Disassembling EXE Files Using Libdasm Library

Listen to this Post

GitHub – maximilianfeldthusen/DisasmWinExe: Disassembly of EXE files using the libdasm library.
GitHub Link

You Should Know:

Here are some practical commands and code snippets related to disassembling and analyzing executable files:

1. Installing Libdasm on Linux:

sudo apt-get update
sudo apt-get install libdasm-dev

2. Basic Disassembly with Libdasm in C:

#include <libdasm.h>
#include <stdio.h>
#include <stdlib.h>

int main() {
FILE *file = fopen("example.exe", "rb");
if (!file) {
perror("Failed to open file");
return 1;
}

fseek(file, 0, SEEK_END);
long file_size = ftell(file);
fseek(file, 0, SEEK_SET);

unsigned char *buffer = (unsigned char *)malloc(file_size);
fread(buffer, 1, file_size, file);
fclose(file);

INSTRUCTION inst;
int offset = 0;
while (offset < file_size) {
offset += get_instruction(&inst, buffer + offset, MODE_32);
print_instruction(&inst);
}

free(buffer);
return 0;
}

3. Using objdump for Disassembly:

objdump -d example.exe

4. Analyzing PE Files with PE Tools:

sudo apt-get install pev
pedump example.exe

5. Extracting Sections from an EXE File:

readelf -S example.exe

6. Using Radare2 for Advanced Disassembly:

sudo apt-get install radare2
r2 -A example.exe

7. Disassembling with Ghidra:

8. Extracting Strings from an EXE File:

strings example.exe

9. Using IDA Pro for Disassembly:

  • IDA Pro is a powerful disassembler. Load the EXE file and analyze it interactively.

10. Checking for Dependencies:

ldd example.exe

What Undercode Say:

Disassembling executable files is a critical skill in cybersecurity, especially for reverse engineering and malware analysis. Tools like Libdasm, objdump, and Radare2 provide powerful capabilities to analyze binary files. Understanding the structure of PE files and using disassemblers effectively can help uncover vulnerabilities, analyze malicious software, and understand proprietary software behavior. Always ensure you have the right permissions before disassembling any executable file, as unauthorized analysis can lead to legal consequences. For further learning, explore advanced tools like Ghidra and IDA Pro, and practice on open-source or legally obtained binaries.

References:

Reported By: Maximilianfeldthusen Github – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅Featured Image