Disassemble x86 code in a program at a specific address

Question

Is there any x86 disassembler framework that can be used to analyze code from a specific address in a program, as in:

info = disassemble( startAddress , stopAddress)

It should show every instruction and its operands and any other info that is good for analysis but it should have also fast mode where it isn't so important to obtain that much info for each instruction, but only for some of them that can be specified.

I think it was IDA Pro that i used, that would make an effort to only disassemble bytes that were being executed. It had its flaws, as there's a halting problem hiding in there -- the only way to know for sure some bytes are code is to trace through the program and see if they ever get jumped to. But it usually guessed pretty well. — cHao
– cHao, Commented Jan 22, 2011 at 18:00
If you are using *nux than gdb is quite good for analyzing and debugging you code — Elalfer
– Elalfer, Commented Jan 22, 2011 at 18:03
windows 7 / visual studio 2010 but I want to do croscompiling in the future so if you have any advise for that also thanks — neo_x3m
– neo_x3m, Commented Jan 22, 2011 at 18:39

Adam Rosenfield · Accepted Answer · 2011-01-22 18:02:22Z

4

Is GNU binutils not good enough? Here's how to do that with the objdump utility:

# Disassemble from virtual addresses 0x80000000 to 80000100 objdump -d program --start-address=0x80000000 --stop-address=0x80000100

answered Jan 22, 2011 at 18:02

Adam Rosenfield

402k102 gold badges524 silver badges600 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

Jester Over a year ago

Also, the binutils use a library, I believe libbfd, to perform this task. So maybe use it directly.

mike.dld · Accepted Answer · 2011-01-23 00:26:37Z

Google's protobuf uses libdisasm for that matter. Sad thing is that (judging from source code) it only supports ia32 and x86 and homepage states that "it is x86 specific and will not be expanded to include other CPU architectures". But since you didn't mention other archs, this library may be sufficient.

Kevin · Accepted Answer · 2011-04-12 20:20:24Z

The cross-platform InstructionAPI suits this purpose, it will analyze the code and can print out the disassembly or provide a machine-independent view of the instructions for you to query. InstructionAPI is a shared library that you would link your code against.

http://www.paradyn.org/html/manuals.html

A Fog · Accepted Answer · 2011-07-26 14:48:46Z

I would debug to the start point and look at the disassembly output of the debugger. A more brutal method is to disassemble it all and search for the function name in the disassembly file. objconv can do this, but it is slow on very big files.

Chris Klepeis · Accepted Answer · 2011-12-01 20:03:01Z

0

Try BeaEngine

edited Dec 1, 2011 at 20:03

Chris Klepeis

10k16 gold badges88 silver badges151 bronze badges

answered Apr 12, 2011 at 9:16

Spider

1,0021 gold badge12 silver badges18 bronze badges

Collectives™ on Stack Overflow

Disassemble x86 code in a program at a specific address

5 Answers 5

1 Comment

Comments

Comments

Comments

Comments

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

1 Comment

Comments

Comments

Comments

Comments

Related