I'm looking for a library that will disassemble x86 code into some sort of object model that I can then use to write routines that analyze the code. I'm not interested in a library that converts x86 code to text disassembly--I've found more than a few of those, but they're not that useful since I want to do some work on top of the code that I disassemble. Oh, and I'd like it to be .Net code (VB or C# preferable).
Yep! You beat me to it on that one.
Jon Ownbey
2009-05-20 21:02:23
So is the Reflexil plugin for Reflector for patching the assembly. ;) http://sourceforge.net/projects/reflexil/
Wayne Hartman
2009-05-20 21:05:50
Nope, I'm looking for an x86 native code disassembler.
PaulV
2009-05-21 14:34:47
+3
A:
Reflector doesn't do x86 as far as I know.
Your best bet is using the scripting or COM interface to OllyDbg or IDA Pro.
I would recommend IDA Pro if you can afford it. IDA has a very rich API, active development and lots of documentation. You can run it in autonomous mode, I believe using the '-AS' switch. See http://www.hex-rays.com/idapro/idadoc/417.htm for more info on the command line arguments.
I also ran into libdasm, but never used it, so not sure how good it is. libdasm looks like C/C++ so it should be simple to write an API wrapper in C#.
kervin
2009-05-20 21:13:27
I've used IDA Pro as a straight disassembler but I didn't think of using it because it looked like it only had internal automation. Is it possible to automate it from the outside? I guess I'm not 100% opposed to working entirely in IDA Pro, but I'd prefer to use a .Net language if I can.
PaulV
2009-05-21 14:36:56
Yes, you can run it in autonomous mode and specify the IDC script you'd like to run. You can also develop using the C API and COM interfaces from the plugin API. That's probably the best disassembly and analysis bridge you'll get.
kervin
2009-05-21 18:36:11