dev:assembly:disassemblar
Table of Contents
Disassemblar
Existem algumas técnicas de como disassemblar. Vou colocar aqui as que já utilizei alguma vez na minha vida.
Utilizando objdump para disassemblar uma section do ELF
Vamos disassemblar somente a sessão .text.
[root@localhost:~ ]# objdump -dj .text hello2 hello2: file format elf64-x86-64 Disassembly of section .text: 00000000004000b0 <_start>: 4000b0: b8 04 00 00 00 mov $0x4,%eax 4000b5: bb 01 00 00 00 mov $0x1,%ebx 4000ba: b9 d4 00 60 00 mov $0x6000d4,%ecx 4000bf: ba 0a 00 00 00 mov $0xa,%edx 4000c4: cd 80 int $0x80 4000c6: b8 01 00 00 00 mov $0x1,%eax 4000cb: bb 00 00 00 00 mov $0x0,%ebx 4000d0: cd 80 int $0x80 [root@localhost:~ ]#
Vamos olhar o fonte payload.asm
section .data hello: db "ola mundo", 0xa section .text global _start _start: mov eax, 4 mov ebx, 1 mov ecx, hello mov edx, 10 int 0x80 mov eax, 1 mov ebx, 0 int 0x80
Disassemblando Online
Utilizando objdump para disassemblar todo o binário ELF
root@localhost:~# objdump -D hello2 hello2: file format elf64-x86-64 Disassembly of section .text: 00000000004000b0 <_start>: 4000b0: b8 04 00 00 00 mov $0x4,%eax 4000b5: bb 01 00 00 00 mov $0x1,%ebx 4000ba: b9 d4 00 60 00 mov $0x6000d4,%ecx 4000bf: ba 0a 00 00 00 mov $0xa,%edx 4000c4: cd 80 int $0x80 4000c6: b8 01 00 00 00 mov $0x1,%eax 4000cb: bb 00 00 00 00 mov $0x0,%ebx 4000d0: cd 80 int $0x80 Disassembly of section .data: 00000000006000d4 <hello>: 6000d4: 6f outsl %ds:(%rsi),(%dx) 6000d5: 6c insb (%dx),%es:(%rdi) 6000d6: 61 (bad) 6000d7: 20 6d 75 and %ch,0x75(%rbp) 6000da: 6e outsb %ds:(%rsi),(%dx) 6000db: 64 6f outsl %fs:(%rsi),(%dx) 6000dd: 0a .byte 0xa root@localhost:~#
Disassemblar com readelf
root@localhost:~# readelf -x .text hello2 Hex dump of section '.text': 0x004000b0 b8040000 00bb0100 0000b9d4 006000ba .............`.. 0x004000c0 0a000000 cd80b801 000000bb 00000000 ................ 0x004000d0 cd80 .. root@localhost:~#
Visualizar arquivo em formato imagem
dev/assembly/disassemblar.txt · Last modified: 2022/11/04 00:34 by 127.0.0.1