Free 64-bit disassembler?

windows 64-bit x86-64 disassembly
31,566

Solution 1

ArkDasm is a 64-bit interactive disassembler. Supported file types: PE64, raw binary files.

http://www.arkdasm.com/

You can examine imports, exports, debug symbols (if you have .pdb file), flip code to data, data to code (look at keyboards shortcuts in readme.pdf) has support for bookmarks, adding comments also you can save the database to work on it later...

Solution 2

I use objdump -d. :-) Does that not work for you?

Solution 3

If you're working with Windows files and have Visual Studio, you can use the dumpbin tool.

dumpbin /disasm ntoskrnl.exe /out:ntoskrnl.asm

It won't display exports inline either, but you can see them separately with the /exports switch. Then you can make a little script to parse the exports and replace the addresses in the assembly listing with names.

Solution 4

GNU binutils has objdump, which should work:

-d

--disassemble

Display the assembler mnemonics for the machine instructions from objfile. This option only disassembles those sections which are expected to contain instructions.

-D

--disassemble-all

Like -d, but disassemble the contents of all sections, not just those expected to contain instructions. If the target is an ARM architecture this switch also has the effect of forcing the disassembler to decode pieces of data found in code sections as if they were instructions.

It will already be installed on most Linux distributions that have GCC or other development tools installed, and Windows versions are available via e.g. Cygwin.

Solution 5

http://www.duxcore.com/products.html

http://www.duxcore.com/fs_files/VisualDuxDbgSetup.zip

Visual DuxDebugger is a 64-bit debugger disassembler for Windows.

Main features Fully support 64-bit native processes Fully support 64-bit .NET processes Full code analysis Full memory analysis Code edition Memory edition Module export formats (EXE/DLL/CSV) Debug multiple processes Debug multiple child processes

Minimum Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Pentium 4 3.0 GHz

Recommended Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Dual Core 2.5 GHz Display: 1920 x 1080

Share:
31,566
user541686
Author by

user541686

Updated on July 09, 2022

Comments

  • user541686
    user541686 almost 2 years

    Note: A similar question is also on Reverse Engineering Stack Exchange.

    Is there any free AMD64 disassembler?

    It seems like there are a lot of x86 disassemblers, but they can't open 64-bit files...

    Update:

    Are there any tools that can show exported symbols in the disassembly as well? It's a little hard to figure out the code when the exports aren't identified. (I don't need debug symbols, just exports.)

  • user541686
    user541686 almost 13 years
    +1 Whoa it definitely does, I never knew it could disassemble. Thanks a lot!
  • user541686
    user541686 almost 13 years
    @Chris: A little question: Is there any way to make it label exported functions in the code? It's hard to make sense of the disassembly a little without them.
  • C. K. Young
    C. K. Young almost 13 years
    @Mehrdad: Oh, you mean dynamic symbols from a stripped executable? I'm not entirely sure.
  • Nicholas Knight
    Nicholas Knight almost 13 years
    @Mehrdad: If it was built from regular ol' C code, they should already be there. Just for reference, here's the output I got from a dumb-simple .c file with just a foo() and main() function (just search for "foo": pastebin.com/49sYkv2q
  • Nicholas Knight
    Nicholas Knight almost 13 years
    @Mehdrad @Chris: D'oh, right, if the executable is stripped you're out of luck (I never strip my binaries except on embedded work, so I forget about that :().
  • user541686
    user541686 almost 13 years
    @Nicholas: I tried disassembling ntoskrnl.exe but didn't see any function names... was I doing something wrong? (The exports, which I'm looking for, should always be there, you shouldn't need symbols for them...)
  • user541686
    user541686 almost 13 years
    +1 thanks for the suggestion. It's a little tedious but if I have to do it I guess I might, thanks.
  • Igor Skochinsky
    Igor Skochinsky almost 13 years
    BTW, you can also use dbh.exe from Debugging Tools for Windows to fetch the .pdb file for ntoskrnl.exe and show symbols from it.
  • Ghita
    Ghita over 11 years
    unfortunately Visual DuxDebugger works only for 64 bit images...
  • Chris_F
    Chris_F over 5 years
    Domain no longer exists.
  • Chris_F
    Chris_F over 5 years
    Domain no longer exists.
  • user541686
    user541686 almost 5 years
    It's still available for download at tuts4you.com/e107_plugins/download/download.php?view.3522

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can I load a 32 bit DLL into a 64 bit process on Windows?
CMake -G Ninja on Windows specify x64
Assembly 64bit - movl, movq. Interchanging is okay?
Assembly Syscalls in 64-bit Windows
finding dll for "The specified module could not be found"
How to find if java.exe is 32-bit or 64-bit?
Install numpy Windows 8 64 with Python 3.5
why 32 bit drivers do not work on 64 bit
Run 16-bit command line application on Windows 7 64-bit
HOW TO INSTALL openCV in Win7 -64-bit