How to disassemble with objdump and recompile the program ?

Discussion in 'C Programming' started by Benoit Lefebvre, Dec 6, 2007.

  1. Anyone have hints for me on how I can disassemble a binary file using
    objdump, do some modifications and then recompile everything ?

    thanks,
    --Ben
    Benoit Lefebvre, Dec 6, 2007
    #1
    1. Advertising

  2. Benoit Lefebvre

    santosh Guest

    Benoit Lefebvre wrote:

    > Anyone have hints for me on how I can disassemble a binary file using
    > objdump, do some modifications and then recompile everything ?


    No. This cannot be done. Disassembly gives you assembler code which a C
    compiler cannot compile. Also often disassembly is very difficult to
    figure out and modifications might lead to errors. If source is not
    accessible and you must modify the binary then ask in a platform
    specific group. For example if you are disassembling x86 machine code
    ask in <news:comp.lang.asm.x86> or <news:alt.lang.asm>.
    santosh, Dec 6, 2007
    #2
    1. Advertising

  3. Benoit Lefebvre

    Guest

    On Dec 6, 9:51 pm, Benoit Lefebvre <> wrote:
    > Anyone have hints for me on how I can disassemble a binary file using
    > objdump, do some modifications and then recompile everything ?


    How about something like this? You could easily enhance it to report
    any errors that occur.

    #include <stdio.h>

    int main(void)
    {
    FILE *fp, *fq;
    int c;
    if(fp=fopen("progname", "rb")) {
    if(fq=fopen("progname-new", "wb")) {
    while((c=fgetc(fp))!=EOF) {
    c ^= 0x42; /* <--- supply the desired modification here */
    if(fputc(c, fq)==EOF)
    break;
    }
    fclose(fq);
    }
    fclose(fp);
    }
    return 0;
    }

    >
    > thanks,


    You're welcome.

    > --Ben
    , Dec 6, 2007
    #3
  4. On Dec 6, 4:55 pm, santosh <> wrote:
    > Benoit Lefebvre wrote:
    > > Anyone have hints for me on how I can disassemble a binary file using
    > > objdump, do some modifications and then recompile everything ?

    >
    > No. This cannot be done. Disassembly gives you assembler code which a C
    > compiler cannot compile. Also often disassembly is very difficult to
    > figure out and modifications might lead to errors. If source is not
    > accessible and you must modify the binary then ask in a platform
    > specific group. For example if you are disassembling x86 machine code
    > ask in <news:comp.lang.asm.x86> or <news:alt.lang.asm>.


    And... can't an asm compiler recompile the code ?
    Benoit Lefebvre, Dec 7, 2007
    #4
  5. Benoit Lefebvre

    santosh Guest

    Benoit Lefebvre wrote:

    > On Dec 6, 4:55 pm, santosh <> wrote:
    >> Benoit Lefebvre wrote:
    >> > Anyone have hints for me on how I can disassemble a binary file
    >> > using objdump, do some modifications and then recompile everything
    >> > ?

    >>
    >> No. This cannot be done. Disassembly gives you assembler code which a
    >> C compiler cannot compile. Also often disassembly is very difficult
    >> to figure out and modifications might lead to errors. If source is
    >> not accessible and you must modify the binary then ask in a platform
    >> specific group. For example if you are disassembling x86 machine code
    >> ask in <news:comp.lang.asm.x86> or <news:alt.lang.asm>.

    >
    > And... can't an asm compiler recompile the code ?


    It could, but that's off-topic here.
    santosh, Dec 7, 2007
    #5
  6. santosh wrote:
    >
    > Benoit Lefebvre wrote:
    >
    > > On Dec 6, 4:55 pm, santosh <> wrote:
    > >> Benoit Lefebvre wrote:
    > >> > Anyone have hints for me on how I can disassemble a binary file
    > >> > using objdump, do some modifications and then recompile everything
    > >> > ?
    > >>
    > >> No. This cannot be done. Disassembly gives you assembler code which a
    > >> C compiler cannot compile. Also often disassembly is very difficult
    > >> to figure out and modifications might lead to errors. If source is
    > >> not accessible and you must modify the binary then ask in a platform
    > >> specific group. For example if you are disassembling x86 machine code
    > >> ask in <news:comp.lang.asm.x86> or <news:alt.lang.asm>.

    > >
    > > And... can't an asm compiler recompile the code ?


    Assuming the disassembler got everything correct, perhaps. But,
    I doubt that it would generate code that could be modified and
    then properly recompiled without considerable effort, in all but
    the simplest of programs.

    Consider a simple disassembly of:

    push 0x1234

    Is "0x1234" a constant, or the address of a variable?

    > It could, but that's off-topic here.


    "What he said."

    (And why has no one brought up the "cow from hamburger" analogy yet?)

    --
    +-------------------------+--------------------+-----------------------+
    | Kenneth J. Brody | www.hvcomputer.com | #include |
    | kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer.h> |
    +-------------------------+--------------------+-----------------------+
    Don't e-mail me at: <mailto:>
    Kenneth Brody, Dec 7, 2007
    #6
  7. Benoit Lefebvre

    Guest

    Kenneth Brody wrote:
    > santosh wrote:
    > >
    > > Benoit Lefebvre wrote:
    > >
    > > > On Dec 6, 4:55 pm, santosh <> wrote:
    > > >> Benoit Lefebvre wrote:
    > > >> > Anyone have hints for me on how I can disassemble a binary file
    > > >> > using objdump, do some modifications and then recompile everything
    > > >> > ?
    > > >>
    > > >> No. This cannot be done. Disassembly gives you assembler code which a
    > > >> C compiler cannot compile. Also often disassembly is very difficult
    > > >> to figure out and modifications might lead to errors. If source is
    > > >> not accessible and you must modify the binary then ask in a platform
    > > >> specific group. For example if you are disassembling x86 machine code
    > > >> ask in <news:comp.lang.asm.x86> or <news:alt.lang.asm>.
    > > >
    > > > And... can't an asm compiler recompile the code ?

    >
    > Assuming the disassembler got everything correct, perhaps. But,
    > I doubt that it would generate code that could be modified and
    > then properly recompiled without considerable effort, in all but
    > the simplest of programs.
    >
    > Consider a simple disassembly of:
    >
    > push 0x1234
    >
    > Is "0x1234" a constant, or the address of a variable?


    Correct me if I'm wrong; I've never used one - but wouldn't "push
    0x1234" be the output from a disassember, rather than the input? I
    thought a disassembler is something which takes machine code and
    converts it to corresponding assembler code. As such it should be a
    perfectly straightforward task to reassemble the results.

    I think what you (and the OP) are thinking about is a decompiler:
    something that takes assembly language and converts it into a high-
    level language like C. That would run into precisely the problems you
    mention.
    , Dec 7, 2007
    #7
  8. Benoit Lefebvre

    CBFalconer Guest

    Benoit Lefebvre wrote:
    > santosh <> wrote:
    >> Benoit Lefebvre wrote:
    >>
    >>> Anyone have hints for me on how I can disassemble a binary file
    >>> using objdump, do some modifications and then recompile everything ?

    >>
    >> No. This cannot be done. Disassembly gives you assembler code
    >> which a C compiler cannot compile. Also often disassembly is
    >> very difficult to figure out and modifications might lead to
    >> errors. If source is not accessible and you must modify the
    >> binary then ask in a platform specific group. For example if
    >> you are disassembling x86 machine code ask in
    >> <news:comp.lang.asm.x86> or <news:alt.lang.asm>.

    >
    > And... can't an asm compiler recompile the code ?


    No such thing exists. Assemblers 'assemble' from assembly source
    code, which code describes each individual machine instruction.
    The assembly language is different for every type of CPU, and often
    for various sub-types. Assembly language is not written to be
    understandable to the reader, but to the computer. (Although good
    assembly language programmers can make assembly code
    understandable)

    --
    Chuck F (cbfalconer at maineline dot net)
    <http://cbfalconer.home.att.net>
    Try the download section.



    --
    Posted via a free Usenet account from http://www.teranews.com
    CBFalconer, Dec 8, 2007
    #8
  9. Benoit Lefebvre

    santosh Guest

    wrote:

    > Kenneth Brody wrote:
    >> santosh wrote:
    >> >
    >> > Benoit Lefebvre wrote:
    >> >
    >> > > On Dec 6, 4:55 pm, santosh <> wrote:
    >> > >> Benoit Lefebvre wrote:
    >> > >> > Anyone have hints for me on how I can disassemble a binary
    >> > >> > file using objdump, do some modifications and then recompile
    >> > >> > everything ?
    >> > >>
    >> > >> No. This cannot be done. Disassembly gives you assembler code
    >> > >> which a C compiler cannot compile. Also often disassembly is
    >> > >> very difficult to figure out and modifications might lead to
    >> > >> errors. If source is not accessible and you must modify the
    >> > >> binary then ask in a platform specific group. For example if you
    >> > >> are disassembling x86 machine code ask in
    >> > >> <news:comp.lang.asm.x86> or <news:alt.lang.asm>.
    >> > >
    >> > > And... can't an asm compiler recompile the code ?

    >>
    >> Assuming the disassembler got everything correct, perhaps. But,
    >> I doubt that it would generate code that could be modified and
    >> then properly recompiled without considerable effort, in all but
    >> the simplest of programs.
    >>
    >> Consider a simple disassembly of:
    >>
    >> push 0x1234
    >>
    >> Is "0x1234" a constant, or the address of a variable?

    >
    > Correct me if I'm wrong; I've never used one - but wouldn't "push
    > 0x1234" be the output from a disassember, rather than the input?


    It is output. A disassembler often interprets the machine code literally
    and thus can generate instructions that the original source did not
    have. Additionally symbols and type information are likely to be lost.
    The disassembly could even come out erroneously for a reasonably
    complex program.

    Just try to disassemble a hello world C++ program and assemble it back
    to an executable in a suitable assembler (that understands the
    disassembler's output syntax) and run it. Sometimes the reassembly will
    fail, while often when it succeeds the program run erroneously.

    The <news:alt.lang.asm> and <news:comp.lang.asm.x86> newsgroups have had
    a lot of detailed discussions on disassembly and related topics. For
    anyone interested (specifically the OP) a Google search of those groups
    will be useful.

    As this is totally OT to this group, I'll stop here.

    <snip>
    santosh, Dec 8, 2007
    #9
  10. [snips]

    On Fri, 07 Dec 2007 11:45:18 -0800, jameskuyper wrote:

    >> Consider a simple disassembly of:
    >>
    >> push 0x1234
    >>
    >> Is "0x1234" a constant, or the address of a variable?

    >
    > Correct me if I'm wrong; I've never used one - but wouldn't "push
    > 0x1234" be the output from a disassember, rather than the input?


    I think he might have skipped some context. Consider two possible
    disassemblies of the equivalent of a "Hello, world" program:

    ; Listing one
    txt db 'Hello, world'

    ..main
    load reg, offset_of txt
    push reg
    call .printf

    ; Listing two
    txt db 'Hello, world'

    ..main
    push 0x1234 ; address of 'Hello, world'
    call 0x3917 ; address of printf


    Each is a perfectly reasonable disassembling; one of 'em ain't gonna work
    on re-assembling, unless every single byte is in exactly the right spot,
    which even in assembly is not necessarily gonna happen, particularly if
    the reason for disassembling was to fix/add/alter the code somehow.
    Kelsey Bjarnason, Dec 9, 2007
    #10
  11. Benoit Lefebvre

    pete Guest

    Kenneth Brody wrote:

    > Consider a simple disassembly of:
    >
    > push 0x1234
    >
    > Is "0x1234" a constant, or the address of a variable?


    The concepts of "address" and "constant",
    aren't mutually exclusive.

    N869
    6.6 Constant expressions

    [#9] An address constant is a null pointer, a pointer to an
    lvalue designating an object of static storage duration, or
    to a function designator;

    --
    pete
    pete, Dec 9, 2007
    #11
  12. pete wrote:
    >
    > Kenneth Brody wrote:
    >
    > > Consider a simple disassembly of:
    > >
    > > push 0x1234
    > >
    > > Is "0x1234" a constant, or the address of a variable?

    >
    > The concepts of "address" and "constant",
    > aren't mutually exclusive.
    >
    > N869
    > 6.6 Constant expressions
    >
    > [#9] An address constant is a null pointer, a pointer to an
    > lvalue designating an object of static storage duration, or
    > to a function designator;


    However, in the OPs case of wanting to disassemble, modify,
    reassemble, it makes a big difference. Consider:

    foo(&x);
    bar(0x1234);

    If &x==0x1234, it is quite possible to see this as a disassembly:

    push 0x1234
    call foo
    push 0x1234
    call bar

    --
    +-------------------------+--------------------+-----------------------+
    | Kenneth J. Brody | www.hvcomputer.com | #include |
    | kenbrody/at\spamcop.net | www.fptech.com | <std_disclaimer.h> |
    +-------------------------+--------------------+-----------------------+
    Don't e-mail me at: <mailto:>
    Kenneth Brody, Dec 10, 2007
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BH
    Replies:
    0
    Views:
    1,063
  2. Dai Hao
    Replies:
    3
    Views:
    643
    MS News \(MS ILM\)
    Aug 15, 2003
  3. sunny
    Replies:
    8
    Views:
    2,503
    Walter Roberson
    Nov 10, 2006
  4. tahir

    ASP.NET Disassemble

    tahir, Jun 13, 2008, in forum: ASP .Net
    Replies:
    6
    Views:
    5,646
    Cowboy \(Gregory A. Beamer\)
    Jun 13, 2008
  5. SASADA Koichi

    [ANN] YARV Compile and Disassemble CGI

    SASADA Koichi, Oct 4, 2005, in forum: Ruby
    Replies:
    1
    Views:
    240
    Phil Tomson
    Oct 4, 2005
Loading...

Share This Page