Hello everyone,
I am looking for a good 64-bit disassembler (free if possible) to allow me to review some EXE for analysing some programming techniques. I did not manage to download DarkAsm which seems interesting despite its last update dating from 2005.
I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined.
I liked the OllyDbg configuration which unfortunately does not exist for 64 bits.
Thank you for your help !
ida it's the king of dissasemblers. It has a free version which its pretty good (dosen't inlcude the debbuger). Take this free version from here:
https://www.hex-rays.com/products/ida/support/download_freeware.shtml (https://www.hex-rays.com/products/ida/support/download_freeware.shtml)
Have a look to this tweet for some information about that freeware version: https://twitter.com/lennyzeltser/status/959473003770900481 (https://twitter.com/lennyzeltser/status/959473003770900481)
Came across this recently on github: https://redasm.io/
QuoteREDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework.
Its core is modular and it can be easily extended in order to support new file formats and instruction sets.
You can hack and improve REDasm without any issues and limitations.
Runs on Windows and Linux.
Download
PEBrowse64 Professional (V.7.0.0). - Last update 05/22/2019.
for Windows 10, Windows 8 and Windows 7 (all versions 64-bit only)
MSI file, 1,597 KB
SHA256: f1dd4bfcd4dc5c3eced44382cbbc8441915cf5460a43a503a84f8f5af2aaa0f0
PEBrowseDbg64 Interactive (V7.0.0). - Last update 05/22/2019.
for Windows 10, Windows 8 and Windows 7 (all versions 64-bit only)
MSI file, 1,814 KB
SHA256: 857f64babbeadbc93ae5111e542d52ac83343f0112cd38b60e8f1228f3347d38
http://www.smidgeonsoft.prohosting.com/ (http://www.smidgeonsoft.prohosting.com/)
The OpenSource Disassembler https://redasm.io (https://redasm.io)
(https://redasm.io/static/assets/carousel/2.png)
REDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework, its core is modular and it can be easily extended in order to support new file formats and instruction sets.
You can hack and improve REDasm without any issues and limitations.
Source https://github.com/REDasmOrg/REDasm (https://github.com/REDasmOrg/REDasm)
Bin https://redasm.io/download (https://redasm.io/download)
Thank you very much LiaoMi, Fearless and Felipe for your very comprehensive answers. I will test these disassemblers in the next days and I will keep you informed of my tests.
Hi Iznogoode,
Object file converter :
QuoteThis utility can be used for converting object files between COFF/PE, OMF, ELF and Mach-O formats for all 32-bit and 64-bit x86 platforms. Can modify symbol names in object files. Can build, modify and convert function libraries across platforms. Can dump object files and executable files. Also includes a very good disassembler supporting the SSE4, AVX, AVX2, AVX512, FMA3, FMA4, XOP and Knights Corner instruction sets. Source code included (GPL).
https://www.agner.org/optimize/#objconv (https://www.agner.org/optimize/#objconv)
Quote from: Iznogoode on May 28, 2019, 01:04:28 AMI tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined.
I liked the OllyDbg configuration which unfortunately does not exist for 64 bits.
Hi, I am surprised that you write that, because X64Dbg has shamelessly copied the OllyDbg interface:
(http://www.jj2007.eu/images/X64_vs_Olly.png)
QuoteI tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined
I think its a common issue and is (at a guess) probably due to the default settings that break on system breakpoints - in Options->Preferences-Events tab, make sure the System Breakpoint is unchecked, leave Entry and Attach checked
Quote from: jj2007 on May 28, 2019, 06:41:51 AM
...
Hi, I am surprised that you write that, because X64Dbg has shamelessly copied the OllyDbg interface:
...
Sorry, jj2007, I said that the x64dbg disassembled code seemed to me inconsistent, unlike what OllyDbg does in 32-bit disassembling.
French is my native language and I understand English as much as a Spanish cow... (Many thanks to Google Translate) :greenclp:
Quote from: Vortex on May 28, 2019, 04:25:41 AM
Hi Iznogoode,
Object file converter :
QuoteThis utility can be used for converting object files between COFF/PE, OMF, ELF and Mach-O formats for all 32-bit and 64-bit x86 platforms...
https://www.agner.org/optimize/#objconv
Thanks for the information, Vortex!
Quote from: fearless on May 28, 2019, 07:35:12 AM
QuoteI tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined
I think its a common issue and is (at a guess) probably due to the default settings that break on system breakpoints - in Options->Preferences-Events tab, make sure the System Breakpoint is unchecked, leave Entry and Attach checked
I will test it. Thanks !!!!
Quote from: Iznogoode on May 28, 2019, 01:04:28 AMI liked the OllyDbg configuration which unfortunately does not exist for 64 bits.
It exists - https://www.ollydbg.de/odbg64.html (https://www.ollydbg.de/odbg64.html)
alfa version is over here: https://www.ollydbg.de/odbg64.zip (https://www.ollydbg.de/odbg64.zip)
Quote from: greenozon on January 23, 2024, 07:47:46 PMalfa version is over here
Looks good, actually, but where are the symbols?
Cheat Engine. Very useful for modding and easy to use.
x64DBG is terrible. It often refuses to run and the step buttons won't work. It seems to end up reading random windows .dlls with segment registers appearing everywhere. Just awful.