You are hereProducts / DisAsm
DisAsm
Download Now
DisAsm for Windows. It's not IDA or HIEW, it's not meant to be. But for an 'objdump -d' like, minimum fuss tool that can disassemble the three most common architectures plus a bit more besides, and is completely independent of Visual Studio to boot, it's a perfectly acceptable tool.
Usage
Usage: disasm module [Function] [options]
Where module is a Windows PE File (exe, dll, ocx, sys, scr, etc)
[Function] is an optional argument specifying a single function to show the disassembly of. If you don't provide a function name, the contents of all PE sections marked as code or executable is shown.
[options] are optional and modify the disassembly output -b Adds the raw code bytes alongside the instruction that it makes up -l Adds the line number of the source file alongside the assembly (requires private symbols) -f Adds the file name of the source file alongside the assembly (requires private symbols)
There is no separate option for file output. All output is via stdout, so redirect that if you need a file.
Sample Output
Even though disasm is only a 32-bit program, it can handle disassembling 64-bit code with no problems.
F:\Projects\Disassembler\Release>disasm failwailx64.dll WinLib::StrSafeTraits^<char^>::VariadicPrint failwailx64!WinLib::StrSafeTraits<char>::VariadicPrint: 00000000`00301920 mov qword ptr [rsp+18h],r8 00000000`00301925 mov qword ptr [rsp+20h],r9 00000000`0030192a sub rsp,28h 00000000`0030192e lea r9,[rsp+48h] 00000000`00301933 movsxd rdx,edx 00000000`00301936 call failwailx64!RtlStringCchVPrintfA (00000000`00301820) 00000000`0030193b add rsp,28h 00000000`0030193f ret
Here's the output of the tool when fed the x86 host.exe file included in the download, with the show code bytes option:
F:\Projects\Disassembler\Release>disasm host.exe -b host!EntryPoint: 00021000 ff1500204000 call dword ptr [host_400000!_imp__DebugBreak (00402000)] 00021006 33c0 xor eax,eax 00021008 c3 ret
Download
The download contains binaries only. DisAsm.exe is the main program, host.exe is used internally by the program and dbgeng to facilitate the disassembly, it does nothing by itself. The other dll's are updated versions of the built-in Debugging Tools for Windows modules.
XP SP2 is the lowest supported system. This is due to XP SP0/1 having a bug in WriteProcessMemory which makes it only work with executable memory, which DisAsm doesn't use.
Download Now
Size: 1.82 MB
MD5: 50cb01eb94996a4053acd0099efea6ff
SHA1: e48f3408c0ec3853ac7af2aa14abf1a21bf8c7a6
CRC32: 8c6be028