ODA - Online Disassembler
onlinedisassembler.comFor those who don't have showdead enabled...
SparrowOS 2 hours ago | link [dead] | -26%
I made a disassembler It's mostly just a binary search through the opcodes. The trick is ordering them. http://www.sparrowos.com/Wb/Compiler/Unassembler.html Yes, I typed all this shit by hand. It's not complete. http://www.sparrowos.com/Wb/Compiler/OpCodes.html
--
I haven't really gotten to grips with SparrowOS yet as I don't program enough to fully understand/appreciate it, but this makes it that bit more desirable as a hacking tool. Thank you.
He wrote a disassembler as a hand-hacked state machine. A crazy amount of focus.
"-26%"?
FeelHN does sntiment analysis for HN posts - I find it a useful indicator that it might be time to step away from a particular discussion or take a break from HN.
https://chrome.google.com/webstore/detail/feelhn/hpnealkfodh...
Fantastic feature to show branches graphically in the margin as arrows.
Blindingly obvious, but still saves a lot of mental effort in keeping addresses in your head.
Haven't seen any "desktop disassembler" (that sounds furniture-related) do that.
IDA Pro shows branches/jumps as a graph, which I think is even better: http://www.hex-rays.com/products/ida/pix/5_plain_graph_view....
When not in graph mode, it'll show jump arrows in the margin: http://www.chip.de/ii/146940129_e98df3e41d.jpg
IDA Pro is crazily expensive though, and probably not worth it unless you're doing reverse engineering / exploit finding for a living. For example it's a bit overkill for just looking at disassembly to see what code the compiler has written, which (I think) is the common use case of objdump.
That's true, and it seems to bog down easily in my (limited) experience with it. Ollydbg is fast and free, and very navigable. http://www.ollydbg.de/ Oh, it too has arrows. That's what I mean by navigable. 32 bit only though.
Ollydbg has more or less given way to Immunity Debugger, which is what you should be checking out if that's the flavor of reversing tool you're after.
I don't know a lot of people who use IDA as a debugger and like it.
On the other hand, IDA's a better disassembler (and not just because it handles multiple architectures) than Olly. It's the industry standard for a good reason.
Hopper.app is giving it a run for its money on x86 and ARM. Hopper is all I use now.
I think it's ironic that people think IDA is too expensive; it's not expensive enough, given its total addressable market. IDA's prices are so low that they artificially depress the market for all reverse engineering tools, which anchor or orbit around IDA's price point. Hex-Rays is trying to break out of that with the decompiler, but then Hopper did a good-enough decompiler and bundled it into a $100 tool.
Professionals that use IDA (a) rely on it heavily (b) can use the same version of IDA for years and years (c) routinely bill out over 250-300/hr and (d) number in the tens of thousands. It's an interesting business case study.
Most interesting! I just do reversing for fun rather than profit, but Immunity and Hopper both look very impressive.
From my limited experience with OllyDbg, it was fantastic.
Totally agree - I was just providing an example of a native disassembler that has indications of branching/jumps. I think OllyDbg does this too (at least the margin arrows).
Check out Hopper.app.
Agreed. I have a flaky emacs hack that colours labels to make it easier to correspond branch with target, but arrows are considerably nicer.
@gsg Would you mind sharing said emacs hack ;-)
Why not? It's a bit more limited than I thought at first, basically only suitable for the output of gcc -S (highlights labels that look like .Lxxx).
https://gist.github.com/4546274
There's no license or documentation, it's flaky and probably broken, etc. Do whatever you like with it.
Looks like it's objdump built for all-architectures.
Certainly has some of objdump's quirks. 8d bc 27 00 00 00 00 => lea 0x0(%edi,%eiz,1),%edi.
I was half expecting a disassembler written in Javascript.
It would be great to be able to paste a url to others of a work-in-progress pastebin-style dump of something I'm commenting or reversing. Also, symfiles.
This is actually a feature we're currently working on. Thanks for reinforcing the need.
The site barfs when I upload the BareMetal OS kernel for disassembly. Is there a size limit? The kernel is x86-64 and only 16KiB in size.
No, it's just an immature website. I'm one of the creators. The site is just a hobby now among friends, and since we all have families, it's slow going. Thanks for the feedback everyone!