Don Question
Reputation: 11614
Disassemble opcode snippets directly in a shell?
I got a small byte-string, with a hex-representation like:
6631C08A2500000000
Is there a disassembler, which accepts opcodes as a direct input parameter, without the need of a compiled file?
e.g.:
$ disassembler -directOpcode 6631C08A2500000000
0: 66 31 c0 xor ax,ax
3: 8a 25 00 00 00 00 mov ah,BYTE PTR ds:0x0
Upvotes: 2
Views: 892
Answers (2)
Changbin Du
Reputation: 800
Try cstool from capstone project.
Install cstool :
$ sudo apt install capstone-tool
Disassemble your code in AT&T-syntax:
$ cstool x64att '6631C08A2500000000'
0 66 31 c0 xorw %ax, %ax
3 8a 25 00 00 00 00 movb 0(%rip), %ah
Or intel syntax:
$ cstool x64 '6631C08A2500000000'
0 66 31 c0 xor ax, ax
3 8a 25 00 00 00 00 mov ah, byte ptr [rip]
Upvotes: 1
Don Question
Reputation: 11614
Because of Peter's helpful comment I found a solution utilizing python2 and some shell pipes:
$ python -c "print '6631C08A2500000000'.decode('hex')" | head -c -1 | ndisasm -b32 -
00000000 6631C0 xor ax,ax
00000003 8A2500000000 mov ah,[dword 0x0]
I used head -c -1 to get rid of the trailing newline char, otherwise I get:
00000000 6631C0 xor ax,ax
00000003 8A2500000000 mov ah,[dword 0x0]
00000009 0A db 0x0a
Upvotes: 2
Related Questions
- How to disassemble a binary executable in Linux to get the assembly code?
- How to disassemble, modify and then reassemble a Linux executable?
- How do I disassemble raw 16-bit x86 machine code?
- Disassemble raw x64 machine code
- Disassembling an 'faddl' instruction
- Debug sections after binary is stripped
- x86 mov opcode disassembling
- ollydbg opcode trace
- linux disassembler
- How to step-debug assembly binaries with no symbols or sections?