Ferramentas do usuário

Ferramentas do site


dev:assembly:disassemblar

Disassemblar

Existem algumas técnicas de como disassemblar. Vou colocar aqui as que já utilizei alguma vez na minha vida.

Utilizando objdump para disassemblar uma section do ELF

Vamos disassemblar somente a sessão .text.

[root@localhost:~ ]# objdump -dj .text hello2
 
hello2:     file format elf64-x86-64
 
 
Disassembly of section .text:
 
00000000004000b0 <_start>:
  4000b0:       b8 04 00 00 00          mov    $0x4,%eax
  4000b5:       bb 01 00 00 00          mov    $0x1,%ebx
  4000ba:       b9 d4 00 60 00          mov    $0x6000d4,%ecx
  4000bf:       ba 0a 00 00 00          mov    $0xa,%edx
  4000c4:       cd 80                   int    $0x80
  4000c6:       b8 01 00 00 00          mov    $0x1,%eax
  4000cb:       bb 00 00 00 00          mov    $0x0,%ebx
  4000d0:       cd 80                   int    $0x80 
[root@localhost:~ ]#

Vamos olhar o fonte payload.asm

section .data
        hello: db "ola mundo", 0xa 
section .text
global _start
_start:
        mov eax, 4 
        mov ebx, 1 
        mov ecx, hello
        mov edx, 10   
        int 0x80        
 
        mov eax, 1     
        mov ebx, 0      
        int 0x80        

Disassemblando Online

Para disassemblar online utilizo o site

https://onlinedisassembler.com/odaweb/

ou

https://onlinedisassembler.io

Utilizando objdump para disassemblar todo o binário ELF

root@localhost:~# objdump -D hello2
 
hello2:     file format elf64-x86-64
 
 
Disassembly of section .text:
 
00000000004000b0 <_start>:
  4000b0:       b8 04 00 00 00          mov    $0x4,%eax
  4000b5:       bb 01 00 00 00          mov    $0x1,%ebx
  4000ba:       b9 d4 00 60 00          mov    $0x6000d4,%ecx
  4000bf:       ba 0a 00 00 00          mov    $0xa,%edx
  4000c4:       cd 80                   int    $0x80
  4000c6:       b8 01 00 00 00          mov    $0x1,%eax
  4000cb:       bb 00 00 00 00          mov    $0x0,%ebx
  4000d0:       cd 80                   int    $0x80
 
Disassembly of section .data:
 
00000000006000d4 <hello>:
  6000d4:       6f                      outsl  %ds:(%rsi),(%dx)
  6000d5:       6c                      insb   (%dx),%es:(%rdi)
  6000d6:       61                      (bad)
  6000d7:       20 6d 75                and    %ch,0x75(%rbp)
  6000da:       6e                      outsb  %ds:(%rsi),(%dx)
  6000db:       64 6f                   outsl  %fs:(%rsi),(%dx)
  6000dd:       0a                      .byte 0xa
root@localhost:~#

Disassemblar com readelf

root@localhost:~# readelf -x .text hello2
 
Hex dump of section '.text':
  0x004000b0 b8040000 00bb0100 0000b9d4 006000ba .............`..
  0x004000c0 0a000000 cd80b801 000000bb 00000000 ................
  0x004000d0 cd80                                ..
 
root@localhost:~#

Visualizar arquivo em formato imagem