Existem algumas técnicas de como disassemblar. Vou colocar aqui as que já utilizei alguma vez na minha vida.
Vamos disassemblar somente a sessão .text.
[root@localhost:~ ]# objdump -dj .text hello2 hello2: file format elf64-x86-64 Disassembly of section .text: 00000000004000b0 <_start>: 4000b0: b8 04 00 00 00 mov $0x4,%eax 4000b5: bb 01 00 00 00 mov $0x1,%ebx 4000ba: b9 d4 00 60 00 mov $0x6000d4,%ecx 4000bf: ba 0a 00 00 00 mov $0xa,%edx 4000c4: cd 80 int $0x80 4000c6: b8 01 00 00 00 mov $0x1,%eax 4000cb: bb 00 00 00 00 mov $0x0,%ebx 4000d0: cd 80 int $0x80 [root@localhost:~ ]#
Vamos olhar o fonte payload.asm
section .data hello: db "ola mundo", 0xa section .text global _start _start: mov eax, 4 mov ebx, 1 mov ecx, hello mov edx, 10 int 0x80 mov eax, 1 mov ebx, 0 int 0x80
root@localhost:~# objdump -D hello2 hello2: file format elf64-x86-64 Disassembly of section .text: 00000000004000b0 <_start>: 4000b0: b8 04 00 00 00 mov $0x4,%eax 4000b5: bb 01 00 00 00 mov $0x1,%ebx 4000ba: b9 d4 00 60 00 mov $0x6000d4,%ecx 4000bf: ba 0a 00 00 00 mov $0xa,%edx 4000c4: cd 80 int $0x80 4000c6: b8 01 00 00 00 mov $0x1,%eax 4000cb: bb 00 00 00 00 mov $0x0,%ebx 4000d0: cd 80 int $0x80 Disassembly of section .data: 00000000006000d4 <hello>: 6000d4: 6f outsl %ds:(%rsi),(%dx) 6000d5: 6c insb (%dx),%es:(%rdi) 6000d6: 61 (bad) 6000d7: 20 6d 75 and %ch,0x75(%rbp) 6000da: 6e outsb %ds:(%rsi),(%dx) 6000db: 64 6f outsl %fs:(%rsi),(%dx) 6000dd: 0a .byte 0xa root@localhost:~#
root@localhost:~# readelf -x .text hello2 Hex dump of section '.text': 0x004000b0 b8040000 00bb0100 0000b9d4 006000ba .............`.. 0x004000c0 0a000000 cd80b801 000000bb 00000000 ................ 0x004000d0 cd80 .. root@localhost:~#