0x042444FF; /* inc dword ptr [esp+4] */
I need this tool to know which part means inc
, dword
or vice versa.
0x042444FF; /* inc dword ptr [esp+4] */
I need this tool to know which part means inc
, dword
or vice versa.
You can use the objdump
tool to 'decompile' an executable binary back to assembly code, though because of possible optimisations, the resulting assembly code may not be the same as the original assembly (but they should be similar in essence).
command line tool that takes that hex number and disassembles it for you. I have not heard of a tool. You could take that number make an elf file from it with those four bytes as the binary then call objdump. With something like that though you could just look it up.
http://ref.x86asm.net/index.html
or
http://ref.x86asm.net/coder32.html
The 0x44 tells you it is an increment. x86 is variable length so some of the other bytes come into play. I wouldnt be surprised if the 0x04 is the offset to esp.
The following is a bit inconvenient, but it works:
$ xxd -r > objdump-test.bin
0000 ff 44 24 04
$ objdump -D --target=binary --architecture i386:intel objdump-test.bin
objdump-test.bin: file format binary
Disassembly of section .data:
0000000000000000 <.data>:
0: ff 44 24 04 inc DWORD PTR [esp+0x4]
xxd
is a hexdump utilitity that can work in reverse, it is part of X11. The 0000
is the address of the hex data in the resulting file.
You could use any other tool to create a binary file instead.