PDA

View Full Version : Mac OS X x86 Disassembler




satans_banjo
Sep 4, 2006, 03:54 PM
Hi

I'm trying my hand at a bit of reverse engineering (purely for the challenge of it all) and I was wondering if there was a reliable x86 disassembler for Mac OS X (command line or otherwise, preferably free)

Thanks



caveman_uk
Sep 4, 2006, 04:25 PM
You could try using gdb (only if you really want to become a gibbering wreck). I did read IDA Pro now ran on the mac but there's not much sign of it on their website (and it's not free). I guess you could check out fink for anything useful?

savar
Sep 4, 2006, 04:33 PM
Hi

I'm trying my hand at a bit of reverse engineering (purely for the challenge of it all) and I was wondering if there was a reliable x86 disassembler for Mac OS X (command line or otherwise, preferably free)

Thanks

gdb, definitely

satans_banjo
Sep 5, 2006, 04:16 PM
Thanks - I've got GDB installed, but how do I create a text output file with the assembly code? I can only seem to find out how to use it as a debugger

savar
Sep 5, 2006, 09:44 PM
Thanks - I've got GDB installed, but how do I create a text output file with the assembly code? I can only seem to find out how to use it as a debugger

i dont think you can disassemable the entire executable, but you can disassemble ranges of memory. i forget the exact command, i think "disassemble" works but so does "d" or "da" or something like that. gdb probably has help to teach you the mnemonics.

if you're interested in reverse engineering, it probably makes more sense to reverse engineer from gdb than to just dump an entire .asm file, because you can disassemble a particular function that you're interested in or even disassemble the instructions about to execute "disassemble pc pc+10" i think.

its been a while since i used gdb..there's a learning curve but its quite powerful. you can set actions to execute whenever a particular breakpoint is hit. this is real handy for "stubbing out" function calls. set a breakpoint on that function and then set the action to return to pc.

hope this helps

demallien
Sep 7, 2006, 05:22 AM
This may help...
http://lists.apple.com/archives/xcode-users/2005/Sep/msg00794.html

pip11
Sep 8, 2006, 02:55 PM
There aren't many options for disassemblers:

1) use otool, included with the dev tools. otool -tV will give you a pretty standard disassembly

2) ht editor (http://hte.sourceforge.net/)--open source and supports OS X and mach-o. you have to compile and install it manually. Its interface can be confusing--use function keys to get to the main features, like F6 to change into the disassembly mode or hex editor.

3) IDA Pro--should work under wine/crossover, although maybe not perfectly. definitely not free, but it is the best. it supports x86 mach-o, and its graphing features are great, especially if you aren't too familiar with disassembly/x86 assembly (like me).

harlock59
Oct 4, 2006, 07:58 AM
i am also looking for a disassembler (or debugging) program but not for x86, for powerpc under panther. thanks for any reply. or send me a message at: harlock59[at]gmail[dot]com .thanx a lot.

ps: if possible, not a line-command-only software, but with a graphical user interface (GUI).

Vanya
Oct 24, 2006, 11:49 PM
Not sure if this will help, but I wrote a "GDB Tutorial for Beginners" awhile back if you're interested-very beginner stuff but lots of information. I wrote it when I used a PowerPC Mac, so the code listings are for PowerPC primarily (with some intel bits thrown in). I'm updating it to reflect the intel cpu of my MacBook Pro. :)

Here it is (http://www.geekronomicon.com/?q=node/74).
Cheers!
John