8086 Disassembler Download Gratis
Padre Harmon
Ever encountered a situation where you needed to view, disassemble or decompile a binary file, such as a data file, an object file,a library archive, a shared library (or DLL in Windows) or an executable image? Assembled on this page are severalhex viewers (hexadecimal viewers), hex editors, disassemblers and decompilers that will allow youto do precisely that.
RetDec is a decompiler that supports Intel x86, ARM, MIPS, PIC32 and PowerPC executables using formats such asELF, PE, Mach-O, COFF, AR, Intel HEX and raw machine code. It detects compilers and packers used on the executables,can remove statically-linked library code, extract and use embedded debugging information (DWARF and PDB), reconstructinstruction idioms and C++ class hierarchies (RTTI, vtables), demangle C++ symbols, reconstruct functions and otherhigh level constructs, etc. It has an integrated disassembler, and can output files in C and a Python-like language.It is also able to generate call graphs, control-flow graphs and a variety of statistics. This is a Windows and Linuxprogram. You can also build it on Mac OS, although that platform is not officially supported. The software is opensource; RetDec itself is released under the MIT licence, but it also includes other third-party libraries and resources,released under a variety of other licences.
This is a multiplatform binary viewer with "a built-in editor for binary, hexadecimal and disassembler modes".It supports disassembly of Pentium III, AMD K7 Athlon, and Cyrix M2 as well, and the ability to handle the followingexecutable formats: MZ, NE, PE, LE, LX, DOS, SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff.
In essence, a disassembler is the exact opposite of an assembler. Where an assembler converts code written in an assembly language into binary machine code, a disassembler reverses the process and attempts to recreate the assembly code from the binary machine code.
Since most assembly languages have a one-to-one correspondence with underlying machine instructions, the process of disassembly is relatively straight-forward, and a basic disassembler can often be implemented simply by reading in bytes, and performing a table lookup. Of course, disassembly has its own problems and pitfalls, and they are covered later in this chapter.
Many disassemblers have the option to output assembly language instructions in Intel, AT&T, or (occasionally) HLA syntax. Examples in this book will use Intel and AT&T syntax interchangeably. We will typically not use HLA syntax for code examples, but that may change in the future.
Here we are going to list some commonly available disassembler tools. Notice that there are professional disassemblers (which cost money for a license) and there are freeware/shareware disassemblers. Each disassembler will have different features, so it is up to you as the reader to determine which tools you prefer to use.
Many of the Unix disassemblers, especially the open source ones, have been ported to other platforms, like Windows (mostly using MinGW or Cygwin). Some Disassemblers like otool ([OS X) are distro-specific.
Since data and instructions are all stored in an executable as binary data, the obvious question arises: how can a disassembler tell code from data? Is any given byte a variable, or part of an instruction?
Many interactive disassemblers will give the user the option to render segments of code as either code or data, but non-interactive disassemblers will make the separation automatically. Disassemblers often will provide the instruction AND the corresponding hex data on the same line, shifting the burden for decisions about the nature of the code to the user. Some disassemblers (e.g. ciasdis) will allow you to specify rules about whether to disassemble as data or code and invent label names, based on the content of the object under scrutiny. Scripting your own "crawler" in this way is more efficient; for large programs interactive disassembling may be impractical to the point of being unfeasible.
The general problem of separating code from data in arbitrary executable programs is equivalent to the halting problem. As a consequence, it is not possible to write a disassembler that will correctly separate code and data for all possible input programs. Reverse engineering is full of such theoretical limitations, although by Rice's theorem all interesting questions about program properties are undecidable (so compilers and many other tools that deal with programs in any form run into such limits as well). In practice a combination of interactive and automatic analysis and perseverance can handle all but programs specifically designed to thwart reverse engineering, like using encryption and decrypting code just prior to use, and moving code around in memory.
User defined textual identifiers, such as variable names, label names, and macros are removed by the assembly process. They may still be present in generated object files, for use by tools like debuggers and relocating linkers, but the direct connection is lost and re-establishing that connection requires more than a mere disassembler. Especially small constants may have more than one possible name. Operating system calls (like DLLs in MS-Windows, or syscalls in Unices) may be reconstructed, as their names appear in a separate segment or are known beforehand. Many disassemblers allow the user to attach a name to a label or constant based on his understanding of the code. These identifiers, in addition to comments in the source file, help to make the code more readable to a human, and can also shed some clues on the purpose of the code. Without these comments and identifiers, it is harder to understand the purpose of the source code, and it can be difficult to determine the algorithm being used by that code. When you combine this problem with the possibility that the code you are trying to read may, in reality, be data (as outlined above), then it can be even harder to determine what is going on. Another challenge is posed by modern optimising compilers; they inline small subroutines, then combine instructions over call and return boundaries. This loses valuable information about the way the program is structured.
Akin to Disassembly, Decompilers take the process a step further and actually try to reproduce the code in a high level language. Frequently, this high level language is C, because C is simple and primitive enough to facilitate the decompilation process. Decompilation does have its drawbacks, because lots of data and readability constructs are lost during the original compilation process, and they cannot be reproduced. Since the science of decompilation is still young, and results are "good" but not "great", this page will limit itself to a listing of decompilers, and a general (but brief) discussion of the possibilities of decompilation. Compared to disassemblers a decompiler generates code that doesnot require that one is familiar at the processor at hand. It may even be that the decompiled code can be compiled on a different processor, or give a reasonable starting point to reproduce the program on a different processor.
From a human disassembler's point of view, this is a nightmare, although this is straightforward to read in the original Assembly source code, as there is no way to decide if the db should be interpreted or not from the binary form, and this may contain various jumps to real executable code area, triggering analysis of code that should never be analysed, and interfering with the analysis of the real code (e.g. disassembling the above code from 0000h or 0001h won't give the same results at all).
Is there any disassembler (not only a live debugger) second to IDA in capabilities? IDA is wonderful, and somewhat amazing in how robust and useful it is for reversing. However, it is quite expensive to properly license. Is there any viable alternative, or does IDA hold the monopoly on this market?
EDIT: Preferrably, multi-platform support should exist, though that's optional. MIPS, ARM, x86, and x86-64 would be nice, but a disassembler that handles any one of those is a good option to know about.
The PE Explorer Disassembler is designed to be easy to use comparedwith other disassemblers. To that end, some of the functionality foundin other products has been left out in order to keep the processsimple and fast. While as powerful as the more expensive, dedicateddisassemblers, PE Explorer focuses on ease of use, clarity andnavigation.
Relyze is a commercial interactive disassembler for x86, x64 and ARMsoftware with loaders for PE or ELF file formats. It supportsinteractive flat and graph views of the disassembly, generating calland reference graphs, binary diffing two executables, exploring theexecutable file's structure and a Ruby plugin API. It can also handlethings like symbols (PDB's), function local variables, switchstatements, exception handlers, static library identification andmore.
Udis86
Udis86 is an easy-to-use, minimalistic disassembler library (libudis86) for the x86 class of instruction set architectures. It has a convenient interface for use in the analysis and instrumentation of binary code.
REDasm
REDasm is an interactive, multiarchitecture disassembler written in C++ using Qt5 as UI Framework. Its core is light and simple, it can be extended in order to support new instruction sets and file formats.
Relyze is a commercial interactive disassembler for x86, x64 and ARM software with loaders for PE or ELF file formats. It supports interactive flat and graph views of the disassembly, generating call and reference graphs, binary diffing two executables, exploring the executable file's structure and a Ruby plugin API. It can also handle things like symbols (PDB's), function local variables, switch statements, exception handlers, static library identification and more.
With the PEBrowse disassembler, one can open and examine any executable without the need to have it loaded as part of an active process with a debugger. Applications, system DLLs, device-drivers and Microsoft .NET assemblies are all candidates for offline analysis using either PEBrowse programs. The information is organized in a convenient treeview index with the major divisions of the PE file displayed as nodes. In most cases selecting nodes will enable context-sensitive multiple view menu options, including binary dump, section detail, disassembly and structure options as well as displaying sub-items, such as optional header directory entries or exported functions, that can be found as part of a PE file unit. Several table displays, hex/ASCII equivalents, window messages and error codes, as well as a calculator and scratchpads are accessible from the main menu (calculator, messages and codes in PEBrowse Professional only).
aa06259810