218:. If the original code uses the other choice, the original code simply cannot be reproduced at any given point in time. However, even when a fully correct disassembly is produced, problems remain if the program requires modification. For example, the same machine language jump instruction can be generated by assembly code to jump to a specified location (for example, to execute specific code), or to jump a specified number of bytes (for example, to skip over an unwanted branch). A disassembler cannot know what is intended, and may use either syntax to generate a disassembly which reproduces the original binary. However, if a programmer wants to add instructions between the jump instruction and its destination, it is necessary to understand the program's operation to determine whether the jump should be absolute or relative, i.e., whether its destination should remain at a fixed location, or be moved so as to skip both the original and added instructions.
36:
399:", such as condition codes) that each individual instruction causes can be shown alongside or beneath the disassembled instruction. This provides extremely powerful debugging information for ultimate problem resolution, although the size of the resultant output can sometimes be quite large, especially if active for an entire program's execution. OLIVER provided these features from the early 1970s as part of its
263:
A disassembler may be stand-alone or interactive. A stand-alone disassembler, when executed, generates an assembly language file which can be examined; an interactive one shows the effect of any change the user makes immediately. For example, the disassembler may initially not know that a section of
180:
by the assembler. If so, a disassembler operating on the machine code would produce disassembly lacking these constants and comments; the disassembled output becomes more difficult for a human to interpret than the original annotated source code. Some disassemblers provide a built-in code commenting
229:
divide the binary into executable and data sections, other formats such as flat binaries do not, so any given location in the binary may contain either executable instructions or non-executable data, making it difficult to decide whether it should be disassembled as instructions or left as data.
202:
Writing a disassembler which produces code which, when assembled, produces exactly the original binary is possible; however, there are often differences. This poses demands on the expressivity of the assembler. For example, an x86 assembler takes an arbitrary choice between two binary codes for
550:, including the description of many undocumented features and internals. It is part of the author's yet larger MPDOSTIP.ZIP collection maintained up to 2001 and distributed on many sites at the time. The provided link points to a HTML-converted older version of the NWDOSTIP.TXT file.)
431:), is a tool that, given a sequence of bytes (instructions), outputs the number of bytes taken by the parsed instruction. Notable open source projects for the x86 architecture include ldisasm, Tiny x86 Length Disassembler and Extended Length Disassembler Engine for x86-64.
394:
to 'trace out', line-by-line, the real time execution of any executed machine instructions. In this case, as well as lines containing the disassembled machine code, the register(s) and/or data change(s) (or any other changes of
264:
the program is actually code, and treat it as data; if the user specifies that it is code, the resulting disassembled code is shown immediately, allowing the user to examine it and take further action during the same run.
193:
allows the human user to make up mnemonic symbols for values or regions of code in an interactive session: human insight applied to the disassembly process often parallels human creativity in the code writing process.
271:
will include some way of viewing the disassembly of the program being debugged. Often, the same disassembly tool will be packaged as a standalone disassembler distributed along with the debugger. For example,
754:
Vinciguerra, Lori; M. Wills, Linda; Kejriwal, Nidhi; Martino, Paul; Vinciguerra, Ralph L. (2003). "An experimentation framework for evaluating disassembly and decompilation tools for C++ and java".
230:
Since CPUs generally allow dynamic jumps computed at runtime, it is not always possible to identify all possible locations in the binary that may be jumped to and therefore contain instructions.
221:
Another challenge is that it is not always possible to identify which parts of the binary correspond to executable code, and which correspond to data. While common executable formats like
181:
feature where the generated output gets enriched with comments regarding called API functions or parameters of called functions. Some disassemblers make use of the
123:. Disassembly, the output of a disassembler, is often formatted for human-readability rather than suitability for input to an assembler, making it principally a
818:
523:
Paul, Matthias R. (1997-07-30). "Kapitel II.5. Allgemeines: Undokumentierte Möglichkeiten von DEBUG" [Undocumented features of DEBUG].
65:
530:
630:
404:
358:
667:
234:
526:
NWDOS-TIPs — Tips & Tricks rund um Novell DOS 7, mit Blick auf undokumentierte
Details, Bugs und Workarounds
771:
87:
58:
238:
729:
698:
846:
222:
173:
255:. This poses an additional challenge to disassembly as the code must be decrypted before being disassembled.
186:
876:
17:
789:
Schwarz, Benjamin; Debray, Saumya; Andrews, Gregory (2002). "Disassembly of
Executable Code Revisited".
477:
248:
48:
803:
502:
396:
298:
190:
52:
44:
609:
524:
866:
798:
584:
561:"PEExplorer Windows Disassembler for Win 32-bit Program EXE DLL OCX, Code Binary Analysis Tool"
169:
120:
109:
69:
823:
794:
560:
355:
SIMON (batch interactive test/debug) includes disassemblers for
Assembler, COBOL, and PL/1
8:
834:
293:
226:
158:
128:
124:
871:
777:
445:
440:
182:
767:
321:
252:
147:
116:
781:
759:
657:
636:
374:
139:
112:
105:
850:
763:
860:
756:
10th
Working Conference on Reverse Engineering, 2003. WCRE 2003. Proceedings
547:
543:
288:
277:
177:
247:
Encryption may be used on some computer programs, particularly as part of
165:
143:
135:
831:
A general, open source, retargetable decompiler of machine code programs
403:
debugging product offering and is now to be found incorporated into the
450:
391:
154:
719:
688:
843:
408:
27:
Computer program to translate machine language into assembly language
828:
791:
Proceedings of 9th
Working Conference on Reverse Engineering (WCRE)
387:
268:
131:
753:
386:
A dynamic disassembler can be incorporated into the output of an
370:
347:
341:
273:
838:
724:
693:
662:
304:
244:
Disassemblers do not handle code that varies during execution.
331:
interactive test/debug) includes disassemblers for
Assembler,
853:, a free online disassembler of arms, mips, ppc, and x86 code
473:
332:
400:
366:
336:
328:
309:
362:
281:
498:
241:
architectures, more than one disassembly may be valid.
605:
127:
tool. Common uses of disassemblers include analyzing
788:
580:
516:
320:Netwide Disassembler (Ndisasm), companion to the
858:
720:"Extended Length Disassembler Engine for x86-64"
352:Rizin and Cutter (graphical interface for Rizin)
57:but its sources remain unclear because it lacks
176:. These are usually removed from the assembled
381:
361:, a commenting 16-bit/32-bit disassembler for
344:is a 32-bit assembler level analysing debugger
542:(NB. NWDOSTIP.TXT is a comprehensive work on
138:of a program whose original source was lost,
258:
185:information present in object files such as
623:
134:output and their optimizations, recovering
802:
280:, is related to the interactive debugger
88:Learn how and when to remove this message
468:
466:
239:complex instruction set computer (CISC)
14:
859:
819:List of x86 disassemblers in Wikibooks
414:
598:
529:. MPDOSTIP (in German) (3 ed.).
463:
119:—the inverse operation to that of an
573:
522:
29:
24:
824:Transformation Wiki on disassembly
793:. Department of Computer Science,
747:
251:to thwart reverse engineering and
161:rather than an assembly language.
25:
888:
812:
632:Sourcer - Commenting Disassembler
34:
732:from the original on 2020-10-08
712:
701:from the original on 2020-10-31
670:from the original on 2020-10-28
612:from the original on 2023-11-28
587:from the original on 2023-11-28
533:from the original on 2017-09-10
505:from the original on 2022-01-24
480:from the original on 2022-01-08
233:On computer architectures with
129:high-level programming language
689:"Tiny x86 Length Disassembler"
681:
650:
553:
491:
153:A disassembler differs from a
142:, modifying software (such as
13:
1:
456:
197:
168:generally permits the use of
7:
639:1988. Part Number S0989-164
635:(September 1989 ed.).
434:
382:Disassemblers and emulators
235:variable-width instructions
10:
893:
425:length disassembler engine
764:10.1109/WCRE.2003.1287233
259:Examples of disassemblers
249:digital rights management
204:
317:PE Explorer Disassembler
299:Interactive Disassembler
43:This article includes a
203:something as simple as
72:more precise citations.
637:V Communications, Inc.
795:University of Arizona
877:Reverse engineering
844:Online Disassembler
421:length disassembler
415:Length disassembler
314:Hopper Disassembler
159:high-level language
125:reverse-engineering
849:2012-04-26 at the
758:. pp. 14–23.
446:Data-flow analysis
441:Control-flow graph
237:, such as in many
183:symbolic debugging
164:Assembly language
157:, which targets a
45:list of references
322:Netwide Assembler
148:software cracking
117:assembly language
98:
97:
90:
16:(Redirected from
884:
808:
806:
785:
741:
740:
738:
737:
716:
710:
709:
707:
706:
685:
679:
678:
676:
675:
654:
648:
647:
645:
644:
627:
621:
620:
618:
617:
602:
596:
595:
593:
592:
577:
571:
570:
568:
567:
557:
551:
541:
539:
538:
520:
514:
513:
511:
510:
495:
489:
488:
486:
485:
470:
423:, also known as
375:V Communications
267:Any interactive
217:
216:
213:
210:
207:
140:malware analysis
113:machine language
106:computer program
93:
86:
82:
79:
73:
68:this article by
59:inline citations
38:
37:
30:
21:
892:
891:
887:
886:
885:
883:
882:
881:
857:
856:
851:Wayback Machine
815:
774:
750:
748:Further reading
745:
744:
735:
733:
718:
717:
713:
704:
702:
687:
686:
682:
673:
671:
656:
655:
651:
642:
640:
629:
628:
624:
615:
613:
604:
603:
599:
590:
588:
579:
578:
574:
565:
563:
559:
558:
554:
536:
534:
521:
517:
508:
506:
497:
496:
492:
483:
481:
472:
471:
464:
459:
437:
417:
384:
261:
214:
211:
208:
205:
200:
189:. For example,
172:and programmer
94:
83:
77:
74:
63:
49:related reading
39:
35:
28:
23:
22:
15:
12:
11:
5:
890:
880:
879:
874:
869:
855:
854:
841:
832:
826:
821:
814:
813:External links
811:
810:
809:
804:10.1.1.85.6387
786:
772:
749:
746:
743:
742:
711:
680:
649:
622:
597:
572:
552:
515:
499:"Binary Ninja"
490:
461:
460:
458:
455:
454:
453:
448:
443:
436:
433:
416:
413:
383:
380:
379:
378:
356:
353:
350:
345:
339:
325:
318:
315:
312:
307:
302:
296:
291:
260:
257:
199:
196:
96:
95:
53:external links
42:
40:
33:
26:
9:
6:
4:
3:
2:
889:
878:
875:
873:
870:
868:
867:Disassemblers
865:
864:
862:
852:
848:
845:
842:
840:
836:
835:Disassemblers
833:
830:
827:
825:
822:
820:
817:
816:
805:
800:
796:
792:
787:
783:
779:
775:
773:0-7695-2027-8
769:
765:
761:
757:
752:
751:
731:
727:
726:
721:
715:
700:
696:
695:
690:
684:
669:
665:
664:
659:
653:
638:
634:
633:
626:
611:
607:
601:
586:
582:
576:
562:
556:
549:
545:
532:
528:
527:
519:
504:
500:
494:
479:
475:
469:
467:
462:
452:
449:
447:
444:
442:
439:
438:
432:
430:
426:
422:
412:
410:
407:product from
406:
402:
398:
393:
389:
376:
372:
368:
364:
360:
357:
354:
351:
349:
346:
343:
340:
338:
334:
330:
326:
323:
319:
316:
313:
311:
308:
306:
303:
300:
297:
295:
292:
290:
287:
286:
285:
283:
279:
275:
270:
265:
256:
254:
250:
245:
242:
240:
236:
231:
228:
224:
219:
195:
192:
188:
184:
179:
175:
171:
167:
162:
160:
156:
151:
149:
145:
141:
137:
133:
130:
126:
122:
118:
114:
111:
107:
103:
92:
89:
81:
78:December 2009
71:
67:
61:
60:
54:
50:
46:
41:
32:
31:
19:
790:
755:
734:. Retrieved
723:
714:
703:. Retrieved
692:
683:
672:. Retrieved
661:
652:
641:. Retrieved
631:
625:
614:. Retrieved
600:
589:. Retrieved
575:
564:. Retrieved
555:
548:OpenDOS 7.01
544:Novell DOS 7
535:. Retrieved
525:
518:
507:. Retrieved
493:
482:. Retrieved
428:
424:
420:
418:
385:
377:in the 1990s
289:Binary Ninja
278:GNU Binutils
266:
262:
246:
243:
232:
220:
201:
178:machine code
163:
152:
102:disassembler
101:
99:
84:
75:
64:Please help
56:
166:source code
144:ROM hacking
136:source code
70:introducing
18:Disassembly
861:Categories
736:2019-12-10
705:2019-12-10
674:2020-02-26
643:2019-12-21
616:2023-12-09
591:2023-12-09
566:2022-04-25
537:2014-09-06
509:2022-01-25
484:2022-01-25
457:References
451:Decompiler
392:hypervisor
276:, part of
198:Challenges
155:decompiler
110:translates
872:Debugging
829:Boomerang
799:CiteSeerX
797:: 45–54.
658:"ldisasm"
409:Compuware
170:constants
132:compilers
121:assembler
847:Archived
782:10398240
730:Archived
699:Archived
668:Archived
610:Archived
606:"Cutter"
585:Archived
531:Archived
503:Archived
478:Archived
474:"Hopper"
435:See also
405:XPEDITER
388:emulator
327:OLIVER (
269:debugger
253:cracking
174:comments
581:"Rizin"
371:Windows
359:Sourcer
348:Radare2
342:OllyDbg
324:(NASM).
274:objdump
146:), and
66:improve
839:Curlie
801:
780:
770:
725:GitHub
694:GitHub
663:GitHub
335:, and
305:Ghidra
778:S2CID
397:state
333:COBOL
301:(IDA)
294:DEBUG
115:into
108:that
104:is a
51:, or
768:ISBN
546:and
401:CICS
369:and
367:OS/2
337:PL/1
329:CICS
310:Hiew
225:and
837:at
760:doi
429:LDE
390:or
373:by
363:DOS
282:gdb
223:ELF
206:MOV
191:IDA
187:ELF
863::
776:.
766:.
728:.
722:.
697:.
691:.
666:.
660:.
608:.
583:.
501:.
476:.
465:^
419:A
411:.
365:,
284:.
227:PE
215:BX
209:AX
150:.
100:A
55:,
47:,
807:.
784:.
762::
739:.
708:.
677:.
646:.
619:.
594:.
569:.
540:.
512:.
487:.
427:(
395:"
212:,
91:)
85:(
80:)
76:(
62:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.