5

I am writing program in FASM assembler, and want to see what code is generated after all macro expansions. One usually can disasseble binary with objdump -d, but for binary, generated by fasm, it outputs only following:

$ cat true.fasm
format ELF64 executable
sys_exit = 60
entry $
      mov eax, sys_exit
      xor edi, edi
      syscall
$ fasm true.fasm
$ objdum -d ./true
out/true:     file format elf64-x86-64

What I can do is to load binary into gdb, start it with starti and decode instructions with x/10i $rip, which is sub-optimal. Is there non-interactive command that can do the same?

Improve this question
4
  • 1
    FASM doesn't create ELF section info (so there is no .text section), only program headers that tell the OS how to map it into memory. I don't know a good convenient way to disassemble it, other than treating it like a flat binary and disassembling everything (e.g. ndisasm -b32). Then finding the start of the actual instructions yourself. Commented Oct 20, 2019 at 18:03
  • 1
    You can try using the -D (capital D, disassemble all) option of objdump to see if that works better. Commented Oct 20, 2019 at 20:56
  • -D results in same output: ` file format elf64-x86-64` Commented Oct 22, 2019 at 0:43
  • -D still uses section headers (not segment), it just doesn't restrict to .text. So it still doesn't help for FASM-generated executables. Commented Jan 20 at 15:37

2 Answers 2

Reset to default
4

You can easly using radare2, using pdf command that means disassemble :

% cat test.asm 
format ELF64 executable
sys_exit = 60
entry $
  mov rax, sys_exit
  xor rdi, rdi
  syscall
% ./fasm test.asm
flat assembler  version 1.73.04  (16384 kilobytes memory) 1 passes, 132 bytes.
% file test
test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
% r2 -AA test
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[x] Finding function preludes
[x] Enable constraint types analysis for variables
-- In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
[0x00400078]> pdf
        ;-- segment.LOAD0:
        ;-- rip:
┌ 12: entry0 ();
│           0x00400078      48c7c03c0000.  mov rax, 0x3c               ; '<' ; 60 ; [00] -rwx segment size 12 named LOAD0
│           0x0040007f      4831ff         xor rdi, rdi
└           0x00400082      0f05           syscall
[0x00400078]>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

if you already have gdb on your system, you can easily disassemble the executable as follows:

[hemlo@zero example]$  gdb rodata
GNU gdb (GDB) 15.2
Copyright (C) 2024 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from rodata...
(No debugging symbols found in rodata)
(gdb) starti
Program stopped.
0x00000000004000b0 in ?? ()
(gdb) x/8i $rip
=> 0x4000b0:    mov    $0x1,%eax
   0x4000b5:    mov    $0x1,%edi
   0x4000ba:    mov    $0x4010d1,%rsi
   0x4000c1:    mov    $0x7,%edx
   0x4000c6:    syscall
   0x4000c8:    mov    $0x3c,%eax
   0x4000cd:    xor    %edi,%edi
   0x4000cf:    syscall

the above demo use two gdb command, starti and x, it basically put a breakpoint at the beginning of the instruction and examine the memory address from there (instruction pointer),

the assembly source code (rodata.asm):

format ELF64 executable

SYS_exit    = 60
SYS_write   = 1

STDOUT_FILENO   = 1

_start:
    mov     eax, SYS_write
    mov     edi, STDOUT_FILENO
    mov     rsi, msg
    mov     edx, msg_len
    syscall

    mov     eax, SYS_exit
    xor     edi, edi
    syscall

segment readable 
msg db "hellow", 0xa
msg_len = $-msg
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.