tags:

views:

88

answers:

3
+1  Q: 

Windows disassembler: looking for a tool...

Hello.

I'm looking for a (preferably free) tool that can produce "proper" disassembly listing from a (non-.NET) windows PE file (*.exe or *.dll).

Important requirement: it should be possible to run the listing through a windows assembler (nasm, masm or whatever) and get working exe again (not necessarily identical to original one, but it should behave in the same way).

Intended usage is adding new subroutines into existing code, when source is not available.

Ideally, tool should be able to detect function/segment boundaries, API calls, and generate proper labels for jumps (I can live without labels for loops/jumps, though, but function boundary detection would be nice), and keep program resources/segments in place.

I'm already aware of IdaPRO(not free), OllyDBG (useful for in-place hacking, doesn't generate disassembly listing, AFAIK), ndisasm (output isn't suitable for assembler), dumpbin (useful, but AFAIK, output isn't suitable for assembler) and "proxy dll" technique.

Ideas? Or maybe there is a book/tutorial that explains some kind of alternative approach?

A: 

I'm not positive it does exactly what you want but have you tried PEiD?

Peter McGrattan  2010-05-07 06:46:24
It looks like it doesn't do what I want. PEiD gives you a lot of info about PE file, but doesn't allow to pull it apart and turn it into bunch of asm listings. There is a builtin disassembler, sure, but it looks like it isn't exactly what I've been looking for...
SigTerm  2010-05-07 10:32:41
A: 

You say you're aware of IdaPRO, but are you also aware of IdaFree?

500 - Internal Server Error  2010-05-07 18:50:41
Are you talking about 4.9 Freeware version of Ida PRO or about some other software?
SigTerm  2010-05-08 07:31:19
No, that's the one I'm talking about.
500 - Internal Server Error  2010-05-10 23:53:21
Not a solution I've been looking for, but I'll mark it as accepted.
SigTerm  2010-05-12 02:56:50
A: 

Also,check out Oilly. It's a pretty neat application and very intuitive too. You can disassemble and hex edit. Ideal for small to medium size projects.

Epitaph  2010-05-07 18:53:08
Do you mean OllyDbg? I agree, it's great. Even lets you inject new instructions and save the binary... if you're into that sort of thing.
Eric  2010-05-13 22:17:38

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)