有没有办法从机器代码中获取助记符?
[英]Any way to get the mnemonics from the machine code?
问题描述
I have a simple program program in assembly 
我有一个简单的程序集程序
.text
.globl _start
_start:
movl $1, %eax
movl $1, %ebx
int $0x80
I have assembled it. 我已经组装好了。 I have dumped the content of it as below 我已将其内容转储如下
root@bt:~# objdump -d out
out: file format elf32-i386
Disassembly of section .text:
08048054 <_start>:
8048054: b8 01 00 00 00 mov $0x1,%eax
8048059: bb 01 00 00 00 mov $0x1,%ebx
804805e: cd 80 int $0x80
Now my question is, can I get back the mnemonics given only the below machine code \\xb8\\x01\\x00\\x00\\x00\\xbb\\x01\\x00\\x00\\x00\\xcd\\x80 现在我的问题是,如果只给出下面的机器代码\\xb8\\x01\\x00\\x00\\x00\\xbb\\x01\\x00\\x00\\x00\\xcd\\x80 ,我可以找回助记符\\xb8\\x01\\x00\\x00\\x00\\xbb\\x01\\x00\\x00\\x00\\xcd\\x80
2 个解决方案
解决方案1
5 已采纳 2013-07-16 17:13:32
This is fairly well documented in How do I disassemble raw x86 code? 在如何反汇编原始x86代码中有相当详细的记录?
To do your specific example, this worked for me (on a Linux machine, with the GNU toolchain): 为了做你的具体例子,这对我有用(在Linux机器上,使用GNU工具链):
printf '\xb8\x01\x00\x00\x00\xbb\x01\x00\x00\x00\xcd\x80' > /tmp/binary
objdump -D -b binary -mi386 /tmp/binary
With this as the short documentation for the options: 以此作为选项的简短文档:
[-D|--disassemble-all]
[-b bfdname|--target=bfdname]
[-m machine|--architecture=machine]
i386 specify the target. i386指定目标。 I had to remove the addr16 and data16 from the original example command, as otherwise this won't work. 我不得不从原始示例命令中删除addr16和data16,否则这将无法工作。
解决方案2
3 2013-07-16 17:02:00
You just need to tell objdump you want to operate on a plain binary file: 您只需要告诉objdump您想要在纯二进制文件上操作:
$ hexdump -vC binaryFile
00000000 b8 01 00 00 00 bb 01 00 00 00 cd 80 |............|
0000000c
$ objdump -D -b binary -m i386 binaryFile
binaryFile: file format binary
Disassembly of section .data:
00000000 <.data>:
0: b8 01 00 00 00 mov $0x1,%eax
5: bb 01 00 00 00 mov $0x1,%ebx
a: cd 80 int $0x80
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.