Disassembler for Linux capable of disassembling old DOS .COM/.EXE files

Question

My first question here, hopefully I'm not doing it wrong.

My problem is that I have a certain old DOS program which has quite much hacked the file format to the extreme to save space. (Yes, it's a demoscene prod for those who know.)

Objdump doesn't want to help me with it; quick Googling yielded no real results for the problem and the manpage doesn't seem too generous in this regard either.

There are others yes, like lida. However, for some reason I couldn't get lida to work; I believe there are alternatives.

Anyone have any experience of disassembling DOS executables on Linux? Or should I just try some DOS based disassembler and run it on Dosemu?

Answer 1

IDA is the best disassembler, and there is also linux version. It's better than a simple dissasembler because it's interactive.

Also, if you want to see nice "hand made" assembly, the best place to look are old viruses. And not the binaries, but sources, because they are commented. You can try Netlux for that.

Answer 2

ndisasm comes with NASM, the netwide assembler. It is pretty versatile, including the ability to disassemble raw streams of bytes (since you mentioned COM files) and also a few object file formats. Strictly speaking I think it's also possible to disassemble raw streams of bytes with some objdump option, but I don't remember how that goes.

However self-modifying code can make this rather tricky. Looking at a stream of bytes, it's hard to predict what the final instructions executed might be if the program will modify itself, a common space-saving trick in the DOS era. You mentioned booting into DOS, which gives me some interesting ideas: Perhaps you could step through it using a DOS debugger, or run DOS under qemu and use its debugging options (some of which include dumping assembly output and register state during execution).