Disassembly vs. Assembly
Is there a difference? In my VS2010, if I run the debugger I have an option to view disassembly, and I've used it many times just to kind of see what's going on. But, I thought disassembling was more of a backwards approach, and assembly was just that, assembly language. Is there any difference or is this just some crazy Microsoft thing?
Assembling is converting assembly language mnemonics (such as mov, nop or push) into machine code. Disassembling is the opposite.
When you build a program in C++, the compiler first converts the C++ code into assembly code, then the assembly code is assembled into machine code.
When you disassemble a program all you're doing is taking the machine code from the executable and converting it into assembly language.
When you build a program in C++, the compiler first converts the C++ code into assembly code, then the assembly code is assembled into machine code.
When you disassemble a program all you're doing is taking the machine code from the executable and converting it into assembly language.
Ah that makes sense. Now, I've heard that if you compared the two sets of assembly languages it makes, that they could be different. Is there anyway with VS2010 to view the assembly that it makes before the machine language?
I don't use Visual Studio so I wouldn't know how to do that. With gcc (the GNU C Compiler) you would pass the "-S" parameter.
I have heard that, for security reasons, gcc always generates different assembly code for a given C program, but I don't know if its true.
I have heard that, for security reasons, gcc always generates different assembly code for a given C program, but I don't know if its true.
Yes, it is true.
Also of note is that a disassembler doesn't know anything more about your program than is in the executable, which is nothing humans find very useful.
When you write a program, you name things and organize them to be useful to your understanding.
Once compiled, all that meta data is gone, and all that is left is nameless stuff. Reading disassembled output is not much better than just reading the byte-codes for the executable. JSYK.
Also of note is that a disassembler doesn't know anything more about your program than is in the executable, which is nothing humans find very useful.
When you write a program, you name things and organize them to be useful to your understanding.
Once compiled, all that meta data is gone, and all that is left is nameless stuff. Reading disassembled output is not much better than just reading the byte-codes for the executable. JSYK.
Mnemonics are, IMO, much easier to read than raw hex :P
Also, there are programs that parse disassembled code and try to give more meaning to it, for example by generating comments.
Also, there are programs that parse disassembled code and try to give more meaning to it, for example by generating comments.
I didn't say it wasn't better; I said it wasn't that much better at all.
There exist programs that will "decompile" stuff into your favorite language, like C++ or Delphi. It still is a mess to read through...
There exist programs that will "decompile" stuff into your favorite language, like C++ or Delphi. It still is a mess to read through...
Yeah, I've tried the Boomerang decompiler, which disassembles executables and then tries to produce C code from the assembly. The results are... well... even very simple programs can't be recompiled. Clearly further research into decompilation is needed :P
@ chrisname: Give this one a shot, I've only tried the free version but it seems pretty cool: http://www.hex-rays.com/products/ida/index.shtml
closed account (zwA4jE8b)
I don't know a whole heck of a lot about reverse engineering but IDA seems pretty amazing.
Topic archived. No new replies allowed.