Is there a disassembler included with HP-UX? Added: 01/23/03
First off, if you have the source code for the program, the best way to
produce assembly code is to use cc's -S option, which writes out the
assembly language code into a file with a .s extension.
Now, as for disassembling a binary...
The dis command is possibly the only XPG4 command that is not included
with HP-UX.
If you simply wish to disassemble a function in a program, gdb can do
this. If you don't have it in /opt/langtools/bin already, get it from
<http://www.hp.com/go/wdb>. For a given executable, if you know the name
of a function:
$ gdb <name of executable>
(gdb) disassem <name of function>
... disassembly produced ...
If you wish to decode machine codes yourself, I asked this question a
little earlier in the week: the solution I opted for was to fork off an
"adb" process and use that to disassemble. I only wanted to decode a
single instruction so that is what my code does. It should be reasonably
easy to send more than one command before closing the adb session if
that's what you need, although I'm not sure how practical this is for
large scale disassembly; Dave's suggestion of investigating the gdb
source may be better in this instance. It also lacks any support for
helpful annotations and symbolic names some disassemblers can add to aid
understanding.
I've included my function for your information; I make no guarantees
about its correctness or that it makes sufficient checks for errors:
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <ctype.h>
const char *ProcInfo::disassemble(long long unsigned int mc) {
static char result[200];
// First create a couple of pipes for the new I and O, and fork the
// process.
int fildes_in[2], fildes_out[2];
pid_t pid;
fildes_in[0] = fildes_in[1] = fildes_out[0] = fildes_out[1] = -1;
bool fail = true;
if (pipe(fildes_in) == 0 && pipe(fildes_out) == 0) {
switch (pid = fork()) {
case 0:
{
// I'm the child, I have to setup the pipes to be stdin,
// and stdout and then start adb.
close(0); dup(fildes_in[0]); close(fildes_in[1]);
close(1); dup(fildes_out[1]); close(fildes_out[0]);
execlp("adb", NULL);
// If the exec returns, we've failed. Just report the
// error to the parent and exit.
perror("adb");
exit(1);
}
default:
{
// I'm the parent, I'll just close the appropriate sides
// of the pipe and send the request and expect an answer.
// I'd rather not block on the write, but if it does I'm
// not going to check.
close(fildes_in[0]);
close(fildes_out[1]);
char command[20];
sprintf(command, "0x%X=i\n", mc);
write(fildes_in[1], command, strlen(command));
int readlen = read(fildes_out[0], result, sizeof(result)
- 1);
result[readlen] = '\0';
if (readlen == 0) {
strcpy(result, "No translation");
}
// We've got an answer, let's bin the pipes and let 'adb'
// tidy up for itself.
close(fildes_in[1]);
close(fildes_out[0]);
fail = false;
}
case -1:
{
// Just drop out since the fork() call failed.
break;
}
}
}
if (fail) {
// We've failed... let's return an error and clean up.
strcpy(result, strerror(errno));
close(fildes_in[0]);
close(fildes_in[1]);
close(fildes_out[0]);
close(fildes_out[1]);
}
// Now reformat the result to get rid of any excess space.
int len = strlen(result);
bool need_space = false;
for (int s = 0, d = 0; s != len && result[s] != '\n'; s++) {
if (isspace(result[s])) {
need_space = true;
} else {
if (need_space && d != 0) {
result[d++] = ' ';
}
result[d++] = result[s];
need_space = false;
}
}
result[d] = '\0';
return result;
}
There are a couple 3rd-party PA-RISC disassemblers available:
o Allegro's AVATAR Disassembler (~$2000):
A disassembler/patcher/code-explorer for PA-RISC based HP-UX systems,
by Allegro Consultants, Inc. See:
+ <http://www.allegro.com/products/hp9000/avatar.hpux.info.html>
o DataRescue's IDA Pro HP-PA RISC Disassembler (~$495):
IDA Pro is a Multi-Processor Interactive DisAssembler that combines a
powerful automatic analysis engine with your interactivity to achieve
outstanding reverse engineering results. See:
+ <http://www.datarescue.com/idabase/idahp-pa.htm>
If you are looking to decompile PA-RISC assembly code to C or some other
high-level language, it can not easily be done, especially via an
automated process. The problem is that with optimizing compilers, a
given output of the compiler has an infinite (or thereabouts ;) number of
possible source programs. The fact is, that a decompiler can produce
perfectly valid C code, that makes barely any sense to normal humans.
Source Recovery has recently released a HP-UX C/C++ SOM decompiler called
DOC C/C++! SOM is the file format of 32-bit PA-RISC executables. For
more information, see:
o <http://www.sourcerecovery.com/abstract.htm>
Or if you want to take a shot at doing it manually, you should look over
the following web sites:
o PA-RISC Resources:
+
<http://h21007.www2.hp.com/dspp/tech/tech_TechTypeListingPage_IDX/1,1704,10403,00.html>
o HP Assembler Reference Manual, 9th Edition - 06/98:
+ <http://docs.hp.com/hpux/onlinedocs/92432-90012/92432-90012.html>
o The Decompilation Page:
+
<http://www.program-transformation.org/twiki/bin/view/Transform/DeCompilation>
o fravia's pages of reverse engineering:
+ <http://www.instinct.org/fravia/>
------------------------------
7. APPS AND UTILS
| Home | FAQ |
XML Feeds