L'Xtreme

Are we there yet?

dasm2 - A disassembler for Linux

Table of Contents

Introduction

This is a rewrite of the original dasm script written by SiuL+Hacky in July 1999. I made the script "strict compliant" and added some nice features, like full cross referencing of the source and interleaving of any found debugging information.

News

18/12/02 - I released the second version of dasm2 (actually, it's version 1.2a, but what's in the name?). Change overview: added some additional parameters to give you more control about the output of dasm2, and fixed some minor bugs (download section).

26/11/02 - Version 1 of dasm2 is released. See the download section for the tarball.

Installation

Since you want to know, there is not much to install here. Just download the program and extract it to a place you can access.

There are two requirements for running this script, namely that you've got a working version of Perl and a working copy of `objdump'. Without this, the script simply does not do anything but to generate errors :-)

Documentation

As from version 1.2a, the output of dasm2 can be controlled in some ways by passing additional parameters to the program. In the following snippet, the parameters of dasm2 are displayed:

Usage: dasm2 OPTIONS... <binary input>

Where OPTIONS is one of:

  -q(uiet)        Don't print any progress information.
  -p(refix)       Prefix assembly output with source address.
  -nop(refix)     Don't prefix assembly output (default).
  -unistd=<file>  Obtain system call information from this file.
  -output=<file>  Output assembly to <file> (defaults to
                  STDOUT).

As you can see, the obligatory second parameter is gone now. By default, dasm2 will output to the standard output. All error output is written to the standard error console. If you don't want to see any progress information, you can pass the -q option to shut up dasm2.

The -unistd option allows you to point dasm2 the way to the unistd.h file of your kernel source. This file defines all the system calls your kernel is aware of. By default, dasm2 looks for this file in /usr/src/linux/include/asm. If it isn't found, dasm2 won't be able to “reverse-lookup” system calls (=int $80), no big deal if you are reverse engineering dynamic executables.

If you want the assembly output to be prefixed with the source address, you should pass the -p parameter to dasm2.

Download