试图组建一个反汇编器的输出（如objdump的） [英] Trying to assemble the output of an disassembler (such as objdump)

问题描述

可能重复：结果
  <一href=\"http://stackoverflow.com/questions/4309771/disassembling-modifying-and-then-reassembling-a-linux-executable\">Disassembling,修改和重新组装，然后在Linux可执行

我已经告诉组装和dissassembly不逆。显然，你不能dissassemble程序，直接把那个输出到一个汇编程序，并期望因为信息丢失它才能正常工作。

I've been told that assembly and dissassembly are not inverses. Apparently, you can't dissassemble a program, put that output directly into an assembler, and expect it to run correctly because information is lost.

我的问题是，为什么信息失去了什么？此外，什么信息会丢失？

My question is, why is information lost? Also, what information is lost?

推荐答案

一个重要的事情，反汇编（或它们的用户）通常没有preserve是指令编码。有些指令可以连接多种不同的方式codeD，例如：

One important thing that disassemblers (or their users) routinely do not preserve is the instruction encoding. Some instructions can be encoded in multiple different ways, e.g.:

MOV RDX，-1 是48，BA，FF，FF，FF，FF，FF，FF，FF，FF（10字节）或48，C7 ，C2，FF，FF，FF，FF（7字节）。

mov rdx, -1 is either 48,BA,FF,FF,FF,FF,FF,FF,FF,FF (10 bytes) or 48,C7,C2,FF,FF,FF,FF (7 bytes).

如果该程序的其余部分以某种方式在功能上取决于上述指令是长度正好是10（或7）个字节或这些特定字节值和汇编选择组装 MOV RDX，-1 不同于它在原来的程序，然后拆卸后装配+你得到一个不同的方案，将工作方式不同。编码汇编器必须使用不指令助记符不明确的指令（ MOV RDX，-1 ），但原计划的拆装（其确切的编码如48，BA， FF，FF，FF，FF，FF，FF，FF，FF）。

If the rest of the program somehow functionally depends on the length of the above instruction being exactly 10 (or 7) bytes or on those specific byte values and the assembler chooses to assemble mov rdx, -1 differently from what it was in the original program, then after disassembly+assembly you get a different program that will work differently. For instructions with ambiguous encoding the assembler must use not the instruction mnemonic (mov rdx, -1) but its exact encoding in the disassembly of the original program (e.g. 48,BA,FF,FF,FF,FF,FF,FF,FF,FF).

有可能是其他的东西，汇编器或连接器可以做不同（例如做code /数据，姓名和秩序的东西附加对齐（段/段）的输出文件不同），这通常不是出了问题，但同样，如果是在这些事情上在原计划一些不寻常的依赖关系，那么，重组的方案将有不同的工作。

There may be other things that the assembler or linker may do differently (e.g. do additional aligning of code/data, name and order things (sections/segments) differently in the output file), which usually aren't a problem, but, again, if there're some unusual dependencies on these things in the original program, then, the reassembled program will work differently.

这篇关于试图组建一个反汇编器的输出（如objdump的）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！