Long multi-byte NOPs: commonly understood macros or other notation
Recent GAS in binutils has a .nops N pseudo-instruction that expands to the requested number of bytes for the target: .nops size[, control]
disassembly
Why does this memory address %fs:0x28 ( fs[0x28] ) have a random value?
Both the FS and GS registers can be used as base-pointer addresses in order to access special operating system data-structures. So what you’re seeing is a value loaded at an offset from the value held in the FS register, and not bit manipulation of the contents of the FS register. Specifically what’s taking place, is … Read more
Disassembling A Flat Binary File Using objdump
I found the solution to my own question on a different forum. It looks something like this: objdump -b binary –adjust-vma=0xabcd1000 -D file.bin I’ve tested this and it works.
What is your favorite disassembler tool in Mac OS X? [closed]
You might want to try Hopper Disassembler, osxdbg, Machoview, otx (otool GUI) and Affinic Debugger GUI.
How does GCC optimize out an unused variable incremented inside a loop?
The compiler is even smarter than that. 🙂 In fact, it realizes that you aren’t using the result of the loop. So it took out the entire loop completely! This is called Dead Code Elimination. A better test is to print the result: #include <stdio.h> int main(void) { int i; int count = 0; for(i … Read more
How to disassemble, modify and then reassemble a Linux executable?
I don’t think there is any reliable way to do this. Machine code formats are very complicated, more complicated than assembly files. It isn’t really possible to take a compiled binary (say, in ELF format) and produce a source assembly program which will compile to the same (or similar-enough) binary. To gain an understanding of … Read more
How to disassemble a memory range with GDB?
Yeah, disassemble is not the best command to use here. The command you want is “x/i” (examine as instructions): (gdb) x/i 0xdeadbeef
How to write a disassembler? [closed]
Take a look at section 17.2 of the 80386 Programmer’s Reference Manual. A disassembler is really just a glorified finite-state machine. The steps in disassembly are: Check if the current byte is an instruction prefix byte (F3, F2, or F0); if so, then you’ve got a REP/REPE/REPNE/LOCK prefix. Advance to the next byte. Check to … Read more
What does @plt mean here?
It’s a way to get code fix-ups (adjusting addresses based on where code sits in virtual memory, which may be different across different processes) without having to maintain a separate copy of the code for each process. The PLT, or procedure linkage table, is one of the structures which makes dynamic loading and linking easier … Read more
How to disassemble one single function using objdump?
I would suggest using gdb as the simplest approach. You can even do it as a one-liner, like: gdb -batch -ex ‘file /bin/ls’ -ex ‘disassemble main’