Author Topic: 64-bit disassemblers (Read 9773 times)

Iznogoode · « **on:** May 28, 2019, 01:04:28 AM »

Hello everyone,
I am looking for a good 64-bit disassembler (free if possible) to allow me to review some EXE for analysing some programming techniques. I did not manage to download DarkAsm which seems interesting despite its last update dating from 2005.
I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined.
I liked the OllyDbg configuration which unfortunately does not exist for 64 bits.
Thank you for your help !

felipe · « **Reply #1 on:** May 28, 2019, 01:12:16 AM »

ida it's the king of dissasemblers. It has a free version which its pretty good (dosen't inlcude the debbuger). Take this free version from here:
https://www.hex-rays.com/products/ida/support/download_freeware.shtml

felipe · « **Reply #2 on:** May 28, 2019, 01:22:22 AM »

Have a look to this tweet for some information about that freeware version: https://twitter.com/lennyzeltser/status/959473003770900481

fearless · « **Reply #3 on:** May 28, 2019, 01:24:13 AM »

Came across this recently on github: https://redasm.io/

Quote

REDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework.
Its core is modular and it can be easily extended in order to support new file formats and instruction sets.
You can hack and improve REDasm without any issues and limitations.

Runs on Windows and Linux.

LiaoMi · « **Reply #4 on:** May 28, 2019, 01:51:40 AM »

Download
PEBrowse64 Professional (V.7.0.0). - Last update 05/22/2019.
for Windows 10, Windows 8 and Windows 7 (all versions 64-bit only)
MSI file, 1,597 KB
SHA256: f1dd4bfcd4dc5c3eced44382cbbc8441915cf5460a43a503a84f8f5af2aaa0f0

PEBrowseDbg64 Interactive (V7.0.0). - Last update 05/22/2019.
for Windows 10, Windows 8 and Windows 7 (all versions 64-bit only)
MSI file, 1,814 KB
SHA256: 857f64babbeadbc93ae5111e542d52ac83343f0112cd38b60e8f1228f3347d38

http://www.smidgeonsoft.prohosting.com/

LiaoMi · « **Reply #5 on:** May 28, 2019, 01:57:50 AM »

The OpenSource Disassembler https://redasm.io

REDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework, its core is modular and it can be easily extended in order to support new file formats and instruction sets.
You can hack and improve REDasm without any issues and limitations.

Source https://github.com/REDasmOrg/REDasm
Bin https://redasm.io/download

Iznogoode · « **Reply #6 on:** May 28, 2019, 03:46:57 AM »

Thank you very much LiaoMi, Fearless and Felipe for your very comprehensive answers. I will test these disassemblers in the next days and I will keep you informed of my tests.

Vortex · « **Reply #7 on:** May 28, 2019, 04:25:41 AM »

Hi Iznogoode,

Object file converter :

Quote

This utility can be used for converting object files between COFF/PE, OMF, ELF and Mach-O formats for all 32-bit and 64-bit x86 platforms. Can modify symbol names in object files. Can build, modify and convert function libraries across platforms. Can dump object files and executable files. Also includes a very good disassembler supporting the SSE4, AVX, AVX2, AVX512, FMA3, FMA4, XOP and Knights Corner instruction sets. Source code included (GPL).

https://www.agner.org/optimize/#objconv

jj2007 · « **Reply #8 on:** May 28, 2019, 06:41:51 AM »

Quote from: Iznogoode on May 28, 2019, 01:04:28 AM

I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined.
I liked the OllyDbg configuration which unfortunately does not exist for 64 bits.

Hi, I am surprised that you write that, because X64Dbg has shamelessly copied the OllyDbg interface:

fearless · « **Reply #9 on:** May 28, 2019, 07:35:12 AM »

Quote

I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined

I think its a common issue and is (at a guess) probably due to the default settings that break on system breakpoints - in Options->Preferences-Events tab, make sure the System Breakpoint is unchecked, leave Entry and Attach checked

Iznogoode · « **Reply #10 on:** May 30, 2019, 06:24:25 PM »

Quote from: jj2007 on May 28, 2019, 06:41:51 AM

...
Hi, I am surprised that you write that, because X64Dbg has shamelessly copied the OllyDbg interface:
...

Sorry, jj2007, I said that the x64dbg disassembled code seemed to me inconsistent, unlike what OllyDbg does in 32-bit disassembling.
French is my native language and I understand English as much as a Spanish cow... (Many thanks to Google Translate)

Quote from: Vortex on May 28, 2019, 04:25:41 AM

Hi Iznogoode,

Object file converter :

Quote
This utility can be used for converting object files between COFF/PE, OMF, ELF and Mach-O formats for all 32-bit and 64-bit x86 platforms...

https://www.agner.org/optimize/#objconv

Thanks for the information, Vortex!

Quote from: fearless on May 28, 2019, 07:35:12 AM

Quote
I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined

I think its a common issue and is (at a guess) probably due to the default settings that break on system breakpoints - in Options->Preferences-Events tab, make sure the System Breakpoint is unchecked, leave Entry and Attach checked

I will test it. Thanks !!!!

The MASM Forum

News:

Author Topic: 64-bit disassemblers (Read 9773 times)

Iznogoode

64-bit disassemblers

felipe

Re: 64-bit disassemblers

felipe

Re: 64-bit disassemblers

fearless

Re: 64-bit disassemblers

LiaoMi

Re: 64-bit disassemblers

LiaoMi

Re: 64-bit disassemblers

Iznogoode

Re: 64-bit disassemblers

Vortex

Re: 64-bit disassemblers

jj2007

Re: 64-bit disassemblers

fearless

Re: 64-bit disassemblers

Iznogoode

Re: 64-bit disassemblers