Reverse Engineering Roadmap

General Tools Used for Disassembly

Written by

admin

in

Disassembling is the process of converting binary executable code into assembly language. It’s often used for reverse engineering, debugging, security auditing, and malware analysis. Below is a detailed guide on how to disassemble executables on different platforms.

GENERAL TOOLS USED FOR DISASSEMBLY

ToolDescription
IDA Pro / FreeInteractive disassembler (Windows/Linux/macOS)
GhidraNSA’s reverse engineering suite (cross-platform)
Radare2 / CutterOpen-source framework with GUI (Cutter)
objdumpGNU binary utilities (Linux/macOS)
HopperGUI disassembler (macOS/Linux)
Binary NinjaCommercial, scripting-friendly disassembler
Jadx / Bytecode ViewerJava/Android decompilation tools

HOW TO DISASSEMBLE A WINDOWS .exe FILE

Tools:

  • IDA Free / IDA Pro
  • Ghidra
  • x64dbg (for debugging)
  • objdump (via MinGW or WSL)
  • PEiD / Detect It Easy (for checking packers)

Steps:

  1. Identify Architecture:
    • Use PE-bear, die.exe, or file.exe (in Git Bash or WSL) to check if it’s 32-bit or 64-bit.
  2. Disassemble with IDA:
    • Load the .exe in IDA.
    • It auto-detects 32-bit vs 64-bit and shows disassembly.
    • Can analyze code/data segments, imports/exports, functions.
  3. Alternative: Ghidra:
    • Import .exe, select correct language (x86 or x86_64).
    • Let it analyze and decompile.
    • Provides both assembly and C-like decompiled view.
  4. With objdump:
objdump -d somefile.exe > disassembly.txt

HOW TO DISASSEMBLE A LINUX EXECUTABLE

Tools:

  • objdump (binutils)
  • gdb (debugger)
  • radare2 / Cutter
  • Ghidra
  • IDA Free

Check Architecture:

file ./binaryfile

Disassemble with objdump:

  • For 32-bit:
objdump -m i386 -D ./binaryfile > disasm.txt
  • For 64-bit:
objdump -m i386:x86-64 -D ./binaryfile > disasm.txt

With radare2:

r2 -A ./binaryfile
# then inside r2 shell:
> pdf @ main    # disassemble function at 'main'

HOW TO DISASSEMBLE A MAC OS EXECUTABLE

Tools:

  • otool (Apple’s equivalent of objdump)
  • Hopper Disassembler
  • Ghidra
  • IDA
  • Radare2

Check Binary Type:

file ./MyApp

Use otool:

otool -tV ./MyApp > disasm.txt # Disassemble text section

With Hopper:

  • Load binary, choose architecture.
  • View disassembled or decompiled output.

Universal Binaries (Fat Binaries):

lipo -info ./MyApp
# Strip out individual arch:
lipo -thin x86_64 ./MyApp -output MyApp64

HOW TO DISASSEMBLE AN ANDROID APPLICATION (.apk)

APK = Zipped Java/Kotlin + Native code (if any)

Tools:

  • Jadx – decompile .dex to Java.
  • apktool – disassemble Smali code.
  • Ghidra – for native .so libraries inside APK.
  • Frida – dynamic analysis.

Steps:

  1. Unpack APK:
unzip app.apk -d unpacked_apk/
  1. Convert DEX to Smali (Disassemble):
apktool d app.apk
# Look inside smali/ directory
  1. Decompile to Java (Optional):
jadx-gui app.apk
  1. Disassemble Native .so files:
objdump -D lib/armeabi-v7a/libnative.so > native_disasm.txt

HOW TO DISASSEMBLE A .JAR (Java Application)

Tools:

  • JD-GUI – GUI decompiler.
  • Jadx
  • CFR, Fernflower, Procyon – Java decompilers.
  • javap – disassembler built into JDK.

Steps:

  1. List classes:
jar tf app.jar
  1. Disassemble with javap:
javap -c -p com/example/MyClass.class
  1. Decompile to Java (Optional):
  • Open in JD-GUI or Jadx for readable Java code.
  • Use: 
cfr MyClass.class > MyClass.java

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts