Open kcsmta opened 6 years ago
I have some binary files which i want to disasemble. I've try Capstone. I now encounter some problems:
For binary blob, i dont know any public tool that can figure out the CPU arch + mode. But for legit file, you can look at fileformat and find out.
For legit file, such as ELF, PE, MachO, you need to understand the format to extract the code out. Find docs on these formats, and see how. Besides, it is good to look at sample projects to see how people did this.
@aquynh your answer is very useful. Error occurred when i run objdump means that these binary file is not legit?
Maybe. You can confirm by running the same cmd on a legit Linux executable file.
@aquynh it got error: "cannot execute binary file: Exec format error" like this: but i think the reason is because i trying to run an executable compiled for an ARM architecture on an x86-64 architecture (when i run command file [file_name], i got the information: "ELF 32-bit LSB executable, ARM, version 1, statically linked, not stripped" like this . How to get machine code from these file? Plz give me some advices
You need objdump for Arm, available in Arm toolchain.
Or it is easier to use other tools, like radare2, that supports everything.
@aquynh I'll try it. So many thanks!
Close?
Y
On 23 Oct 2018, at 10:36, E:V:A notifications@github.com wrote:
Close?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
I have some binary files which i want to disasemble. I've try Capstone. I now encounter some problems: