Author Topic: 64-bit disassemblers  (Read 6118 times)

Iznogoode

  • Guest
64-bit disassemblers
« on: May 28, 2019, 01:04:28 AM »
Hello everyone,
 I am looking for a good 64-bit disassembler (free if possible) to allow me to review some EXE for analysing some programming techniques. I did not manage to download DarkAsm which seems interesting despite its last update dating from 2005.
 I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined.
 I liked the OllyDbg configuration which unfortunately does not exist for 64 bits.
 Thank you for your help !

felipe

  • Member
  • *****
  • Posts: 1367
Re: 64-bit disassemblers
« Reply #1 on: May 28, 2019, 01:12:16 AM »
ida it's the king of dissasemblers. It has a free version which its pretty good (dosen't inlcude the debbuger). Take this free version from here:
https://www.hex-rays.com/products/ida/support/download_freeware.shtml

felipe

  • Member
  • *****
  • Posts: 1367
Re: 64-bit disassemblers
« Reply #2 on: May 28, 2019, 01:22:22 AM »
Have a look to this tweet for some information about that freeware version: https://twitter.com/lennyzeltser/status/959473003770900481

fearless

  • Member
  • ****
  • Posts: 522
    • Github
Re: 64-bit disassemblers
« Reply #3 on: May 28, 2019, 01:24:13 AM »
Came across this recently on github: https://redasm.io/

Quote
REDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework.
 Its core is modular and it can be easily extended in order to support new file formats and instruction sets.
 You can hack and improve REDasm without any issues and limitations.
 
 Runs on Windows and Linux.
fearless

Lian Li PC-O11DW Case, ASUS Crosshair VIII Hero, AMD Ryzen 9 5950X, 32GB DDR4, MSI RX 5700XT, NZXT Kraken Z73, Seasonic 1000W PSU

My Github  Twitter  My Gitbook

LiaoMi

  • Member
  • ****
  • Posts: 925
Re: 64-bit disassemblers
« Reply #4 on: May 28, 2019, 01:51:40 AM »
Download
PEBrowse64 Professional (V.7.0.0). - Last update 05/22/2019.
for Windows 10, Windows 8 and Windows 7 (all versions 64-bit only)
MSI file, 1,597 KB
SHA256: f1dd4bfcd4dc5c3eced44382cbbc8441915cf5460a43a503a84f8f5af2aaa0f0

PEBrowseDbg64 Interactive (V7.0.0). - Last update 05/22/2019.
for Windows 10, Windows 8 and Windows 7 (all versions 64-bit only)
MSI file, 1,814 KB
SHA256: 857f64babbeadbc93ae5111e542d52ac83343f0112cd38b60e8f1228f3347d38

http://www.smidgeonsoft.prohosting.com/


LiaoMi

  • Member
  • ****
  • Posts: 925
Re: 64-bit disassemblers
« Reply #5 on: May 28, 2019, 01:57:50 AM »
The OpenSource Disassembler https://redasm.io


REDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework, its core is modular and it can be easily extended in order to support new file formats and instruction sets.
You can hack and improve REDasm without any issues and limitations.

Source https://github.com/REDasmOrg/REDasm
Bin https://redasm.io/download

Iznogoode

  • Guest
Re: 64-bit disassemblers
« Reply #6 on: May 28, 2019, 03:46:57 AM »
Thank you very much LiaoMi, Fearless and Felipe for your very comprehensive answers.  I will test these disassemblers in the next days and I will keep you informed of my tests.

Vortex

  • Member
  • *****
  • Posts: 2588
Re: 64-bit disassemblers
« Reply #7 on: May 28, 2019, 04:25:41 AM »
Hi Iznogoode,

Object file converter :

Quote
This utility can be used for converting object files between COFF/PE, OMF, ELF and Mach-O formats for all 32-bit and 64-bit x86 platforms. Can modify symbol names in object files. Can build, modify and convert function libraries across platforms. Can dump object files and executable files. Also includes a very good disassembler supporting the SSE4, AVX, AVX2, AVX512, FMA3, FMA4, XOP and Knights Corner instruction sets. Source code included (GPL).

https://www.agner.org/optimize/#objconv

jj2007

  • Member
  • *****
  • Posts: 11588
  • Assembler is fun ;-)
    • MasmBasic
Re: 64-bit disassemblers
« Reply #8 on: May 28, 2019, 06:41:51 AM »
I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined.
 I liked the OllyDbg configuration which unfortunately does not exist for 64 bits.

Hi, I am surprised that you write that, because X64Dbg has shamelessly copied the OllyDbg interface:


fearless

  • Member
  • ****
  • Posts: 522
    • Github
Re: 64-bit disassemblers
« Reply #9 on: May 28, 2019, 07:35:12 AM »
Quote
I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined

I think its a common issue and is (at a guess) probably due to the default settings that break on system breakpoints - in Options->Preferences-Events tab, make sure the System Breakpoint is unchecked, leave Entry and Attach checked
fearless

Lian Li PC-O11DW Case, ASUS Crosshair VIII Hero, AMD Ryzen 9 5950X, 32GB DDR4, MSI RX 5700XT, NZXT Kraken Z73, Seasonic 1000W PSU

My Github  Twitter  My Gitbook

Iznogoode

  • Guest
Re: 64-bit disassemblers
« Reply #10 on: May 30, 2019, 06:24:25 PM »
...
Hi, I am surprised that you write that, because X64Dbg has shamelessly copied the OllyDbg interface:
...
Sorry, jj2007, I said that the x64dbg disassembled code seemed to me inconsistent, unlike what OllyDbg does in 32-bit disassembling.
French is my native language and I understand English as much as a Spanish cow... (Many thanks to Google Translate)  :greenclp:

Hi Iznogoode,

Object file converter :

Quote
This utility can be used for converting object files between COFF/PE, OMF, ELF and Mach-O formats for all 32-bit and 64-bit x86 platforms...

https://www.agner.org/optimize/#objconv
Thanks for the information, Vortex!


Quote
I tried to use X64dbg but I did not understand the display of the code that does not look much like that of the program being examined

I think its a common issue and is (at a guess) probably due to the default settings that break on system breakpoints - in Options->Preferences-Events tab, make sure the System Breakpoint is unchecked, leave Entry and Attach checked
I will test it. Thanks !!!!