Getting complete disassembly of an executable binary

Question

Is it possible to get a complete disassembly (which can act as input to an assembler) of an executable?

When I use otool -tV a.out I get to see only the text section. Other sections like data aren't visible.

When I use gdb, the disassemble command requires a start and an end address. However I do not know how to find out the start and the end address of a binary (say a.out).

I'm trying to disassemble an executable, tinker with the assembly code and then reassemble it. Is that possible?

It'd also help if one can find out the names of all the sections in a binary.

score 38 · Answer 1 · answered Oct 02 '14 at 21:21

38

Try using this command, i remember using it sometime back:

otool -tvV a.out

answered Oct 02 '14 at 21:21

Tanuvir

601
6
6

2

This command helped me a lot in the past as well as `otool -IvV a.out` (displays the indirect symbol table). Furthermore there is the _-d_ switch for information on the _data_ section. More info in: `man otool` – andwagon Dec 20 '14 at 13:26

score 3 · Answer 2 · answered Aug 22 '14 at 13:57

3

On Mac, you can install (possibly by homebrew) binutils that includes gobjdump. You can disassemble any binary program once installed. It's open and free.

answered Aug 22 '14 at 13:57

Xizeng Mao

39
2

This should be a comment since it dies not attempt to answer the question. – jww May 21 '17 at 01:36

score 0 · Answer 3 · edited Apr 14 '21 at 21:35

0

You can use the Hopper Disassembler

quote:

Hopper is a reverse engineering tool for the Mac, that lets you disassemble, decompile and debug your 32/64bits Intel Mac executables.

It costs $59, but you can download a demo to check if it gets the job done first.

EDIT

It seems you can achieve this with otool as well, according to the manual.

.B -d Display the contents of the (_^_DATA,_^_data) section.

Also have a look at this short blog post (archive link, original is gone) that describes the mentioned use of otool, and how you can use objdump as mentioned by @Sjlver.

edited Apr 14 '21 at 21:35

Dakota

2,915
2
28
25

answered Oct 23 '12 at 21:41

Jørgen R

10,568
7
42
59

`otool -d` certainly displays the data section. But that is not all. If the executable calls a method like: `printf("ABCD")`, I can't find the declaration of the string "ABCD" in the assembly anywhere. – mynk Oct 24 '12 at 04:14
1

I am looking for a free solution. So didn't give it a shot. – mynk Oct 24 '12 at 06:58
This should be a comment since it does not attempt to answer the question. – jww May 21 '17 at 01:33
@jww How does this not attempt to answer the question? – Jørgen R May 24 '17 at 07:18

score -4 · Answer 4 · answered Oct 23 '12 at 21:41

-4

On linux, you can try to use objdump -D myprog

Note that this will work only if the program does not contain irregular control flow. Especially malware is often obfuscated, e.g. by inserting spurious bytes that are then jumped over.

If you're targeting this kind of programs, I've heard that one of the best products to use is IDA pro.

answered Oct 23 '12 at 21:41

Sjlver

1,227
1
12
28

4

This should be a comment since it does not attempt to answer the question. – jww May 21 '17 at 01:33

Getting complete disassembly of an executable binary

4 Answers4