How to disassemble with objdump and recompile the program ?

[Benoit Lefebvre]

Anyone have hints for me on how I can disassemble a binary file using
objdump, do some modifications and then recompile everything ?

thanks,
--Ben

 

[santosh]

Anyone have hints for me on how I can disassemble a binary file using
objdump, do some modifications and then recompile everything ?

No. This cannot be done. Disassembly gives you assembler code which a C
compiler cannot compile. Also often disassembly is very difficult to
figure out and modifications might lead to errors. If source is not
accessible and you must modify the binary then ask in a platform
specific group. For example if you are disassembling x86 machine code
ask in <or <news:alt.lang.asm>.

 

[Francine.Neary]

Anyone have hints for me on how I can disassemble a binary file using
objdump, do some modifications and then recompile everything ?

How about something like this? You could easily enhance it to report
any errors that occur.

#include <stdio.h>

int main(void)
{
FILE *fp, *fq;
int c;
if(fp=fopen("progname", "rb")) {
if(fq=fopen("progname-new", "wb")) {
while((c=fgetc(fp))!=EOF) {
c ^= 0x42; /* <--- supply the desired modification here */
if(fputc(c, fq)==EOF)
break;
}
fclose(fq);
}
fclose(fp);
}
return 0;
}

thanks,

You're welcome.

 

[Benoit Lefebvre]

No. This cannot be done. Disassembly gives you assembler code which a C
compiler cannot compile. Also often disassembly is very difficult to
figure out and modifications might lead to errors. If source is not
accessible and you must modify the binary then ask in a platform
specific group. For example if you are disassembling x86 machine code
ask in <news:comp.lang.asm.x86> or <news:alt.lang.asm>.

And... can't an asm compiler recompile the code ?

 

[santosh]

And... can't an asm compiler recompile the code ?

It could, but that's off-topic here.

 

[Kenneth Brody]

Assuming the disassembler got everything correct, perhaps. But,
I doubt that it would generate code that could be modified and
then properly recompiled without considerable effort, in all but
the simplest of programs.

Consider a simple disassembly of:

push 0x1234

Is "0x1234" a constant, or the address of a variable?

It could, but that's off-topic here.

"What he said."

(And why has no one brought up the "cow from hamburger" analogy yet?)

--
+-------------------------+--------------------+-----------------------+
| Kenneth J. Brody | www.hvcomputer.com | #include |
| kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer.h> |
+-------------------------+--------------------+-----------------------+
Don't e-mail me at: <mailto:[email protected]>

 

[jameskuyper]

Assuming the disassembler got everything correct, perhaps. But,
I doubt that it would generate code that could be modified and
then properly recompiled without considerable effort, in all but
the simplest of programs.

Consider a simple disassembly of:

push 0x1234

Is "0x1234" a constant, or the address of a variable?

Correct me if I'm wrong; I've never used one - but wouldn't "push
0x1234" be the output from a disassember, rather than the input? I
thought a disassembler is something which takes machine code and
converts it to corresponding assembler code. As such it should be a
perfectly straightforward task to reassemble the results.

I think what you (and the OP) are thinking about is a decompiler:
something that takes assembly language and converts it into a high-
level language like C. That would run into precisely the problems you
mention.

 

[CBFalconer]

And... can't an asm compiler recompile the code ?

No such thing exists. Assemblers 'assemble' from assembly source
code, which code describes each individual machine instruction.
The assembly language is different for every type of CPU, and often
for various sub-types. Assembly language is not written to be
understandable to the reader, but to the computer. (Although good
assembly language programmers can make assembly code
understandable)

 

[santosh]

Correct me if I'm wrong; I've never used one - but wouldn't "push
0x1234" be the output from a disassember, rather than the input?

It is output. A disassembler often interprets the machine code literally
and thus can generate instructions that the original source did not
have. Additionally symbols and type information are likely to be lost.
The disassembly could even come out erroneously for a reasonably
complex program.

Just try to disassemble a hello world C++ program and assemble it back
to an executable in a suitable assembler (that understands the
disassembler's output syntax) and run it. Sometimes the reassembly will
fail, while often when it succeeds the program run erroneously.

The <and <newsgroups have had
a lot of detailed discussions on disassembly and related topics. For
anyone interested (specifically the OP) a Google search of those groups
will be useful.

As this is totally OT to this group, I'll stop here.

<snip>

 

[Kelsey Bjarnason]

[snips]

Correct me if I'm wrong; I've never used one - but wouldn't "push
0x1234" be the output from a disassember, rather than the input?

I think he might have skipped some context. Consider two possible
disassemblies of the equivalent of a "Hello, world" program:

; Listing one
txt db 'Hello, world'

..main
load reg, offset_of txt
push reg
call .printf

; Listing two
txt db 'Hello, world'

..main
push 0x1234 ; address of 'Hello, world'
call 0x3917 ; address of printf


Each is a perfectly reasonable disassembling; one of 'em ain't gonna work
on re-assembling, unless every single byte is in exactly the right spot,
which even in assembly is not necessarily gonna happen, particularly if
the reason for disassembling was to fix/add/alter the code somehow.

 

[pete]

Consider a simple disassembly of:

push 0x1234

Is "0x1234" a constant, or the address of a variable?

The concepts of "address" and "constant",
aren't mutually exclusive.

N869
6.6 Constant expressions

[#9] An address constant is a null pointer, a pointer to an
lvalue designating an object of static storage duration, or
to a function designator;

 

[Kenneth Brody]

Consider a simple disassembly of:

push 0x1234

Is "0x1234" a constant, or the address of a variable?

The concepts of "address" and "constant",
aren't mutually exclusive.

N869
6.6 Constant expressions

[#9] An address constant is a null pointer, a pointer to an
lvalue designating an object of static storage duration, or
to a function designator;

However, in the OPs case of wanting to disassemble, modify,
reassemble, it makes a big difference. Consider:

foo(&x);
bar(0x1234);

If &x==0x1234, it is quite possible to see this as a disassembly:

push 0x1234
call foo
push 0x1234
call bar

--
+-------------------------+--------------------+-----------------------+
| Kenneth J. Brody | www.hvcomputer.com | #include |
| kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer.h> |
+-------------------------+--------------------+-----------------------+
Don't e-mail me at: <mailto:[email protected]>