasionally has reverse engineering challenges among its other brainteasers.[[http://www.osix.net/]] |
| * "A Challengers Handbook" by Caesum [http://www.caesum.com/handbook/contents.htm] has some tips on reverse engineering programs in JavaScript, Flash Actionscript (SWF), Java, etc. | * The Program Transformation wiki has a [[http://www.program-transformation.org/Transform/ReengineeringWiki|Reverse engineering and Re-engineering Roadmap]], and discusses disassemblers, decompilers, and tools for translating programs from one high-level language to another high-level language. |
| * the Open Source Institute occasionally has reverse engineering challenges among its other brainteasers.[http://www.osix.net/] | * [[http://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-second-to-ida|Other disassemblers with multi-platform support]] |
| * The Program Transformation wiki has a [http://www.program-transformation.org/Transform/ReengineeringWiki Reverse engineering and Re-engineering Roadmap], and discusses disassemblers, decompilers, and tools for translating programs from one high-level language to another high-level language. | |
| * [http://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-second-to-ida Other disassemblers with multi-platform support] | |
| |
| {{TopNav|prev=Assemblers and Compilers|next=Disassembly Examples}} | |
| |
