Issue
I got a small byte-string, with a hex-representation like:
6631C08A2500000000
Is there a disassembler, which accepts opcodes as a direct input parameter, without the need of a compiled file?
e.g.:
$ disassembler -directOpcode 6631C08A2500000000
0: 66 31 c0 xor ax,ax
3: 8a 25 00 00 00 00 mov ah,BYTE PTR ds:0x0
Solution
Because of Peter's helpful comment I found a solution utilizing python2 and some shell pipes:
$ python -c "print '6631C08A2500000000'.decode('hex')" | head -c -1 | ndisasm -b32 -
00000000 6631C0 xor ax,ax
00000003 8A2500000000 mov ah,[dword 0x0]
I used head -c -1
to get rid of the trailing newline char, otherwise I get:
00000000 6631C0 xor ax,ax
00000003 8A2500000000 mov ah,[dword 0x0]
00000009 0A db 0x0a
Answered By - Don Question Answer Checked By - Terry (WPSolving Volunteer)