|
Disassembly
A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly language. Disassembly, the output of a disassembler, is often formatted for human-readability rather than suitability for input to an assembler, making it principally a reverse-engineering tool. Assembly language source code generally permits the use of constants and programmer comments. These are usually removed from the assembled machine code by the assembler. If so, a disassembler operating on the machine code would produce disassembly lacking these constants and comments; the disassembled output becomes more difficult for a human to interpret than the original annotated source code. Some disassemblers provide a built-in code commenting feature where the generated output gets enriched with comments regarding called API functions or pa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Interactive Disassembler
The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It also can be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in for programs compiled with a C/ compiler is available at extra cost. The latest full version of IDA Pro is commercial, while a less capable version is available for download free of charge (version 8.1 ). IDA performs automatic code analysis, using cross-references between code sections, knowledge of parameters of API calls, and other information. However, the nature of disassembly precludes total accuracy, and a great deal of human intervention is necessarily required; IDA has interactive functionality to aid in improving the disassembly. A typical IDA user will begin with an automatically generated disassembly list ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Machine Language
In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a very specific task, such as a load, a store, a jump, or an arithmetic logic unit (ALU) operation on one or more units of data in the CPU's registers or memory. Early CPUs had specific machine code that might break backwards compatibility with each new CPU released. The notion of an instruction set architecture (ISA) defines and specifies the behavior and encoding in memory of the instruction set of the system, without specifying its exact implementation. This acts as an abstraction layer, enabling compatibility within the same family of CPUs, so that machine code written or generated according to the ISA for the family will run on all CPUs in the family, including future CPUs. In general, each architecture family (e.g. x86, ARM) has its ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Decompiler
A decompiler is a computer program that translates an executable file to a high-level source file which can be recompiled successfully. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level language. Decompilers are usually unable to perfectly reconstruct the original source code, thus frequently will produce obfuscated code. Nonetheless, decompilers remain an important tool in the reverse engineering of computer software. Introduction The term ''decompiler'' is most commonly applied to a program which translates executable programs (the output from a compiler) into source code in a (relatively) high level language which, when compiled, will produce an executable whose behavior is the same as the original executable program. By comparison, a disassembler translates an executable program into assembly language (and an assembler could be used for assembling it back into an executable program). Decompilation is the act of usin ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Machine Code
In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a very specific task, such as a load, a store, a jump, or an arithmetic logic unit (ALU) operation on one or more units of data in the CPU's registers or memory. Early CPUs had specific machine code that might break backwards compatibility with each new CPU released. The notion of an instruction set architecture (ISA) defines and specifies the behavior and encoding in memory of the instruction set of the system, without specifying its exact implementation. This acts as an abstraction layer, enabling compatibility within the same family of CPUs, so that machine code written or generated according to the ISA for the family will run on all CPUs in the family, including future CPUs. In general, each architecture family (e.g. x86, ARM) has it ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Binary Ninja
Binary Ninja is a reverse-engineering platform developed by Vector 35 Inc. It can disassemble a binary and display the disassembly in linear or graph views. It performs automated in-depth analysis of the code, generating information that helps to analyze a binary. It lifts the instructions into intermediate languages, and eventually generates the decompiled code. Binary Ninja supports various CPU architectures and binary executable formats. It runs on Windows, macOS, and Linux. It also has a free-to-use cloud version. History Binary Ninja was originally an internal tool for a CTF team. The developers later decided to form Vector 35 Inc and develop Binary Ninja into a commercial product. The development started in 2015 and the first public version was released in July 2016. The commercial product does not share code with the internal tool. The latter one is now open-sourced under GPLv2. Features and usage User interface Binary Ninja's UI is built using Qt. Its main U ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
DEBUG (DOS Command)
The line-oriented debugger DEBUG.EXE is an external command in operating systems such as DOS, OS/2 and Windows (only in 16-bit/32-bit versions). DEBUG can act as an assembler, disassembler, or hex dump program allowing users to interactively examine memory contents (in assembly language, hexadecimal or ASCII), make changes, and selectively execute COM, EXE and other file types. It also has several subcommands which are used to access specific disk sectors, I/O ports and memory addresses. Overview Traditionally, all computers and operating systems have included a maintenance function, used to determine whether a program is working correctly. DEBUG was originally written by Tim Paterson to serve this purpose in 86-DOS. When Paterson began working for Microsoft in the early 1980s he brought the program with him. DEBUG was part of and has been included in MS-DOS/ PC DOS and certain versions of Microsoft Windows. Originally named DEBUG.COM, the executable was renamed ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Assembly Language
In computer programming, assembly language (or assembler language, or symbolic machine code), often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence between the instructions in the language and the architecture's machine code instructions. Assembly language usually has one statement per machine instruction (1:1), but constants, comments, assembler directives, symbolic labels of, e.g., memory locations, registers, and macros are generally also supported. The first assembly code in which a language is used to represent machine code instructions is found in Kathleen and Andrew Donald Booth's 1947 work, ''Coding for A.R.C.''. Assembly code is converted into executable machine code by a utility program referred to as an '' assembler''. The term "assembler" is generally attributed to Wilkes, Wheeler and Gill in their 1951 book '' The Preparation of Programs for an Electronic ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Objdump
objdump is a command-line program for displaying various information about object files on Unix-like operating systems. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executables and other binary data. objdump uses the BFD library to read the contents of object files. Similar utilities are Borland TDUMP, Microsoft DUMPBIN and readelf. Note that on certain platforms (e.g. macOS), the objdump binary may actually be a link to llvm's objdump, with different command-line options and behavior. Example For example, $ objdump -D -M intel file.bin , grep main.: -A20 This performs disassembly on the file «file.bin», with the assembly code shown in Intel syntax. We then redirect it to grep, which searches the main function and displays 20 lines of its code. Example output: 4004ed: 55 push rbp 4004ee: 48 89 e5 mov rbp,rsp 4004f1: c7 45 ec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Debugger
A debugger or debugging tool is a computer program used to test and debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its execution and monitor changes in computer resources that may indicate malfunctioning code. Typical debugging facilities include the ability to run or halt the target program at specific points, display the contents of memory, CPU registers or storage devices (such as disk drives), and modify memory or register contents in order to enter selected test data that might be a cause of faulty program execution. The code to be examined might alternatively be running on an ''instruction set simulator'' (ISS), a technique that allows great power in its ability to halt when specific conditions are encountered, but which will typically be somewhat slower than executing the code directly on the appropriate (or the same) processor. Some debuggers offer two m ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Ghidra
Ghidra (pronounced gee-druh; ) is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. Ghidra is seen by many security researchers as a competitor to IDA Pro. The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form. Ghidra plugins can be developed in Java or in Python (provided via Jython). History Ghidra's existence was originally revealed to the public via WikiLeaks in March 2017, but the software itself remained unavailable until its declassification and official release two years later. In June 2019, Coreboot began to use Ghidra for its reverse engineering efforts on firmware-specific problems following the open source release of the Ghidra software suite. Ghidra can be used as a debugger ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
