Quoteobjdump is a command-line program for displaying various information about object files on Unix-like operating systems. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executables and other binary data. objdump uses the BFD library to read the contents of object files. Similar utilities are Borland TDUMP, Microsoft DUMPBIN and readelf.
Note that on certain platforms (e.g. Mac OS X), the objdump binary may actually be a link to llvm's objdump, with different command-line options and behavior.
https://en.wikipedia.org/wiki/Objdump
On Windows, objdump comes with the MinGW installation.
A quick example :
; uCase based on \masm32\m32lib\szupper.asm
.386
.model flat,stdcall
option casemap :none
.code
OPTION PROLOGUE:NONE
OPTION EPILOGUE:NONE
uCase PROC USES ebx string:DWORD
push ebx
mov eax,DWORD PTR [esp+8]
mov ebx,1
sub eax,ebx
@@:
add eax,ebx
cmp BYTE PTR [eax],bh
je @f
cmp BYTE PTR [eax],97
jb @b
cmp BYTE PTR [eax],122
ja @b
sub BYTE PTR [eax],32
jmp @b
@@:
mov eax,DWORD PTR [esp+4]
pop ebx
ret 4
uCase ENDP
OPTION PROLOGUE:PrologueDef
OPTION EPILOGUE:EpilogueDef
END
\masm32\bin\ml /c /coff uCase.asm
REM Extract the code section from the MS COFF object module :
C:\MinGW\bin\objcopy --dump-section .text=uCase.bin uCase.obj
REM Disassemble the binary file
C:\mingw\bin\objdump -D -Mintel,i386 -b binary -m i386 uCase.bin > uCase-Disasm.txt
uCase-Disasm.txt :
uCase.bin: file format binary
Disassembly of section .data:
00000000 <.data>:
0: 53 push ebx
1: 8b 44 24 08 mov eax,DWORD PTR [esp+0x8]
5: bb 01 00 00 00 mov ebx,0x1
a: 2b c3 sub eax,ebx
c: 03 c3 add eax,ebx
e: 38 38 cmp BYTE PTR [eax],bh
10: 74 0f je 0x21
12: 80 38 61 cmp BYTE PTR [eax],0x61
15: 72 f5 jb 0xc
17: 80 38 7a cmp BYTE PTR [eax],0x7a
1a: 77 f0 ja 0xc
1c: 80 28 20 sub BYTE PTR [eax],0x20
1f: eb eb jmp 0xc
21: 8b 44 24 04 mov eax,DWORD PTR [esp+0x4]
25: 5b pop ebx
26: c2 04 00 ret 0x4
Good work.
In the binutils package there is the nm utility used to list symbols. Usually the preceding uppercase letter T says it is an internal procedure, the letter U an external function, ... . It is useful to find the names of the functions to be disassembled. Useful when we have an ambiguous variable, I mean, a global variable with the same name as a function.