Menu
I'd like to disassemble the MBR (first 512 bytes) of a bootable x86 disk that I have. I have copied the MBR to a file using
dd if=/dev/my-device of=mbr bs=512 count=1
Any suggestions for a Linux utility that can disassemble the file mbr?
457
You can use objdump. According to this article the syntax is:
objdump -D -b binary -mi386 -Maddr16,data16 mbr The GNU tool is called objdump, for example:
objdump -D -b binary -m i8086 <file> I like ndisasm for this purpose. It comes with the NASM assembler, which is free and open source and included in the package repositories of most linux distros.
39
ndisasm -b16 -o7c00h -a -s7c3eh mbr
Explanation - from ndisasm manpage
-b = Specifies 16-, 32- or 64-bit mode. The default is 16-bit mode.-o = Specifies the notional load address for the file. This option causes ndisasm to get the addresses it lists down the left hand margin, and the target addresses of PC-relative jumps and calls, right.-a = Enables automatic (or intelligent) sync mode, in which ndisasm will attempt to guess where synchronisation should be performed, by means of examining the target addresses of the relative jumps and calls it disassembles.-s = Manually specifies a synchronisation address, such that ndisasm will not output any machine instruction which encompasses bytes on both sides of the address. Hence the instruction which starts at that address will be correctly disassembled.mbr = The file to be disassembled.
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
