disassembler
John Baldwin
jhb at freebsd.org
Fri Aug 27 13:37:46 UTC 2010
On Thursday, August 26, 2010 11:42:25 pm Aryeh Friedman wrote:
> On Thu, Aug 26, 2010 at 11:36 PM, Aryeh Friedman
> <aryeh.friedman at gmail.com> wrote:
> > On Thu, Aug 26, 2010 at 10:46 PM, Dirk Engling <erdgeist at erdgeist.org>
wrote:
> >> On 27.08.10 04:17, Aryeh Friedman wrote:
> >>
> >>> Is there a disassembler in the base system if not what is a good
> >>> option from ports?
> >>
> >> Try objdump -d,
> >>
> >> erdgeist
> >>
> >
> > flosoft# objdump -d /dev/da0
> > objdump: Warning: '/dev/da0' is not an ordinary file
For a raw file of x86 instructions use ndisasm from the 'nasm' port. Note
that it assumes 16-bit code by default, but you can use ndisasm -U to parse
32-bit instructions instead. For a typical MBR boot loader, plain ndisasm
should work fine:
# ndisasm /dev/twed0
00000000 FC cld
00000001 31C0 xor ax,ax
00000003 8EC0 mov es,ax
00000005 8ED8 mov ds,ax
00000007 8ED0 mov ss,ax
00000009 BC007C mov sp,0x7c00
0000000C BE1A7C mov si,0x7c1a
0000000F BF1A06 mov di,0x61a
00000012 B9E601 mov cx,0x1e6
00000015 F3A4 rep movsb
00000017 E9008A jmp word 0x8a1a
0000001A 31F6 xor si,si
...
etc.
I would dd the first sector of your disk off to a file and run ndisasm on that
though rather than on the live disk.
--
John Baldwin
More information about the freebsd-hackers
mailing list