Common uses of disassemblers include recovering source code of a program whose original source was lost, understanding the inner workings of malware, modifying software (such as ROM hacking), and software cracking.
Assembly language source code generally permits the use of constants and programmer comments. These are usually removed from the assembled machine code by the assembler. If so, a disassembler operating on the machine code would produce disassembly lacking these constants and comments; the disassembled output becomes more difficult for a human to interpret than the original annotated source code. Some disassemblers provide a built-in code commenting feature where the generated output gets enriched with comments regarding called API functions or parameters of called functions. Some disassemblers make use of the symbolic debugging information present in object files such as ELF. For example, IDA allows the human user to make up mnemonic symbols for values or regions of code in an interactive session: human insight applied to the disassembly process often parallels human creativity in the code writing process.
On CISC platforms with variable-width instructions, more than one disassembly may be valid. Disassemblers do not handle code that varies during execution.
Writing a disassembler which produces code which, when assembled, produces exactly the original binary is possible; however, there are often differences. This poses demands on the expressivity of the assembler. For example, an x86 assembler takes an arbitrary choice between two binary codes for something as simple as MOVAX,BX. If the original code uses the other choice, the original code simply cannot be reproduced at any given point in time. However, even when a fully correct disassembly is produced, problems remain if the program requires modification. For example, the same machine language jump instruction can be generated by assembly code to jump to a specified location (for example, to execute specific code), or to jump a specified number of bytes (for example, to skip over an unwanted branch). A disassembler cannot know what is intended, and may use either syntax to generate a disassembly which reproduces the original binary. However, if a programmer wants to add instructions between the jump instruction and its destination, it is necessary to understand the program's operation to determine whether the jump should be absolute or relative, i.e., whether its destination should remain at a fixed location, or be moved so as to skip both the original and added instructions.
Another challenge is that it is not always possible to identify which parts of the binary correspond to executable code, and which correspond to data. While common executable formats like ELF and PE divide the binary into executable and data sections, other formats such as flat binaries do not, so any given location in the binary may contain either executable instructions or non-executable data, making it difficult to decide whether it should be disassembled as instructions or left as data. Since CPUs generally allow dynamic jumps computed at runtime, it is not always possible to identify all possible locations in the binary that may be jumped to and therefore contain instructions.
Encryption may be used on some computer programs, particularly as part of Digital Rights Management to thwart reverse engineering and cracking. This poses an additional challenge to disassembly as the code must be decrypted before being disassembled.
Examples of disassemblers
A disassembler may be stand-alone or interactive. A stand-alone disassembler, when executed, generates an assembly language file which can be examined; an interactive one shows the effect of any change the user makes immediately. For example, the disassembler may initially not know that a section of the program is actually code, and treat it as data; if the user specifies that it is code, the resulting disassembled code is shown immediately, allowing the user to examine it and take further action during the same run.
Any interactive debugger will include some way of viewing the disassembly of the program being debugged. Often, the same disassembly tool will be packaged as a standalone disassembler distributed along with the debugger. For example, objdump, part of GNU Binutils, is related to the interactive debugger gdb.[1]
A dynamic disassembler can be incorporated into the output of an emulator or hypervisor to 'trace out', line-by-line, the real time execution of any executed machine instructions. In this case, as well as lines containing the disassembled machine code, the register(s) and/or data change(s) (or any other changes of "state", such as condition codes) that each individual instruction causes can be shown alongside or beneath the disassembled instruction. This provides extremely powerful debugging information for ultimate problem resolution, although the size of the resultant output can sometimes be quite large, especially if active for an entire program's execution. OLIVER provided these features from the early 1970s as part of its CICS debugging product offering and is now to be found incorporated into the XPEDITER product from Compuware.
Length disassembler
A length disassembler, also known as length disassembler engine (LDE), is a tool that, given a sequence of bytes (instructions), outputs the number of bytes taken by the parsed instruction. Notable open source projects for the x86 architecture include ldisasm,[6] Tiny x86 Length Disassembler[7] and Extended Length Disassembler Engine for x86-64.[8]
^ ab"Hopper". from the original on 2022-01-08. Retrieved 2022-01-25.
^"Binary Ninja". from the original on 2022-01-24. Retrieved 2022-01-25.
^Paul, Matthias R. (1997-07-30). "Kapitel II.5. Allgemeines: Undokumentierte Möglichkeiten von DEBUG" [Undocumented features of DEBUG]. NWDOS-TIPs — Tips & Tricks rund um Novell DOS 7, mit Blick auf undokumentierte Details, Bugs und Workarounds. MPDOSTIP. Release 157 (in German) (3 ed.). from the original on 2017-09-10. Retrieved 2014-09-06. (NB. NWDOSTIP.TXT is a comprehensive work on Novell DOS 7 and OpenDOS 7.01, including the description of many undocumented features and internals. It is part of the author's yet larger MPDOSTIP.ZIP collection maintained up to 2001 and distributed on many sites at the time. The provided link points to a HTML-converted older version of the NWDOSTIP.TXT file.)
^"PEExplorer Windows Disassembler for Win 32-bit Program EXE DLL OCX, Code Binary Analysis Tool". Retrieved 2022-04-25.{{cite web}}: CS1 maint: url-status (link)
^Sourcer - Commenting Disassembler (September 1989 ed.). V Communications, Inc. 1988. Part Number S0989-164. Retrieved 2019-12-21.
^"ldisasm". GitHub. from the original on 2020-10-28. Retrieved 2020-02-26.
^"Tiny x86 Length Disassembler". GitHub. from the original on 2020-10-31. Retrieved 2019-12-10.
^"Extended Length Disassembler Engine for x86-64". GitHub. from the original on 2020-10-08. Retrieved 2019-12-10.
Further reading
Vinciguerra, Lori; M. Wills, Linda; Kejriwal, Nidhi; Martino, Paul; Vinciguerra, Ralph L. (2003). "An experimentation framework for evaluating disassembly and recompilation tools for C++ and Java]". Proceedings of 10th Working Conference on Reverse Engineering (WCRE): 14–23. doi:10.1109/WCRE.2003.1287233. ISBN0-7695-2027-8. S2CID 10398240.
Schwarz, Benjamin; Debray, Saumya; Andrews, Gregory (2002). "Disassembly of Executable Code Revisited". Proceedings of 9th Working Conference on Reverse Engineering (WCRE). Department of Computer Science, University of Arizona: 45–54. CiteSeerX10.1.1.85.6387.
External links
Look up disassembler in Wiktionary, the free dictionary.
List of x86 disassemblers in Wikibooks
Transformation Wiki on disassembly
Boomerang A general, open source, retargetable decompiler of machine code programs
Online Disassembler, a free online disassembler of arms, mips, ppc, and x86 code
March 13, 2023
disassembler, this, article, includes, list, references, related, reading, external, links, sources, remain, unclear, because, lacks, inline, citations, please, help, improve, this, article, introducing, more, precise, citations, december, 2009, learn, when, r. This article includes a list of references related reading or external links but its sources remain unclear because it lacks inline citations Please help to improve this article by introducing more precise citations December 2009 Learn how and when to remove this template message A disassembler is a computer program that translates machine language into assembly language the inverse operation to that of an assembler A disassembler differs from a decompiler which targets a high level language rather than an assembly language Disassembly the output of a disassembler is often formatted for human readability rather than suitability for input to an assembler making it principally a reverse engineering tool Common uses of disassemblers include recovering source code of a program whose original source was lost understanding the inner workings of malware modifying software such as ROM hacking and software cracking Assembly language source code generally permits the use of constants and programmer comments These are usually removed from the assembled machine code by the assembler If so a disassembler operating on the machine code would produce disassembly lacking these constants and comments the disassembled output becomes more difficult for a human to interpret than the original annotated source code Some disassemblers provide a built in code commenting feature where the generated output gets enriched with comments regarding called API functions or parameters of called functions Some disassemblers make use of the symbolic debugging information present in object files such as ELF For example IDA allows the human user to make up mnemonic symbols for values or regions of code in an interactive session human insight applied to the disassembly process often parallels human creativity in the code writing process On CISC platforms with variable width instructions more than one disassembly may be valid Disassemblers do not handle code that varies during execution Contents 1 Problems of disassembly 2 Examples of disassemblers 3 Disassemblers and emulators 4 Length disassembler 5 See also 6 References 7 Further reading 8 External linksProblems of disassembly EditWriting a disassembler which produces code which when assembled produces exactly the original binary is possible however there are often differences This poses demands on the expressivity of the assembler For example an x86 assembler takes an arbitrary choice between two binary codes for something as simple as span class nf MOV span span class w span span class no AX span span class p span span class no BX span span class w span If the original code uses the other choice the original code simply cannot be reproduced at any given point in time However even when a fully correct disassembly is produced problems remain if the program requires modification For example the same machine language jump instruction can be generated by assembly code to jump to a specified location for example to execute specific code or to jump a specified number of bytes for example to skip over an unwanted branch A disassembler cannot know what is intended and may use either syntax to generate a disassembly which reproduces the original binary However if a programmer wants to add instructions between the jump instruction and its destination it is necessary to understand the program s operation to determine whether the jump should be absolute or relative i e whether its destination should remain at a fixed location or be moved so as to skip both the original and added instructions Another challenge is that it is not always possible to identify which parts of the binary correspond to executable code and which correspond to data While common executable formats like ELF and PE divide the binary into executable and data sections other formats such as flat binaries do not so any given location in the binary may contain either executable instructions or non executable data making it difficult to decide whether it should be disassembled as instructions or left as data Since CPUs generally allow dynamic jumps computed at runtime it is not always possible to identify all possible locations in the binary that may be jumped to and therefore contain instructions Encryption may be used on some computer programs particularly as part of Digital Rights Management to thwart reverse engineering and cracking This poses an additional challenge to disassembly as the code must be decrypted before being disassembled Examples of disassemblers EditA disassembler may be stand alone or interactive A stand alone disassembler when executed generates an assembly language file which can be examined an interactive one shows the effect of any change the user makes immediately For example the disassembler may initially not know that a section of the program is actually code and treat it as data if the user specifies that it is code the resulting disassembled code is shown immediately allowing the user to examine it and take further action during the same run Any interactive debugger will include some way of viewing the disassembly of the program being debugged Often the same disassembly tool will be packaged as a standalone disassembler distributed along with the debugger For example objdump part of GNU Binutils is related to the interactive debugger gdb 1 Binary Ninja 2 DEBUG 3 Interactive Disassembler IDA Ghidra Hiew Hopper Disassembler 1 PE Explorer Disassembler 4 Netwide Disassembler Ndisasm companion to the Netwide Assembler NASM OLIVER CICS interactive test debug includes disassemblers for Assembler COBOL and PL 1 OllyDbg is a 32 bit assembler level analysing debugger Radare2 SIMON batch interactive test debug includes disassemblers for Assembler COBOL and PL 1 Sourcer a commenting 16 bit 32 bit disassembler for DOS OS 2 and Windows by V Communications in the 1990s 5 Disassemblers and emulators EditA dynamic disassembler can be incorporated into the output of an emulator or hypervisor to trace out line by line the real time execution of any executed machine instructions In this case as well as lines containing the disassembled machine code the register s and or data change s or any other changes of state such as condition codes that each individual instruction causes can be shown alongside or beneath the disassembled instruction This provides extremely powerful debugging information for ultimate problem resolution although the size of the resultant output can sometimes be quite large especially if active for an entire program s execution OLIVER provided these features from the early 1970s as part of its CICS debugging product offering and is now to be found incorporated into the XPEDITER product from Compuware Length disassembler EditA length disassembler also known as length disassembler engine LDE is a tool that given a sequence of bytes instructions outputs the number of bytes taken by the parsed instruction Notable open source projects for the x86 architecture include ldisasm 6 Tiny x86 Length Disassembler 7 and Extended Length Disassembler Engine for x86 64 8 See also EditControl flow graph Data flow analysis DecompilerReferences Edit a b Hopper Archived from the original on 2022 01 08 Retrieved 2022 01 25 Binary Ninja Archived from the original on 2022 01 24 Retrieved 2022 01 25 Paul Matthias R 1997 07 30 Kapitel II 5 Allgemeines Undokumentierte Moglichkeiten von DEBUG Undocumented features of DEBUG NWDOS TIPs Tips amp Tricks rund um Novell DOS 7 mit Blick auf undokumentierte Details Bugs und Workarounds MPDOSTIP Release 157 in German 3 ed Archived from the original on 2017 09 10 Retrieved 2014 09 06 NB NWDOSTIP TXT is a comprehensive work on Novell DOS 7 and OpenDOS 7 01 including the description of many undocumented features and internals It is part of the author s yet larger MPDOSTIP ZIP collection maintained up to 2001 and distributed on many sites at the time The provided link points to a HTML converted older version of the NWDOSTIP TXT file PEExplorer Windows Disassembler for Win 32 bit Program EXE DLL OCX Code Binary Analysis Tool Retrieved 2022 04 25 a href Template Cite web html title Template Cite web cite web a CS1 maint url status link Sourcer Commenting Disassembler September 1989 ed V Communications Inc 1988 Part Number S0989 164 Retrieved 2019 12 21 ldisasm GitHub Archived from the original on 2020 10 28 Retrieved 2020 02 26 Tiny x86 Length Disassembler GitHub Archived from the original on 2020 10 31 Retrieved 2019 12 10 Extended Length Disassembler Engine for x86 64 GitHub Archived from the original on 2020 10 08 Retrieved 2019 12 10 Further reading EditVinciguerra Lori M Wills Linda Kejriwal Nidhi Martino Paul Vinciguerra Ralph L 2003 An experimentation framework for evaluating disassembly and recompilation tools for C and Java Proceedings of 10th Working Conference on Reverse Engineering WCRE 14 23 doi 10 1109 WCRE 2003 1287233 ISBN 0 7695 2027 8 S2CID 10398240 Schwarz Benjamin Debray Saumya Andrews Gregory 2002 Disassembly of Executable Code Revisited Proceedings of 9th Working Conference on Reverse Engineering WCRE Department of Computer Science University of Arizona 45 54 CiteSeerX 10 1 1 85 6387 External links Edit Look up disassembler in Wiktionary the free dictionary List of x86 disassemblers in Wikibooks Transformation Wiki on disassembly Boomerang A general open source retargetable decompiler of machine code programs Disassemblers at Curlie Online Disassembler a free online disassembler of arms mips ppc and x86 code Retrieved from https en wikipedia org w index php title Disassembler amp oldid 1130521729, wikipedia, wiki, book, books, library,
