偶然间发现 Win7 64位并不提供debug.exe工具,这给反汇编机器码带来一些困难(特别是公司只容许安装正版软件)。在网上搜索发现一个很好用的反汇编引擎 BeaEngine。利用这个引擎编写了一个简单的命令行工具用来实现机器码到汇编指令的转换。
第一步:给定反汇编默认的地址,这对于跳转指令特别重要.按"u"之后输入地址;如果不需要,直接回车即可
第二步:输入欲编译的机器码,回车后即开始转换为汇编指令
特别情况:
1.有可能出现无法识别的指令
2.0x0087 和 0x87 0x00 这样的机器码是等价的,但是0x87 并不等于 0x0087。
3.默认的反编译指令集是32位的,通过修改源程序可以变成8086或者x64的
This is a utility which can covert machine code to assemble code (disassemble). It is based on a disassemble engine which named BeaEngine.
Both source code and executable files are in the package. You can rebuild it with Delphi10.
step1:input a virtual EIP which will be set as the beginning address of the assemble code
step2:input the machine code in Hex. It will be transferred to assemble code after pressing Enter
Note:
1. Some hex number may not be recognized
2. The number '00' is meaningful as the prefix of a Hex. Ex. 0x0087 will be recognized as 0x87 and 0x00. It's different with 0x87.
3. Default instruction is 32 Bits. It can be switched to 8086 or x64 by modifying and rebuilding the source code.