ELF Disassembler v0.1 (C) 1999 by A'rpi / ESP-team
~~~~~~~~~~~~~~~~~~~~~
Based on NDISASM from the Netwide Assembler (NASM) v0.98 package!
The Netwide Assembler is copyright (C) 1996 Simon Tatham and Julian Hall.
EDisAsm is a usefull tool for disassembling Linux programs without sources.
!WARNING! Reverse engineering and cracking may be ILLEGAL, use it only for
your own programs or for educational purpose! ;-) If you know program(s)
make this better, please write to me, I couldn't find any. (so I wrote one...)
Usage: edisasm elffile > file.asm
~~~~~~
You won't be able re-compile generated ASM file, it's for "reading" only!
Currently only ".text" section is disassembled. You may change in source...
Features:
~~~~~~~~~
- ELF file (executable/object/shared library) reading
- load and use STATIC and DYNAMIC symbol table if present
- display ASCIIZ text constants from ".rodata" section
- signed hex values (ndisasm writes [ebp+0xfffffffe] instead of [ebp-0x2])
Example: disassembled main() of the traditional Hello world! program:
~~~~~~~~ ...I lost the source of it ;-)
main:
gcc2_compiled.:
08048490 55 push ebp
08048491 89E5 mov ebp,esp
08048493 68F8840408 push dword 0x80484f8
^-- 0x080484F8 = "Hello world!\n"
08048498 E8DBFEFFFF call 0x8048378
^-- 0x08048378 = printf
0804849D 83C404 add esp,byte +0x4
080484A0 89EC mov esp,ebp
080484A2 5D pop ebp
080484A3 C3 ret
To do:
~~~~~~
- nice generated file... current is ugly... but working! :)
- identification of base C functions, printf, fopen etc...
Send bugreports and ideas to <arpi@esp.kign.org>. Thanx.
~~~~