Hello,
I just stumbled across the following problem: I do not own an AMD64 (or
iA64) machine on one site, but I want to inspect the assembler code the
compiler generates for it.
Thus, I hoped I could load the code in WinDBG and have a look at it.
Unfortunately, WinDBG refuses to load the code as it thinks I want to
execute it (which would be correct in most cases. ;))
Now, I ask myself if there is an option to disassemble the code on a
“foreign” processor type? Is this possible with WinDBG (or any other
tools)?
Thanks for reading,
Spiro.
–
Spiro R. Trikaliotis xxxxx@trikaliotis.net
University of Magdeburg http://www.trikaliotis.net/
IVS.EUK, P.O.Box 4120 Phone: +49-391-67-12566
39016 Magdeburg, Germany Fax: +49-391-67-11161
Check IDA Pro, which is a comprehensive disassembler product; I believe
you can download an eval version (if this is a one-off problem).
http://www.datarescue.com/idabase/
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Spiro Trikaliotis
Sent: Sunday, October 23, 2005 9:18 AM
To: Kernel Debugging Interest List
Subject: [windbg] Disassembling sources for “other” processor type
Hello,
I just stumbled across the following problem: I do not own an AMD64 (or
iA64) machine on one site, but I want to inspect the assembler code the
compiler generates for it.
Thus, I hoped I could load the code in WinDBG and have a look at it.
Unfortunately, WinDBG refuses to load the code as it thinks I want to
execute it (which would be correct in most cases. ;))
Now, I ask myself if there is an option to disassemble the code on a
“foreign” processor type? Is this possible with WinDBG (or any other
tools)?
Thanks for reading,
Spiro.
–
Spiro R. Trikaliotis xxxxx@trikaliotis.net
University of Magdeburg http://www.trikaliotis.net/
IVS.EUK, P.O.Box 4120 Phone: +49-391-67-12566
39016 Magdeburg, Germany Fax: +49-391-67-11161
You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
You can use the -z flag to open the binary as a dump file. For
instance, if I wanted to unassembled a function of a compiled driver, I
would so the following
Windbg -z mydriver.sys -y srv*
u mydriver!DriverEntry
I tested this on an exe and it works just fine. I also tested this by
loading an amd64 exe on a 32 bit client and it appeared to work as well.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Spiro
Trikaliotis
Sent: Sunday, October 23, 2005 6:18 AM
To: Kernel Debugging Interest List
Subject: [windbg] Disassembling sources for “other” processor type
Hello,
I just stumbled across the following problem: I do not own an AMD64 (or
iA64) machine on one site, but I want to inspect the assembler code the
compiler generates for it.
Thus, I hoped I could load the code in WinDBG and have a look at it.
Unfortunately, WinDBG refuses to load the code as it thinks I want to
execute it (which would be correct in most cases. ;))
Now, I ask myself if there is an option to disassemble the code on a
“foreign” processor type? Is this possible with WinDBG (or any other
tools)?
Thanks for reading,
Spiro.
–
Spiro R. Trikaliotis xxxxx@trikaliotis.net
University of Magdeburg http://www.trikaliotis.net/
IVS.EUK, P.O.Box 4120 Phone: +49-391-67-12566
39016 Magdeburg, Germany Fax: +49-391-67-11161
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hello Doron,
* On Sun, Oct 23, 2005 at 12:24:33PM -0700 Doron Holan wrote:
You can use the -z flag to open the binary as a dump file.
Thank you, this works like a charm!
To Tony: Thanks, yes, I already knew about IDA. Anyway, it seemed to be
much of an “overkill” to me to get and use something like IDA just for
disassembling, especially since WinDBG already has a debugger.
Regards,
Spiro.
–
Spiro R. Trikaliotis xxxxx@trikaliotis.net
University of Magdeburg http://www.trikaliotis.net/
IVS.EUK, P.O.Box 4120 Phone: +49-391-67-12566
39016 Magdeburg, Germany Fax: +49-391-67-11161