Menu
What is the right architecture to get objdump to disassemble raw x64 code? You would think -m x86-64 should work from reading the help, but it doesn't. I tried with both the cygwin64 version:
$ objdump --version
GNU objdump (GNU Binutils) 2.23.52.20130604
as well as the version in my Fedora 18 x64 install (2.23.51.0.1-3.fc18 20120806) but I only get can't use supplied machine x86-64. Also tried with amd64 and x64 but that didn't work either.
The command is basically objdump -b binary -D -m ??? file
954
The DISASM command attempts to disassemble code from a given start address.
Machine code disassembly routines form a fundamental component of software systems that statically analyze or modify executable programs. The task of disassembly is complicated by indirect jumps and the presence of non- executable data—jump tables, alignment bytes, etc. —in the instruction stream.
Disassembling an ELF-formatted fileUse the --disassemble option to display a disassembled version of the image to stdout . If you use this option with the --output destination option, you can reassemble the output file with armasm. You can use this option to disassemble either an ELF image or an ELF object file.
And as usual writing down the question already gives you some rather good ideas what else to try..
Anyhow the right machine architecture is: i386:x86-64.
The full command is:
objdump -b binary -D -m i386:x86-64 <file>
If you want to disassemble code that expects to be loaded at a specific address, you can add the --adjust-vma <load-address> flag.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With