Getting complete disassembly of an executable binary

Question

Is it possible to get a complete disassembly (which can act as input to an assembler) of an executable?

When I use otool -tV a.out I get to see only the text section. Other sections like data aren't visible.

When I use gdb, the disassemble command requires a start and an end address. However I do not know how to find out the start and the end address of a binary (say a.out).

I'm trying to disassemble an executable, tinker with the assembly code and then reassemble it. Is that possible?

It'd also help if one can find out the names of all the sections in a binary.

Answer 1

You can use the Hopper Disassembler

quote:

Hopper is a reverse engineering tool for the Mac, that lets you disassemble, decompile and debug your 32/64bits Intel Mac executables.

It costs $59, but you can download a demo to check if it gets the job done first.

EDIT

It seems you can achieve this with otool as well, according to the manual.

.B -d Display the contents of the (_^_DATA,_^_data) section.

Also have a look at this short blog post (archive link, original is gone) that describes the mentioned use of otool, and how you can use objdump as mentioned by @Sjlver.

Answer 2

On linux, you can try to use objdump -D myprog

Note that this will work only if the program does not contain irregular control flow. Especially malware is often obfuscated, e.g. by inserting spurious bytes that are then jumped over.

If you're targeting this kind of programs, I've heard that one of the best products to use is IDA pro.

Answer 3

On Mac, you can install (possibly by homebrew) binutils that includes gobjdump. You can disassemble any binary program once installed. It's open and free.

Answer 4

Try using this command, i remember using it sometime back:

otool -tvV a.out